|
The Employees Retirement System of Texas (ERS) administers the retirement and group health benefit programs for the employees and retirees of State of Texas agencies and some higher education institutions. These benefits contribute to the financial security and overall well-being of State of Texas employees, retirees and their families and help to make Texas a great place to live, work and visit. In support of our agency’s mission, the Information Security Office protects data that is collected, stored, and controlled by our Information Systems division. In this role, you will plan, implement, monitor and may coordinate security measures for information systems and infrastructure to regulate access to computer data file and to prevent unauthorized modification, destruction, or disclosure of information. Work also involves network vulnerability scanning, log examination, threat analysis, intrusion detection/protection analysis, well as compliance and risk assessment audits.
Essential Functions includes, but is not limited to:
- Performs complex to highly complex information security analysis work in the Information Systems Division.
- Ensures agency processes and technologies are aligned with common regulatory state/federal controls and standards such as: NIST SP 800-53, HIPAA, Texas Administrative Code 202, etc.
- Performs compliance and risk assessment audits and determines acceptable risk and risk mitigation strategies.
- Coordinates the implementation of computer system security plans with agency personnel and outside vendors.
- Confers with various IS staff to discuss issues such as computer data access needs, security violations, and programming changes.
- Advises users regarding security procedures.
- Develops, maintains, and matures ERS security infrastructure.
- Analyzes and tests new or existing procedures, information systems, or utility programs for security vulnerabilities and recommends remediation procedures.
- Designs, modifies, and implements new or revised security controls to improve system security; including policy creation for intrusion detection/prevention systems and data loss prevention systems.
- Performs technical security reviews and vulnerability scans, meeting both internal and external requirements
- Assists in advising management and users regarding security procedures, which includes administering security awareness training and identifying appropriate metrics for use in generating status reports.
- Creates and maintains documentation concerning security procedures.
- Provides special security information needed by other staff members for their projects.
- Performs other duties as assigned.
As Information Security Analyst II
- Performs and reviews risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.
- Researches, evaluates, and recommends systems and procedures for the prevention, detection, containment, and correction of data security breaches.
- Coordinates the design and deployment of security infrastructure and managing related program activities.
Required Minimum Qualifications
Your application for employment must reflect how you meet each of the following minimum qualifications:
- Graduation from an accredited four-year college or university with major course work in data processing, computer science, computer information systems, or management information systems or a related field; or attainment of an Associate Degree from an accredited technical school with specialization in computer technology. Each year of experience over the required minimum years may substitute for the education on a 30 semester hour per year basis. Transcripts may be requested from finalist.
- Three (3) years of experience for classification level I to four (4) years of experience for classification level II in systems security analysis and design work in a progressively complex role, including experience securing enterprise networks.
Preferred Qualifications
Your application for employment should reflect how you meet the following preferred qualifications:
3. One or more of the following certifications:
- Certified Information Systems Security Professional (CISSP) certification
- Certified Ethical Hacker (CEH)
- Certified Information System Auditor (CISA) or IT audit equivalent certification
- Cisco Certified Network Administrator/Engineer (CCNA/CCNE)
- Global Information Assurance Certification (GIAC) certification (e.g., GSEC, GCCC, etc.)
4. Experience with the following security tools:
- Vulnerability scanning/management (e.g., Nessus, Nexpose, etc.)
- Web application scanning (e.g., AppSpider, AppScan, Nikto, etc.)
- Log analysis (e.g., Splunk, Graylog, etc.)
- Intrusion Prevention Systems (host-based/network) and endpoint security
5. Experience with computer programming and scripting languages including:
6. Experience with governance, risk, and compliance (GRC) tools (e.g., Archer, DM360, etc.).
Other Information
PLEASE NOTE: All applications must contain complete job histories, which includes job title, dates of employment, name of employer, supervisor's name and phone number and a description of duties performed. If this information is not submitted, your application may be rejected because it is incomplete. Resumes do not take the place of this required information.
Other Information: Work is performed in an office environment. This position may require access to privileged, confidential, or sensitive data. ERS will conduct either a TXDPS or FBI criminal history check on all new hires. For more information about this policy inquiries can be made to employment@ers.texas.gov.
Military Occupational Specialty (MOS) Codes
Veterans, Reservists or Guardsmen with experience in the Military Occupational Specialty (http://www.hr.sao.texas.gov/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf) along with the minimum qualifications listed above may meet the minimum requirements and are highly encouraged to apply. Please contact Human Resources at employment@ers.texas.gov with questions or for additional information.
|
