As Carollo Engineers, Inc. continues to mature the cyber security program, we recognize the value of a world class designed and implemented cyber security model insuring security controls are implemented during the design and development process. This role is responsible for ensuring proper security measures are implemented, reviewed, and reported on for all security systems.
The Security Administrator for Carollo is responsible for implementing day to day security requirements at a tactical and operational level (network, infrastructure, applications, and databases) to ensure that security controls are functioning efficiently and effectively, more specifically in the realm of perimeter security architecture, firewall Analyzing, security logging, monitoring, alert management, incident handling, vulnerability and configuration management, etc. The Security Administrator provides technical expertise to implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various offices and Information Technology.
This Information Security Administrator is required to work closely with other members of the Information Technology teams to assist in development and implementation of a comprehensive information security program. This includes defining security policies, processes, and standards. This Security Administrator will work with the other IT teams to select and deploy technical controls to meet specific security requirements, and define processes and standards to ensure that security configurations are maintained.
This position may be located at the following Carollo office locations: Austin, TX / Reno, NV / Las Vegas, NV / Boise, ID / Salt Lake City, UT
- 5+ years of IT experience, with 3+ years in Information Security.
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Network security, Layer 3 Networking, Firewalls, Penetration Testing, Linux Administration, Scripting, Professional Services, vulnerability assessments, Network Architecture / Network Modeling, SQL / MySQL Queries
- Knowledge and understanding of vulnerability/patch management and malware protection.
- Knowledge and understanding of Security Information and Event Management (SIEM) for advanced threat correlation and analysis.
- Knowledge of network infrastructure, including routers, switches, firewalls, IPS/IDS, network protocols, and security related implementation/design concepts.
- Knowledge of mobile device management, web security gateway, data loss prevention, spam management and endpoint protection.
- Knowledge of encryption tools and concepts.
- Experience managing and leading Security projects, including defining requirements, developing project plans, and delivering results.
- Knowledge of common server operating system environments such as Linux and Microsoft Windows Server.
- In-depth knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, and NIST.
- Performs other related duties as assigned
- Bachelor of Computer Science / Information Science preferred or equivalent work experience
- Demonstrated experience working with technical and non-technical staff
- One of the following professional security management certifications; Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
- Experience in host system administration, access administration, network analyzing, or database administration is desirable, as is familiarity with core network services such as TCP/IP, HTTP, FTP, DNS, SMTP, SNMP and LDAP
- Experience using application security and host security scanning tools such as Backtrack, MetaSploit, Nessus, Qualys, and others
- Strong written and verbal communication skills
All qualified applicants will receive consideration for employment without regard to race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex, age, sexual orientation, ethnicity, status as a disabled veteran or veteran of the Vietnam era. Qualified applicants with criminal histories will also be considered in a manner that is consistent with the Fair Chance Initiative for Hiring Ordinance and/or any other similar ordinances as required.
Las Vegas, NV / Kansas City, MO / Austin, TX / Salt Lake City, UT, Nevada, United States
IT PROFESSIONAL II – Security
APPROXIMATE ANNUAL SALARY – $51,197.76 to $76,316.40 PAY GRADE: 37
IT PROFESSIONAL III – Information Security Officer
APPROXIMATE ANNUAL SALARY – $54,204.48 to $81,139.68 PAY GRADE: 39
Information Technology (IT) Professionals analyze, develop, implement, maintain, and modify computer operations, systems, networks, databases, applications, and/or information security. Incumbents may perform duties in one or more IT specialization areas depending on the needs of the agency.
Incumbents perform advanced journey level duties and may train, supervise, and evaluate the performance of subordinate staff and/or serve as a project leader as assigned. Incumbents may function as a unit leader to include directing the activities of a branch IT support unit, overseeing projects of limited scope, and coordinating activities with other work groups. *NOTE* All new hires will be brought in at the beginning salary rate of a grade 39, step 1 = $54,204 annual salary – no exceptions -; existing State of Nevada employees may retain steps as per NAC. THIS POSITION WILL NOT BE HIRED ON THE BASIS OF A PHONE INTERVIEW.
This IT Professional III position will primarily be responsible for assisting criminal justice agencies in Nevada in securing their data operations and documenting their technical compliance with the FBI’s Criminal Justice Information Services (CJIS) Security Policy. This happens both through informal assistance and through formal agency audits. CJIS Security Policy and how to administer a technical security audit are the first things to learn for the new hire. A secondary role will be assisting divisions of the Nevada Department of Public Safety implement state security standards. Typical tasks in either role would be interpreting policy and standards for agencies, and coming up with creative ways to implement technology that enhance both the security and the business process, documenting compliance and communicating audit findings to both technology and management people, following up with agencies concerning security weaknesses, or contributing materials to a training or information security program. Successful candidates will have a good working knowledge of data networks, desktop computers, servers, Internet and web protocols, wireless and mobile communications, and will have significant hands-on experience in one or more of these areas. Particularly good experience would be operation of an intrusion detection system, vulnerability scanning, or “pen” testing. A current knowledge of the threat environment is essential. This position will have little or no “hands on” technical work, but a good technical background is a critical aspect of making good security decisions.
This is the application: