This listing has expired and therefore is not publicly viewable.
|Company||NYS Office of Information Technology Services|
|Preferred GIAC Certifications||GSEC, GISF|
|Salary||From $56604 to $71980 Annually|
Bachelor’s degree* in a cyber security, information assurance, or information technology related field, OR bachelor's degree with 15 credit hours in cyber security, information assurance, or informational technology.
* Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience.
• Bachelor’s Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a related field
• Applicable Information Security certificate(s), including but not limited to: certificate in Information Security Fundamentals (e.g., Security+, GSEC, CISF, GISF)
• Working knowledge of:
- Computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting
- Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
- Government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS)
- Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series)
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
• Demonstrated critical thinking, problem solving and analytical skills
• 1+ years’ experience in technical writing
• Coursework or experience in the following areas:
- Applying and implementing network and/or system security
- Information security incident response
- Security policy/standard/guideline development, implementation, or interpretation
- Conducting risk assessments and evaluating information technology systems for security controls (Secure Systems Development Lifecycle)
- Compliance assessments, audit support/response, and compliance/audit remediation