Address
Form of workOverview
Why OCTA:
Discover work that moves you in a dynamic and innovative setting. Be part of a team delivering Orange County's transportation network of today and creating a vision for the future.
OCTA is the county's transportation planning commission and public transit operator. With a focus on safety and accountability, we plan, fund, and implement countywide projects that include bus and rail transit, freeways and express lanes, rideshare, microtransit, paratransit, active transportation, and environmental programs.
We're passionate about creating a balanced, equitable and sustainable transportation system that reflects the diverse travel needs of the county's 34 cities and 3.2 million residents.
Our employees rated OCTA as a top workplace in Orange County. Come join us on our mission of keeping Orange County moving.
Overview:
Under general direction, responsible for leading the review, engineering, and development of existing and new security solutions and policies for the protection of Authority IT systems, applications, and data. Defines, documents, and implements cybersecurity strategies, architectures, and procedures, and verifies that IT infrastructure is properly protected from internal and external threats. Aids teams during solution and processes design to ensure a secure environment and compliance with applicable local, state, and federal requirements. Coordinates, investigates, and reports on Cyber Security incidents. Responsible for information security control development and the maintenance and design of security policy education, training, and awareness activities.
Cyber Security Engineer, Senior - This is an exempt position in Salary Grade T: Min $113,713.60 - Mid $135,283.20 - Max $156,832.00 annually. The starting salary will be within this range based on qualifications.
Cyber Security Engineer - This is an exempt position in Salary Grade S: Min $101,254.40 - Mid $120,660.80 - Max $140,046.40 annually. The starting salary will be within this range based on qualifications.
The position will remain open until a candidate is selected.
Responsibilities
This list is intended to indicate the general nature and level of work performed by employees within this classification and is not designed to be interpreted as an exhaustive listing of all tasks required of employees assigned to this job.
Qualifications
Cyber Security Engineer, Senior - Any combination of education and experience equivalent to a bachelor's degree in Computer Science, Mathematics or Business, with a minimum of five years of related experience in computer security analysis in business and accounting environments. Experience developing and auditing of enterprise-wide cybersecurity programs. Experience with various network security services including firewalls, Virtual Private Network (VPN), and remote access. Current and/or previously held security related certifications are required (e.g., Security+, CISSP, GIAC, GSEC, CISA, GSNA, GSAE).
Cyber Security Engineer - Any combination of education and experience equivalent to a bachelor's degree in Computer Science, Mathematics or Business, with a minimum of three years of responsible experience in computer security analysis in medium to large enterprise environments. Current and/or previously held security related certifications are preferred (e.g., Security+, GIAC, GSEC, CISA, GSNA, GSAE).
Knowledge of:
Ability to:
Working Conditions/Physical Activities:
(The physical demands described are representative of those that must be met by the employee to successfully perform the essential functions of this job. OCTA provides reasonable accommodation to enable individuals with disabilities to perform the essential functions).
Positions in this class typically require:
Compensation and Benefits:
OCTA offers an attractive compensation and benefits package that includes medical, dental and vision health insurance programs, flex time (may be available), paid sick leave, paid vacation and holidays, short-term and long-term disability, life insurance, flexible spending accounts, retirement, deferred compensation plan, educational reimbursement, excellent in-house training programs, free transportation passes for the employee and dependents, wellness and ergonomic programs, and much more. OCTA has a hybrid remote work program. Eligibility is dependent on manager's approval.
OCTA is an equal employment opportunity employer that recruits, hires, and promotes qualified people without regard to race, color, religion, creed, ancestry, national origin, age, sex, pregnancy, gender, gender identity and/or expression, sexual orientation, marital status, medical condition, disability, genetic information, military and veteran status, or other legally protected status.
Why OCTA:
Discover work that moves you in a dynamic and innovative setting. Be part of a team delivering Orange County's transportation network of today and creating a vision for the future.
OCTA is the county's transportation planning commission and public transit operator. With a focus on safety and accountability, we plan, fund, and implement countywide projects that include bus and rail transit, freeways and express lanes, rideshare, microtransit, paratransit, active transportation, and environmental programs.
We're passionate about creating a balanced, equitable and sustainable transportation system that reflects the diverse travel needs of the county's 34 cities and 3.2 million residents.
Our employees rated OCTA as a top workplace in Orange County. Come join us on our mission of keeping Orange County moving.
Overview:
Under general direction, responsible for leading the review, engineering, and development of existing and new security solutions and policies for the protection of Authority IT systems, applications, and data. Defines, documents, and implements cybersecurity strategies, architectures, and procedures, and verifies that IT infrastructure is properly protected from internal and external threats. Aids teams during solution and processes design to ensure a secure environment and compliance with applicable local, state, and federal requirements. Coordinates, investigates, and reports on Cyber Security incidents. Responsible for information security control development and the maintenance and design of security policy education, training, and awareness activities.
Cyber Security Engineer, Senior - This is an exempt position in Salary Grade T: Min $113,713.60 - Mid $135,283.20 - Max $156,832.00 annually. The starting salary will be within this range based on qualifications.
Cyber Security Engineer - This is an exempt position in Salary Grade S: Min $101,254.40 - Mid $120,660.80 - Max $140,046.40 annually. The starting salary will be within this range based on qualifications.
The position will remain open until a candidate is selected.
Responsibilities
This list is intended to indicate the general nature and level of work performed by employees within this classification and is not designed to be interpreted as an exhaustive listing of all tasks required of employees assigned to this job.
- Responsible for the technical security functions of the cybersecurity team.
- Assesses and provides guidance for all third-party cloud, network, system, or application integrations connecting to or supporting OCTA business requirements.
- Determines cybersecurity controls for OCTA as outlined by the NIST RMF guidance.
- Assess IT infrastructure, services, and solutions to identify vulnerabilities and non-compliance.
- Plans, engineers, and implements strategies to balance security recommendations with business needs; defines solutions that balance both business and security requirements.
- Has oversight for the development and auditing of enterprise-wide cybersecurity policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
- Reviews and assesses technical requirements used to protect sensitive data, e.g., financial, payment card industry data security standards (PCI DSS), HIPPA, etc.
- Develops, implements, upgrades, and maintains new and existing security solutions and awareness training.
- Performs security functions, audits, and reporting of software and IT infrastructure.
- Stays abreast of industry best practices in cybersecurity techniques and integrates new methods and tools as appropriate.
- Tests and identifies network and system vulnerabilities to include supporting troubleshooting.
- Provides in-depth support for cybersecurity incidents including internal violations, attacks, malware, and other cybersecurity related incidents.
- Manages existing cybersecurity related tools in the existing environment; monitors reports, logs, alerts, and resolves potential security compromises.
- Provides guidance and remediation efforts with the investigation of security breaches, policy violations, and other cybersecurity incidents.
- Provides information system security reviews and recommendations to executive management and other staff related to the security profile of the agency.
- Identifies methods to enhance existing security services. Research, designs, schedules, and implements new security technologies into the current operating environment.
Qualifications
Cyber Security Engineer, Senior - Any combination of education and experience equivalent to a bachelor's degree in Computer Science, Mathematics or Business, with a minimum of five years of related experience in computer security analysis in business and accounting environments. Experience developing and auditing of enterprise-wide cybersecurity programs. Experience with various network security services including firewalls, Virtual Private Network (VPN), and remote access. Current and/or previously held security related certifications are required (e.g., Security+, CISSP, GIAC, GSEC, CISA, GSNA, GSAE).
Cyber Security Engineer - Any combination of education and experience equivalent to a bachelor's degree in Computer Science, Mathematics or Business, with a minimum of three years of responsible experience in computer security analysis in medium to large enterprise environments. Current and/or previously held security related certifications are preferred (e.g., Security+, GIAC, GSEC, CISA, GSNA, GSAE).
Knowledge of:
- Deep understanding of physical and virtual hybrid on-premise, cloud, and SaaS based enterprise operating systems and supporting IT infrastructure.
- Vulnerability scanning and remediation software and processes, planning, implementation, and management.
- Security vulnerability identification and remediation for Windows server, Windows desktop, and Linux operating systems.
- Behavior based intrusion detection/prevention systems to include Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) behavior and AV tools.
- On premise and cloud-based system monitoring, protection, and reporting functions.
- PI/PII, HIPAA, and PCI security standards and best practices.
- NIST, SOC 2, ISO, or other cybersecurity frameworks.
- Cloud based MSSP, and other third party supported security offerings.
- Secure implementation of cloud, on premise, and hybrid infrastructure solutions.
- Penetration testing, vulnerability assessments, and security awareness training.
- Incident response, data protection, threat hunting, and disaster recovery best practices.
Ability to:
- Define, analyze, and develop security solutions that support business requirements in a secure and compliant manner.
- Develop and prepare effective documentation covering system security, policies, and procedures with excellent report writing and communication.
- Work in a multi-disciplinary team.
- Develop and implement long range security management solutions.
- Mentor and train employees on cybersecurity best practices, tools, and frameworks.
- Adapt to technological advancements within the industry.
- Communicate effectively, both orally and in writing.
Working Conditions/Physical Activities:
(The physical demands described are representative of those that must be met by the employee to successfully perform the essential functions of this job. OCTA provides reasonable accommodation to enable individuals with disabilities to perform the essential functions).
Positions in this class typically require:
- Work may be performed in a stressful, fast-paced office environment, depending upon assignment.
- Requires ability to understand verbal communication and to respond effectively.
- Positions in this class typically require: Reaching, Finger Dexterity, Grasping, Feeling, Talking, Hearing, Seeing, and Repetitive Motions in computer use.
Compensation and Benefits:
OCTA offers an attractive compensation and benefits package that includes medical, dental and vision health insurance programs, flex time (may be available), paid sick leave, paid vacation and holidays, short-term and long-term disability, life insurance, flexible spending accounts, retirement, deferred compensation plan, educational reimbursement, excellent in-house training programs, free transportation passes for the employee and dependents, wellness and ergonomic programs, and much more. OCTA has a hybrid remote work program. Eligibility is dependent on manager's approval.
OCTA is an equal employment opportunity employer that recruits, hires, and promotes qualified people without regard to race, color, religion, creed, ancestry, national origin, age, sex, pregnancy, gender, gender identity and/or expression, sexual orientation, marital status, medical condition, disability, genetic information, military and veteran status, or other legally protected status.
