Cyber Security Engineer Iii - Certified

Task Order Number
01122022
Task Order Name
Contract to Hire Information Security Engineer III - Certified position
Category
4 - Computer Systems Security Services
Job Classification
CYBER SECURITY ENGINEER III - CERTIFIED
Class Code - 001268
PURPOSE
Under minimal supervision, architects, installs, configures, operates, implements, and maintains information security systems and operational processes. Manages CYBER SECURITY incident response, vulnerability assessment, CYBER SECURITY training, and Managed Security Services Programs; and performs related duties as assigned.
ESSENTIAL FUNCTIONS

• Acts as compliance subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs

Security Operations

• Oversees the daily operations of the Managed Security Services Program (MSSP) and vendor relationship, and Security Information and Event Management (SIEM) platforms
• Leads and/or participates in the definition, identification, evaluation, and selection of security technologies, techniques, and tools, manages relationships, and negotiates with vendors, outsourcers, and contractors to obtain security-related services and products
• Leads the Cyber Security Incident Response technical team and maintains awareness of security and privacy legislation, regulations, advisories, alerts, and vulnerabilities that apply to the City and its mission and makes recommendations for changes or enhancements
• Conducts annual audits and updates the Cyber Security Incident Response Plan Technical Handling Guides
• Acts as a security operations subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs and provides escalation support for non-routine security anomalies and incidents

Risk and Compliance

• Manages the City's technical compliance programs for Nevada Revised Statutes (NRS), Payment Card Industry (PCI-DSS), Criminal Justice Information Services (CJIS) Policy, and the Health Insurance Portability and Accountability Act (HIPAA) as well as the CYBER SECURITY training program, including executive reporting
• Manages vulnerability assessments program to identify security architectural, policy, and procedural gaps as they relate to operational security and risk and makes recommendations to mitigate overall risk
• Responsible for the development and maintenance of security policies, procedures, and guidelines as they relate to compliance, operations, and security best practices
• Manages and coordinates the City's technical compliance programs; manages the responses to requests for legal holds, public records requests, and confidential investigations

Job Classification (cont) MINIMUM QUALIFICATIONS

• Bachelor's Degree from an accredited college or university in Computer Science, Information Technology, Information Security, or a related field
• Five (5) years of experience in Cyber Security with an emphasis in analysis and incident response which includes:
  • Three (3) years of experience providing information security services in a highly regulated environment such as payment card industry, law enforcement or healthcare (PCI-DSS, CJIS, HIPAA); or
  • Three (3) years of experience supervising, developing, and supporting information security programs
• Note: An equivalent combination of related training and experience may be considered
• Must possess a current (ISC) 2 Certified Information Systems Security Professional (CISSP) certification at time of hire
• Must possess or obtain within six (6) months of hire the Payment Card Industry (PCI) Internal Security Assessor (ISA) certification OR the GIAC - Certified Incident Handler (GCIH) certification
• Must possess or obtain within two (2) years of hire at least three (3) of the below certifications and maintain them as a condition of continued employment.
  • (ISC)2 - HealthCare Information Security and Privacy Practitioner HCISPP
  • (ISC)2 - Certified Cloud Security Professional CCSP
  • ISACA - Certified in Risk and Information Systems Control CRISC
  • ISACA - Certified Information Systems Auditor CISA
  • ISACA - Certified Information Security Manager CISM
  • GIAC - Certified Forensic Analyst GCFA
  • GIAC - Certified Enterprise Defender GCED
  • GIAC - Certified Forensic Examiner GCFE
  • Splunk - Enterprise Certified Admin
• Must pass a nationwide fingerprint-based record check, and a wants/warrants check.
• Must complete Security Awareness and National Crime Information Center (NCIC)/Nevada Criminal Justice Information System (NCJIS) certification within six months of hire/transfer and be recertified every two years. Must maintain certifications in NCIC/NCJIS as a condition of continued employment
• Desirable: Master's Degree in a related field
• Desirable: Familiarity with legal hold processes and requirements
• Desirable: Splunk operations and administration experience
• Desirable: Any of the following certifications:
  • GIAC - Cloud Security Essentials GCLD
  • GIAC - Cyber Threat Intelligence GCTI
  • GIAC - Continuous Monitoring Certification GMON
  • GIAC - Network Forensic Analyst GNFA
  • GIAC - Reverse Engineering Malware GREM
  • GIAC - Defending Advanced Threats GDAT
  • GIAC - Certified Detection Analyst GCDA
  • GIAC - Defensible Security Architecture GDSA
  • GIAC - Certified Windows Security Administrator GCWN
  • GIAC - Open-Source Intelligence GOSI
  • ISACA - Certified Information Systems Auditor CISA
  • Splunk - Enterprise Certified Admin

Job Classification (cont) KNOWLEDGE, SKILLS, AND ABILITIES

• Thorough knowledge of federal, state, local, and other information security regulations and compliance requirements which include PCI and HIPAA; vendor management, security product selection, configuration, and monitoring processes; the principles and practices of project management; security strategies and technologies; scripting languages; routing, switching, and bridging in LAN & WAN environments; access methods and network topologies, Windows and Linux server administration; incident response procedures and standards; designing and implementing security controls to identify vulnerabilities and protect electronic infrastructures; building, maintaining, and upgrading security technologies
• Good knowledge of security standards, regulations, and best practices; incident response procedures and standards; network-based and system-level attacks and mitigation methods; financial impact analyses processes and procedures; and secure configuration of workstation operating systems and software; DNS, DHCP and NTP; financial impact analysis processes and procedures
• Ability to analyze and define problem sources and conceptualize practical solutions based on the computing environment; organize and prioritize a series of requests based on dynamic factors; plan and implement solutions with foresight and consideration of future computing environments; diagnose and resolve complex computer-related issues; analyze programs, policies, and operational needs, and identify and recommend alternatives and improvements; communicate effectively with individuals from various socioeconomic, ethnic, and culturally diverse backgrounds; and establish and maintain effective and positive working relationships with those contacted in the course of work.

ADDITIONAL INFORMATION

• FLSA Status: Exempt
• Wage Assignment: Pay Band 2
• Supervisory classification: No
• EEO 4 Category: Professionals

PHYSICAL REQUIREMENTS/WORK ENVIRONMENT

• For work environment and physical requirements click here

Task Order Description
This is a contract to hire position. Candidates must meet the Minimum Requirements
and have competencies in the Knowledge, Skills, and Abilities defined in the above job
description. Candidates will be assigned specific job duties and assignments to be
completed within the first six months (evaluation period). Upon successful completion
of assigned job duties and assignments, successfully completing a thorough
background check (Local, State, Federal) and other City of Henderson hiring requirements,
the candidate will be offered a full-time position with a tangible career path.
Regardless of the approach, candidates must:

• Meet the Minimum Requirements.
• Have competencies in the Knowledge, Skills, and Abilities.
• Successfully complete a thorough background check (local, state, federal) and

other City of Henderson hiring requirements.

• Successfully complete probationary period assignments.

The selection process will include:

• Vendor pre-screening based on required and desired knowledge, skills and abilities.
• COH review and selection of proposed candidates to move forward in the
• selection process.
• Vendor proctored exam.
• COH selection interview.

Based on the requirements defined in this Task Order, the vendor will pre-screen all
candidates to ensure they meet minimum qualifications in the position description and
have the required and desired experience.
The City will review all proposed candidate applications and will inform the vendor of the
candidates that are invited to move forward in the selection process.
The proposed candidates selected to move forward in the selection process will be required
to take a quick test. The City will provide the test to the vendor and the vendor will issue
and proctor the test to the selected candidates.
Priority
High
Estimated Start Date
ASAP
Estimated Duration
6 months
Work Schedule
M-Th, 7:30am to 5:30 pm except City holidays, eligible for 1 day a week telecommute after 60 days
Location of Work
240 S. Water Street, Henderson, NV 89015 (City Hall)
Deliverables
n/a
Required
Skills and Experience
Contained in the Minimum Qualifications and Knowledge, Skills and Abilities areas in the Job Classification section above. Emphasis should be given to experience in the compliance and risk assessment areas.
Desired
Skills and Experience
Contained in the Minimum Qualifications and Knowledge, Skills and Abilities areas in the Job Classification section above. Emphasis should be given to experience in the compliance and risk assessment areas.
Payment for Services
Vendor may submit invoices for services rendered on a monthly basis. Invoices must identify the resource name, hourly rate, hours worked, total cost and a short description of services provided. Task Order Point of Contact Name Phone Number Email Address Shirley Wallace 702-267-4307 Shirley.wallace@cityofhenderson.com Project Point of Contact Name Phone Number Email Address Terry Daus 702-267-4260 Terry.Daus@cityofhenderson.com
Process Overview

1. For each staffing services request, an 'initial' Task Order must be completed and sent to the Senior Administrative Analyst. The Senior Administrative Analyst reviews the Task Order to ensure it is complete and accurate. An initial Task Order includes all information except the Task Order Number which is assigned by the Senior Administrative Analyst. The Senior Administrative Analyst assigns the number.
2. Based on the Task Order category type, the Senior Administrative Analyst sends the Task Order to selected vendors for review and submittal of resource resumes.
3. The Senior Administrative Analyst receives resource resumes from the vendors and forwards to the Project Point of Contact and selection team (division manager or designee) for review.
4. The Project Point of Contact reviews the resumes and informs the Senior Administrative Analyst what vendor staff they want to interview.
5. The Senior Administrative Analyst coordinates interviews with the vendor, resources and Project Point of Contact.
6. The interviews are conducted by the Project Point of Contract and Division Manager or designee,
7. The Project Point of Contact and the Division Manager or designee selects t...