Location : ,

Job Description

Information Security Specialist (Only candidates who currently reside in the Sacramento area will be considered)

The ideal candidate possesses a combination of technical knowledge, strong analytical skills, and excellent interpersonal skills with a Bachelor’s degree in computer science related. The candidate should have at least 8 years experience in the multiple roles in information security field (e.g., network security, SOC analyst, endpoint management, vulnerability management, cloud security, incident response, programming/scripting). Knowledge of control systems, security best practices, security frameworks.  
Required Qualifications :

  • Any industrial control system experience 

  • Any wastewater or water systems experience or electrical background

  • EPA regulation experience for water waste water

  • Evaluating and reviewing new and upgrade technologies for security risks

  • Performing risk and security assessments for new proposed applications

  • Assist in risk and vulnerability mitigations

  • Developing, updating and reviewing System Security Plans

  • Developing and updating IRPs (business and control systems), playbooks, tabletop exercises and simulation

  • Incident response and coordination following Incident Command Structure when appropriate

  • Monitoring district assets (e.g., servers, computers, devices, networks, applications) for potential security threats and vulnerabilities

  • Working with technical security systems such as SIEM, firewalls, endpoint security, vulnerability management, patch management, PKI, and cloud security management

  • Working with security awareness and training platforms to deploy training and phishing simulations. Ensuring timely completion of training and addressing those who are repeat offenders

  • Presenting at security workshops (technical and nontechnical) utilizing demos, & videos when appropriate

  • Performing security audits, testing, and assessments with tracking identified vulnerabilities to mitigation or risk acceptance in line with the criticality.

  • Evaluating risk acceptance requests and providing options for mitigating controls if needed.

  • Using administrative tools to configure policies for enterprise security platforms.

  • Working with CIS Benchmarks/CIS-CAT to identify standards and those assets that are not meeting standards

  • Developing and testing scripts to automate security operations tasks.

  • Developing, deploying, and supporting security policies, standards, guidelines, and procedures to ensure ongoing security compliance.

  • Experienced in Cloud Security with the major cloud platform providers

  • Experienced and proficient in networking, Windows domain administration, PAM, DLP, MFA, SOC applications, SIEM applications

  • Proficient in Python, and Power Shell.

  • Supporting change management processes.