The Information Security Engineer plays an essential role in protecting the confidentiality, integrity and availability of State of Arizona information and systems.
This position ensures that the appropriate security controls, standards and procedures are in place and are properly configured, to protect confidential information used by the State from known and unknown internal or external threats.
These threats include, but are not limited to, identity theft, data loss, data damage, unauthorized access and cyber attacks.
This position defends the State against attacks which disrupt, destroy, or threaten the delivery of essential services for the State.
• Day-to-day operational support of the hardware and software solutions that support the detection of, protection from, and response to cyber attacks against State of Arizona systems and networks from internal and external threats. Installs, monitors, and directs proactive and reactive computer network defense measures to ensure the availability, integrity, and reliability of systems and maintains system reliability and availability
T0180: Perform system administration on specialized cyber defense applications and systems or devices, to include installation, configuration, maintenance, backup, and restoration.
T0335: Build, install, configure, and test dedicated cyber defense hardware.
T0483: Identify potential conflicts with implementation of any cyber defense tools
T0261: Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Identifies opportunities for use of solutions to improve efficiency and reduce waste; Leads initiatives to develop solutions and processes to meet needs; Identifies unique innovative approaches and Proactively solves complex problems
Participates and assist with information security incident response.
T0042: Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
• Considerable working knowledge of information security technologies industry trends and best practices in the areas of risk assessment, compliance and vulnerability management
• Considerable knowledge of specific regulatory information protection standards (HIPAA, CGIS, IRS, etc. as appropriate)
• Knowledge of the concepts of NIST 800, CIS, and other security standards in the organization
• K0001: Knowledge of computer networking concepts and protocols, and network security methodologies
• K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• K0004: Knowledge of cybersecurity and privacy principles
• K0005: Knowledge of cyber threats and vulnerabilities
• K0006: Knowledge of specific operational impacts of cybersecurity lapses
• K0021: Knowledge of data backup and recovery
• K0033: Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists)
• K0042: Knowledge of incident response and handling methodologies
• K0044: Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• K0058: Knowledge of network traffic analysis methods
• K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])
• K0062: Knowledge of packet-level analysis
• K0104: Knowledge of Virtual Private Network (VPN) security
• K0106: Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
• K0135: Knowledge of web filtering technologies
• K0157: Knowledge of cyber defense and information security policies, procedures, and regulations
• K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• K0205: Knowledge of basic system, network, and OS hardening techniques
• K0258: Knowledge of test procedures, principles, and methodologies
• K0324: Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications
• K0332: Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
• K0334: Knowledge of network traffic analysis (tools, methodologies, processes)
• Excellent interpersonal, written and oral communication skills
• Excellent technical troubleshooting and problem solving skills
• Strong customer service skills
• Ability to lead initiatives to develop solutions and processes to meet needs; identifies unique innovative approaches
• Demonstrated ability to balance, prioritize and organize multiple tasks
• Demonstrated ability to work collaboratively in teams and across organizations
• Demonstrated ability to synthesize feedback and adjust plans accordingly
• Demonstrated ability to build strong relationships inside and outside the organization
• Demonstrated ability to develop and write technical documentation
• Demonstrated ability to evaluate and test emerging technologies
• Demonstrated ability to apply creative solutions to business problems to ensure business needs are most effectively met
• A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Bachelor’s degree plus 5 or more years of experience in information security analysis and engineering (or equivalent experience)
• Certified Information Security Systems Professional preferred
• Required to drive on State business; must possess a valid Arizona driver's license
The State of Arizona offers a comprehensive benefits package to include:
• Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance
• Life insurance and long-term disability insurance
• Vacation with 10 paid holidays per year
• Health and dental insurance
• Retirement plan
• Sick leave
For a complete list of benefits provided by The State of Arizona, please visit our benefits page
• Positions in this classification participate in the Arizona State Retirement System (ASRS)
• Please note that enrollment eligibility will become effective after 27 weeks of employment
• If you have any questions please feel free to contact Ariel Gonzalez at firstname.lastname@example.org for assistance
ARIZONA MANAGEMENT SYSTEM (AMS)
All Arizona state employees operate within the Arizona Management System (AMS), an intentional, results-driven approach for doing the work of state government whereby every employee reflects on performance, reduces waste, and commits to continuous improvement with sustainable progress. Through AMS, every state employee seeks to understand customer needs, identify problems, improve processes, and measure results.
State employees are highly engaged, collaborative and embrace a culture of public service.
The State of Arizona is an Equal Employment Opportunity Employer.