SENIOR SECURITY ENGINEER - 72003934

Requisition No: 723001 Agency: Management Services Working Title: SENIOR SECURITY ENGINEER - 72003934 Position Number: 72003934 Salary: $95,000.00 - $105,000.00 Posting Closing Date: 12/18/2022 Senior Security Engineer Florida Digital Service State of Florida Department of Management Services This position is located in Tallahassee, FL Position Overview and Responsibilities: Responsible for designing and deploying Florida s first ever enterprise cybersecurity program, the Florida Digital Service is aggressively recruiting a team to lead our state s efforts. Florida has made historic financial investments into the creation of statewide cybersecurity capabilities and continues to demonstrate support for the mission. Reporting to the Cybersecurity Engineering Manager as part of the Network, Operations, Intelligence, and Response team under the state CISO, this position is a key part of the FL[DS] cybersecurity solutions team. The opportunity to build a statewide cybersecurity program is a once in a lifetime opportunity and will be focused first and foremost on attracting and supporting the right people for this mission. The Senior Security Engineer is responsible for leading a team supporting enterprise security efforts, assisting in implementing, integrating, and maintaining new solutions that will protect against cyber threats as well as maintaining an IT infrastructure to provide maximum protection to the enterprise. This position has a broad range of duties, which will include: Maintenance and Improvement of Security Infrastructure: Assists the cybersecurity engineering team through implementation and execution of cybersecurity Florida statutes, the statewide cybersecurity plan, cybersecurity rules, and the vision of the state CISO. Implements the statewide cybersecurity plan, maintain existing security systems using automated tools and manual system administration tasks. Deploy prescribed tools to discover system and/or software vulnerabilities and inform and/or validate risk assessments throughout the enterprise. Collaborate with cyber security analysts and engineers to conduct vulnerability and risk assessment activities, with significant impact to business operations. Collaborate with security engineers and architects to ensure secure design principles are met. Reviews security reports for vulnerabilities and develop/implement proper remediations. Applies remediations to unpatched systems - Identifies vulnerable systems and notifies the system owner if patches are needed. Integrates threat information into institutional vulnerability assessments, risk assessments and mitigation activities. Analyze enterprise cyber defense policies and configurations and evaluate compliance with NIST frameworks and organizational directives. Prepare assessment reports that identify technical and procedural findings and provide recommended remediation strategies/solutions. Actively participate and assist in organizational information proof of concepts and enterprise project architecture. Research and review security controls, information systems, and business practices for violations of information security policies, standards, or regulatory requirements. Design, develop and implement security tools, platforms and methodologies drawing from industry requirements and NIST frameworks to identify and support the mitigation of risks to business operations. Participate or lead efforts to upgrade existing systems to meet evolving needs, including the specification, purchase, and deployment of new security systems and infrastructure. Security Consulting and Compliance: Promote a strong security culture through outreach and technical security consulting. Collaborate with system owners and application developers to assess and advise on proposed deployments, perform in-depth security reviews, and ensure cyber security best practices and policies are followed. Assist with developing and documenting cyber security guidance, policies, standards, and procedures. Integrates vulnerability findings into the risk management program. Develops and executes internal phishing simulations. Assist in the development and delivery of user training, security awareness programs and security documentation such as policies, standards, and operating procedures. Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives. Assist in the development of security policies. Monitoring and Incident Response: Perform security duties including threat awareness, proactive network traffic analysis, incident response, forensic analysis, monitoring ticketing queue, and resolution of security incidents. Track security issues, and work closely with FLDS staff and end-users to advise and assist in remediation of vulnerabilities within proper timeframes. Support and/or lead cyber incident response activities and participate in the full incident response lifecycle. Maintain awareness of cybersecurity threats by monitoring a variety of information sources. Participate in 24/7 on-call rotation, occasionally working outside of scheduled hours as needed. Supervisory: Effectively supervises performance of direct reports to ensure division and agency performance goals are met or exceeded and complies with the Department s employment policies and procedures and the State s statutes and rules. Supervision - assigns balanced workloads; ensures quality of work and that deadlines are met; monitors productivity, attendance, and professionalism in the workplace. Directing Leadership - sets challenging goals; delegates and coordinates effectively; promotes innovation in achieving goals; sets examples for subordinates. Training - identifies performance gaps and coordinates with the division trainer to ensure training needs are met. Managing Change - initiates change effectively and adapt to necessary changes in operations; motivates employees to have positive attitude towards operational changes. Performance Appraisal/Feedback - effectively evaluates subordinates; encourages and initiates regular discussion of performance with subordinates; takes appropriate and timely action with marginal or failing performers; recognizes and rewards good performance. Discipline Administration - uses progressive and corrective discipline to improve performance/behavioral problems. Serve as a product lead in the deployment of CSOC solutions to agency partners. Implement Federated Identity and Access Management systems, Edge Computing Networks and Zero Trust architectures by working with internal and external collaborators. Knowledge, Skills, and Abilities: Demonstrated experience, hands-on implementing or configuring cybersecurity tools and solutions. Deep and wide knowledge of cybersecurity concepts, frameworks and governance, and policy. Strong attention to detail and excellent problem-solving skills. Strong organization skills necessary to manage and coordinate across multiple teams with varying levels of technical and non-technical understanding of incident response procedures. Desirable Skills: Experience configuring network, server, and or systems. Programming experience across multiple languages. Database experience, administrative and/or programming. Prior experience in threat hunting, security monitoring and analysis, incident response, penetration testing, vulnerability management and risk assessment, cyber threat intelligence, or similar cyber security role. Ability to troubleshoot and solve complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Knowledge of network security and upper layer protocols. Ability to review system changes for security implications and recommending improvements. Ability to multi-task with a calm demeanor and work under pressure in a fast-paced environment. Qualifications: Desirable education: Undergraduate degree in engineering, computer science, or information technology. Graduate degree preferred. Highly desirable certifications: CISSP-ISSEP, SSCP, CASP. Desirable certifications: Security+, CISSP, CEH, CCSP, CISM, CISA, GSEC, CISSP-ISSAP, CISSP-ISSMP, GCIH, OSCP. Our Organization and Mission: The Department of Management Services (DMS) is a customer-oriented agency responsible for managing the various business and workforce-related functions of state government. Under the direction of Governor Ron DeSantis and the DMS Executive Leadership Team, the agency oversees the real estate, procurement, human resources, group insurance, retirement, technology, telecommunications, private prisons, fleet and federal property assistance programs utilized throughout Florida s state government. It is against this backdrop that DMS strives to demonstrate its mission, We serve those who serve Florida. Under the leadership of DMS Secretary Pedro Allende, DMS employees embody four pillars on a daily basis: lead by example, serve with excellence, create efficiencies and challenge the status quo. Special Notes: DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses: [email protected] [email protected] An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation. Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes, and the Federal Bureau of Investigation s CJIS Security Policy CJISD-ITS-DOC-08140-4.5 Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors invoices or distribution of warrants to vendors are mandated to process, resolve, and comply as section 215.422 requires The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation. The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.