GENERAL PURPOSE: Under general direction, performs at a senior professional level supporting the operation of the technical controls outlined by the Agency's Information Security Program for its corporate IT infrastructure; evaluates, designs, builds, and documents security solutions; evaluates proposed projects and activities to identify information security risks and available mitigating controls; evaluates systems for compliance with internal policies and standards, as well as applicable regulatory frameworks, recommending solutions to address any gaps; and acts as primary handler in the execution of the incident response plan for IT.
Essential Functions • The following duties ARE NOT intended to serve as a comprehensive list of all duties performed by all employees in this classification, only a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties. • Identifies and assesses technology-related risks to information security associated with current and prospective technology solutions; and recommends appropriate mitigating controls. • Develops technical standards to interpret and implement applicable information security policies and controls; evaluates any prospective technology solution for adherence to documented company standards, policies, and regulatory responsibilities. • Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation and sustainment of systems and services within the enterprise. • Assesses and classifies any identified system vulnerabilities in accordance with pre-defined risk criteria; advises and consults with internal customers on risk assessment, threat modeling and mitigation of vulnerabilities. • Develops Incident Response dashboard and metrics; leads information security incident investigation and response efforts; conducts computer and network forensic investigations in support of incident response activities; performs root?cause analysis when incidents occur and prepare incident reports. • Evaluates, implements, and supports security-focused tools and services required to support information security controls. • Assists in promoting a culture of information security at Sound Transit. • Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats. • Interacts with penetration testers and other external vendors as needed. • Keeps up to date on latest information security trends, "best practices", threats and countermeasures. • Reviews log-based data, both in raw form and utilizing SIEM or aggregation tools.
Minimum Qualifications Education and Experience: Bachelor's Degree in computer science, information technology, business management information systems, with a minimum of 3 years of information systems security (or cyber security) experience, or closely related field; OR an equivalent combination of education and experience.
Required Licenses or Certifications: • Certified Information Systems Security Professional (CISSP), or ability to obtain certification within 12 months of hiring. • Preferred Certifications: CEH, CCFP, GCIH (or other GIAC), CCSP, or others that are considered field-relevant.
Required Knowledge of: • Experience with the application of threat modeling or other risk identification techniques. • Working understanding of Operating System architecture as it relates to the functions of the following components: OS kernel, OS kernel modules and device drivers, memory management, inter-process communication, security subsystem, user account rights, user group rights, system logs, I/O functions, network services, file-system permissions, and application interaction with the Operating System. • Strong understanding of Microsoft OS (Server and Workstation) products. • Technical skills proficiency in the following areas: security information event management, network protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols), system administration, malware (propagation, infection, types), intermediate knowledge of network security controls and technologies (proxy, firewall, IDS/IPS, router/switch, open source information collection platforms), cryptography, Microsoft Active Directory. • Deep knowledge of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics. • Strong understanding of internet-facing, web applications. • Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography. • Good knowledge of information security incident handling and investigation procedures. • Demonstrated skills in conducting forensic analysis of digital evidence, network traffic, managing event analysis/correlation and related incident investigations. • In-depth knowledge of security software threats and vulnerability mitigation techniques. • Working understanding of cloud platforms (Azure, AWS). • Working knowledge of risk-based methodologies and one or more of the following frameworks: ISO 27001/2:2013, PCI-DSS, or NIST 800-53. • Scripting skills (e.g., PowerShell) are desirable. • Project management practices and principles. • Principles of business letter writing and basic report preparation. • English usage, spelling, grammar, and punctuation. • Modern office procedures, methods, and equipment including computers and computer applications such as word processing, spreadsheets, and statistical databases. • Lead/supervisory principles, methods and techniques.
Required Skill in: • Establishing and maintaining effective working relationships with other department staff, management, vendors, and other stakeholders. • Documenting and explaining risks, recommendations, and incident data to technical stakeholders. • Interpreting and administering information security policies, standards and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies. • Generating metrics and preparing reports to facilitate decision-making on security-related activities. • Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports. • Preparing and analyzing complex data and comprehensive reports. • Writing of technical documentation and standards. • Responding to inquiries and in effective oral and written communication. • Researching, analyzing, and evaluating new security processes, products and techniques. • Candidate should have excellent time management skills including the ability to prepare prioritize and complete work plans. • Ability to work effectively and organize priorities independently. • Results oriented, highly organized, proactive and self-motivated. • Working effectively under pressure, meeting deadlines, and adjusting to changing priorities. • Researching, analyzing, and evaluating new service delivery methods and techniques. • Working cooperatively with other departments, Agency officials, and outside agencies.
Physical Demands/Work Environment • Work is performed in a standard office environment. • Subject to standing, walking, bending, reaching, stooping, and lifting of objects up to 25 pounds • The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required.
Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class.