Job Details

Under supervision, to develop, evaluate and manage system security across the enterprise; to investigate problematic activity and plan for appropriate resolution, perform vulnerability testing, risk analyses and security assessments, evaluate security breaks, and determine if there are problems or errors.

This recruitment will tentatively include a written examination; applicants who meet the employment standards will be invited to take an online examination scheduled to open the week of March 3rd, 2025.

Qualifying candidates will be notified via email with examination instructions.

Responsibilities:

• Regularly communicates the business impact of the County's IT-related risk.
• Reviews new and enhanced applications and programs with specific emphasis on privacy and information with remote access.
• Examines source codes of websites and applications on multiple devices such as laptops, phones and tablets, to identify potential vulnerabilities and security flaws.
• Assesses the impact of external actions on computer systems and networks.
• Maintains continuous awareness of the County's information security posture through monitoring and analysis of information security logs, events and trends.
• Conducts vulnerability assessments, including scans, penetration testing, and code verification testing.
• Identifies and resolves root causes of security-related problems.
• Conducts security research to stay abreast of security issues and industry trends.
• Provides operations support, maintenance and administration for information security systems as a team member.
• Participates in security incidents and assists investigations and targets reviews of suspect areas.
• Identifies weak controls and communicates vulnerabilities to management.
• Tracks and periodically reviews known vulnerabilities to re-assess risk.
• Conducts risk assessments in standardized project, procurement and change management processes.
• Responds to security incidents, conducts forensic investigations and targets reviews of suspect areas.
• Works with teams to resolve issues that are uncovered by various internal and third-party monitoring tools.
• May be assigned as a Disaster Service Worker, as required.
• Performs other related duties, as required.

Minimum Requirements:

Sufficient education, training, and experience to demonstrate the possession and direct application of the following knowledge and abilities:

Training and Experience:
Possession of an Associate's Degree from an accredited college in Computer Science, Information Systems, or other related field, or technical institute degree/certificate in Computer Science, Information Systems, or other related field, and two (2) years problem solving information systems hardware and/or software products, networking, applications, and/or system administration.
OR
Possession of an Associate's Degree or sixty (60) semester units (90 quarter units) from an accredited college, and four years problem solving information systems hardware and/or software products, networking, applications, and/or system administration.

Special Requirements:

• Ability to travel to alternate locations in the course of work. If driving, possession of a valid California driver's license prior to appointment and the ability to qualify for and maintain a County driver authorization.
• Depending on the position, related certifications may be required or desirable.

Knowledge of:

• Principles of effective communication.
• New and enhanced applications and programs related to privacy and information with remote access.
• Potential vulnerabilities and security flaws related to websites and applications.
• Vulnerability assessments, including scans, penetration testing, and code verification testing.
• Resolves root causes of security-related problems.
• Security issues and industry trends.
• Operations support, maintenance and administration for information security systems.
• Weak controls and vulnerabilities.
• Risk assessments in standardized project, procurement and change management processes.
• Principles of teamwork.

Ability to:

• Communicate regularly on IT-related risks.
• Keep apprised of new and enhanced applications and programs related to privacy and information with remote access.
• Examine source codes of websites and applications in order to identify potential vulnerabilities and security flaws.
• Monitor and analyze information security posture.
• Conduct vulnerability assessments, including scans, penetration testing, and code verification testing.
• Identify and resolve root causes of security-related problems.
• Keep abreast of security issues and industry trends.
• Provide operations support, maintenance and administration for information security systems.
• Identify weak controls and communicate vulnerabilities.
• Track and review known vulnerabilities to re-assess risk.
• Conduct risk assessments in standardized project, procurement and change management processes.
• Respond to security incidents and conduct forensic investigations.
• Work well on a team.