Idaho Division of Human Resources Hiring for IT Information Security Engineer III at Boise, Idaho Full Time

IT Information Security Engineer III

Print (http://agency.governmentjobs.com/idaho/job_bulletin.cfm?jobID=3902492&sharedWindow=0)

Apply



IT Information Security Engineer III

Salary

$68,390.40 – $81,224.00 Annually

Location

Boise, ID

Job Type

Full Time

Department

Idaho Transportation Department

Job Number

18105 (1266 – HQ)

Closing

3/1/2023 11:59 PM Mountain

• Description

• Benefits

• Questions

Description

Do you want to make a difference and be part of an award-winning agency, dedicated to enhancing the quality of life in Idaho through transportation?

At the Idaho Transportation Department, every employee is critical to the mission and we strive to foster an innovative, collaborative workplace where employees can grow and do their best work.

Idaho Transportation Department has an exciting and challenging opportunity for an IT Information Security Engineer III located at our headquarters office in Boise. This role performs investigations related to information security events and incidents, electronic discovery and digital forensics for litigation and human resource purposes as well as provide technical leadership to information security response teams.

Please note: Background check (including fingerprinting) is required for this position.

Example of Duties

• Perform Confidential Services. Confidential Services include working with Legal and Human Resources on active investigations by providing electronic discovery and digital forensics expertise. Provide subject matter expertise to HR and Legal upon request, potentially during employment adjudication and in court.

• Perform Cyber Security Incident Response. Monitor the agencies information security systems to identify potential Cyber Security Incidents based upon a good working knowledge of cyber security best practices and a familiarity of current and potential threats. Determine which Cyber Security Events escalate to Cyber Security Incidents with the potential to impact the agencies employees, information, resources and reputation.

• Create Information Security Policy. Draft ITD policies to address cyber security needs. Align ITD’s cyber security policies with Federal, State and other local partners. Ensure that ITD’s cyber security polices meet the needs of ITD’s lines of business and customer needs.

• Design, implement and potentially operate information security systems.

• Research and propose technology solutions to address information security needs at the agency.

• Provide initial budgeting and planning information for information security systems for the agency.

• Provide subject matter expertise in the implementation projects to implement information security solutions.

• Create the processes needed to successful deploy information technology projects.

• Audit performance of existing information technology systems and their operations to ensure they meet current needs.

• Create information security plans to meet the agencies information security needs based upon

the agency’s identified risk management framework and the needs of the lines of business.

• Work with other state agencies to create cybersecurity state policy and keep it up to date.

DECISION-MAKING AUTHORITY:

• This position has the authority to make immediate decisions impacting the security configurations, network configurations and access, access to information and user privileges during security events and incidents. Long term decisions may require oversite. This position has recommendation making authority with respect to risk assessments, security plans for products, projects and enterprise configurations.

PROBLEM SOLVING:

• Finding indicators of compromise for security events. Examples include looking through logs, correlating events from separate data sources and from users.

• Troubleshooting security related technical issues. Examples include solving encryption and certificate errors and determining if web traffic is being blocked for security reasons such as improper data exfiltration.

• Determining timelines during investigations of users to see if they violated Federal, State or agency laws, policies or guidelines. Examples include investigations requested by Legal or Human Resources.

Minimum Qualifications

• Considerable knowledge of computer networking concepts and protocols, and network security methodologies; internal tactics to anticipate and mitigate cyber security threat capabilities and actions; risk management processes (e.g., methods for assessing, documenting, and mitigating risk).

• Good knowledge of cyber intelligence/information collection capabilities and conducting cyber incident investigations; assessing cyber security regulatory compliance and policy & procedure writing; supervisory practices.

DESIRED QUALIFICATIONS:

• Good knowledge of electronic discovery and digital forensics gathering processes.

• Digital forensics certifications to testify as an expert witness in court. Currently the team uses GIAC certifications.

Supplemental Information

To learn more about the department, please visit the ITD website (https://itd.idaho.gov/) . Make a difference in your community and in the lives of the citizens of Idaho!

Benefits:

• Flexible work schedule available to some positions for increased work-life balance

• Public Service Loan Forgiveness – eligibility requirements may apply

• Accrue paid vacation every pay period and increasing with state longevity

• Paid Parental Leave

• Paid sick leave separate from vacation leave

• 11 paid holidays

• Competitive Medical, Dental, Vision, Life and Disability insurance benefits, Flexible Spending Account https://ogi.idaho.gov/premium-rates/

• Relocation Assistance available to some positions

• Defined benefits retirement plan (pension) through the Public Employee Retirement System of Idaho (PERSI) https://persi.idaho.gov/members/base_plan.cfm

• Optional 401K and Deferred Compensation plans with traditional and Roth options

• Eligible for Employee Assistance Program – Confidential support, information and resources for all of life’s challenges

The Idaho Department of Transportation may conduct verification of the information provided in your application, including validation of driver’s license status, education, employment, and criminal history. Omission and/or falsification of information provided in your application will result in your removal from consideration for employment, appointment, or promotion.

The State of Idaho is committed to providing equal employment opportunities and prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, political affiliation or belief, sex, national origin, genetics, or any other status protected under applicable federal, state, or local laws.

The State of Idaho is committed to access and reasonable accommodations for individuals with disabilities, auxiliary aids and services are available upon request. If you require an accommodation at any step in our recruitment process, you are encouraged to contact (208) 334-2263 (TTY/TTD: 711), or email [email protected].

Preference may be given to veterans who qualify under state and federal laws and regulations.

Your Safety. Your Mobility. Your Economic Opportunity.

Careers

If you have questions, please contact us at:

Email:

[email protected]

Trouble Applying Call: Applicant Support Toll-free number: 1-855-524-5627

Monday through Friday 6:00 a.m. – 5:00 p.m. Pacific Time

https://dhr.idaho.gov/StateEmployees/Benefits.html

*Benefits may not be applicable for temporary or seasonal positions.

01

01735 – MQ 1 of 6 Please select the option that best describes how you have obtained considerable knowledge of computer networking concepts and protocols, and network security methodologies. Help: Typically gained by at least four years of professional work experience (within the last five years) performing network security OR two years of professional work experience (within the last five years) and successful completion of college/vocational courses covering network security practices. *Your resume/application must support your answer.

• I do not have this experience.

• I have at least four years of professional work experience (within the last five years) performing network security OR two years of professional work experience (within the last five years) and successful completion of college/vocational courses covering network security practices.

• I have at least four years of professional work experience (within the last five years) performing network security OR three years of professional work experience (within the last five years) and successful completion of college/vocational courses covering network security practices.

• I have at least four years of professional work experience (within the last five years) performing network security OR three years of professional work experience (within the last five years) and successful completion of college/vocational courses covering network security practices with at least two of the four years of professional work experience directly supervising network security staff.

  02

  01735 – MQ 2 of 6 Please select the option that best describes how you have obtained good knowledge of cyber intelligence/information collection capabilities and conducting cyber incident investigations. Help: Typically gained by at least three years of work experience as an advanced IT professional. Experience should include practical experience conducting cyber incident investigations. Include the names of tools you have experience using to conduct cyber incident investigations. *Your resume/application must support your answer.

• I do not have this knowledge.

• I have at least three years of professional work experience conducting cyber security administrative investigations including incidents involving mishandling of sensitive information, computer misuse, and account compromise investigations.

• I have at least four years of professional work experience conducting cyber security administrative investigations including mishandling of sensitive information, computer misuse, and experience conducting forensic imaging and examinations of digital and electronic media.

• At least four years of professional work experience conducting cyber security administrative investigations including mishandling of sensitive information, computer misuse, and experience conducting forensic imaging and examinations of digital and electronic media with at least two of the four years of professional work experience directly supervising network security staff tasked with conducting cyber intelligence and cyber incident investigations.

  03

  01735 – MQ 3 of 6 Please select the option that best describes how you have obtained good knowledge of assessing cyber security regulatory compliance and policy and procedure writing. Help: Typically gained by at least one year of professional work experience developing training materials, reports, policy and/or procedure manuals, written interpretations of law, rules, or policies, or any related background which would be considered similar OR successful completion of two college/vocational courses in technical writing or communication. *Your resume/application must support your answer.

• I do not have this knowledge and/or experience.

• I have at least one year of professional work experience developing reports, policy and/or procedure manuals, written interpretations of law, rules, or policies, or any related background which would be considered similar OR successful completion of two college/vocational courses in technical writing or communication.

• I have at least two years of professional work experience developing reports, policy and/or procedure manuals, written interpretations of law, rules, or policies, or any related background which would be considered similar.

• I have at least one year of professional work experience developing reports, policy and/or procedure manuals, written interpretations of law, rules, or policies, or any related background which would be considered similar OR successful completion of two college/vocational courses in technical writing or communication. I have also participated in a committee or workgroup charged with rewriting rules or reference guides, developing training materials, or developing and rewriting specific notices, forms, or procedures that have far reaching impact on program policy and will probably be used on a statewide basis OR I have been in a supervisory, managerial, or project review type position performing this level of work.

  04

  01735 – MQ 4 of 6 Please select the option that best describes how you have obtained considerable knowledge of internal tactics to anticipate and mitigate cyber security threat capabilities and actions. Help: Typically gained by at least three years of professional work experience researching potential cyber security threats and reviewing, interpreting, and prioritizing information systems remediation OR successful completion of college courses in cyber security threat identification and mitigation and one year of practical work experience. *Your resume/application must support your answer.

• I do not have this knowledge and/or experience.

• I have at least three years of professional work experience researching potential cyber security threats and reviewing, interpreting, and prioritizing information systems remediation OR successful completion of college courses in cyber security threat identification and mitigation and one year of practical work experience.

• I have at least four years of professional work experience researching potential cyber security threats and reviewing, interpreting, and prioritizing information systems remediation OR successful completion of college courses in cyber security threat identification and mitigation and two years practical work experience.

• I have at least four years of professional work experience researching potential cyber security threats and reviewing, interpreting, and prioritizing information systems remediation OR successful completion of college courses in cyber security threat identification and mitigation and two years practical work experience with at least two of the four years of professional work experience directly supervising network security staff tasked with researching potential cyber security threats and reviewing, interpreting, and prioritizing information systems remediation.

  05

  01735 – MQ 5 of 6 Please choose the answer that best describes your experience supervising staff. Duties MUST include hiring, performance evaluations, discipline, terminations, and other personnel management activities. Typically this is gained by at least one (1) year of work experience with specific responsibility for hiring, performance evaluations, work assignment, discipline, termination, and other personnel management activities OR successful completion of at least 8 hours of courses or seminars specifically covering supervisory practices PLUS at least 6 months experience performing as a full supervisor OR successful completion of 6 college credit hours of courses or seminars covering the essential elements of management *Your resume/application must support your answer.

• I do not have this knowledge and/or experience.

• I have at least one year of experience supervising that includes; hiring, performance evaluations, discipline, terminations, and other personnel management activities of staff OR I have completed upper-division college-level management coursework along with experience in a significant leadership role OR successful completion of at least 8 hours of courses or seminars specifically covering supervisory practices PLUS at least 6 months experience performing as a full supervisor OR successful completion of 6 college credit hours of courses or seminars covering the essential elements of management

• I have at least 3 years of experience supervising that includes; hiring, performance evaluations, discipline, terminations, and other personnel management activities of staff.

• I have five or more years of full supervisory experience of four or more employees to include professional level employees.

  06

  01735 – MQ 6 of 6 Please select the option that best describes how you have obtained considerable knowledge of risk management processes (e.g., methods for assessing, documenting, and mitigating risk). Help: Typically gained by at least three years of IT experience examining, auditing, managing, implementing IT risk assessments, IT audit programs, and IT security programs. *Your resume/application must support your answer.

• I do not have this knowledge or experience.

• I have at least three years of IT experience examining, auditing, managing, implementing IT risk assessments, IT audit programs, and IT security programs.

• I have at least four years of IT experience examining, auditing, managing, implementing IT risk assessments, IT audit programs, and IT security programs.

• I have five or more years of full supervisory experience of four or more employees to include professional level employees.

  07

  Extra Credit: Please describe how you have gained a good working knowledge of electronic discovery and digital forensics gathering processes. Typically gained by two years of active job duties involving cyber investigations including e-discovery and digital forensics with in the last 5 years or active and current industry certifications in e-disco and d-forensics.

  08

  Extra Credit: What Digital forensics certifications do you currently have, if any?

  Required Question

Agency

State of Idaho

Address

304 North 8th Street Boise, Idaho, 83720

Website

https://www.governmentjobs.com/careers/idaho

Apply

Please verify your email address Verify Email