CYBER SECURITY ENGINEER III - CERTIFIED
Apply NowCompany: Abacus Service Corporation
Location: Henderson, NV 89052
Description:
Task Order Number
01122022
Task Order Name
Contract to Hire Information Security Engineer III - Certified position
Category
4 - Computer Systems Security Services
Job Classification
CYBER SECURITY ENGINEER III - CERTIFIED
Class Code - 001268
PURPOSE
Under minimal supervision, architects, installs, configures, operates, implements, and maintains information security systems and operational processes. Manages cyber security incident response, vulnerability assessment, cyber security training, and Managed Security Services Programs; and performs related duties as assigned.
ESSENTIAL FUNCTIONS
Task Order Description
This is a contract to hire position. Candidates must meet the Minimum Requirements
nd have competencies in the Knowledge, Skills, and Abilities defined in the above job
description. Candidates will be assigned specific job duties and assignments to be
completed within the first six months (evaluation period). Upon successful completion
of assigned job duties and assignments, successfully completing a thorough
background check (Local, State, Federal) and other City of Henderson hiring requirements,
the candidate will be offered a full-time position with a tangible career path.
Regardless of the approach, candidates must:
The selection process will include:
Based on the requirements defined in this Task Order, the vendor will pre-screen all
candidates to ensure they meet minimum qualifications in the position description and
have the required and desired experience.
The City will review all proposed candidate applications and will inform the vendor of the
candidates that are invited to move forward in the selection process.
The proposed candidates selected to move forward in the selection process will be required
to take a quick test. The City will provide the test to the vendor and the vendor will issue
nd proctor the test to the selected candidates.
Priority
High
Estimated Start Date
SAP
Estimated Duration
6 months
Work Schedule
M-Th, 7:30am to 5:30 pm except City holidays, eligible for 1 day a week telecommute after 60 days
Location of Work
240 S. Water Street, Henderson, NV 89015 (City Hall)
Deliverables
n/
Required
Skills and Experience
Contained in the Minimum Qualifications and Knowledge, Skills and Abilities areas in the Job Classification section above. Emphasis should be given to experience in the compliance and risk assessment areas.
Desired
Skills and Experience
Contained in the Minimum Qualifications and Knowledge, Skills and Abilities areas in the Job Classification section above. Emphasis should be given to experience in the compliance and risk assessment areas.
Payment for Services
Vendor may submit invoices for services rendered on a monthly basis. Invoices must identify the resource name, hourly rate, hours worked, total cost and a short description of services provided.
Task Order Point of Contact Name Phone Number Email Address Shirley Wallace 702-267-4307 Shirley.wallace@cityofhenderson.com
Project Point of Contact Name Phone Number Email Address Terry Daus 702-267-4260 Terry.Daus@cityofhenderson.com
Process Overview
For each staffing services request, an 'initial' Task Order must be completed and sent to the Senior Administrative Analyst. The Senior Administrative Analyst reviews the Task Order to ensure it is complete and accurate. An initial Task Order includes all information except the Task Order Number which is assigned by the Senior Administrative Analyst. The Senior Administrative Analyst assigns the number. Based on the Task Order category type, the Senior Administrative Analyst sends the Task Order to selected vendors for review and submittal of resource resumes. The Senior Administrative Analyst receives resource resumes from the vendors and forwards to the Project Point of Contact and selection team (division manager or designee) for review. The Project Point of Contact reviews the resumes and informs the Senior Administrative Analyst what vendor staff they want to interview. The Senior Administrative Analyst coordinates interviews with the vendor, resources and Project Point of Contact. The interviews are conducted by the Project Point of Contract and Division Manager or designee, The Project Point of Contact and the Division Manager or designee selects the appropriate vendor staff and informs the Senior Administrative Analyst of the selection. The Senior Administrative Analyst completes the 'formal' Notice to Proceed letter and submits to the selected vendor for execution.
Usage Instructions
Task Order Number - Unique identifier of the Task Order assigned by administrative support staff (fy-###, 09-001).
Task Order Name - Identify the name of the project the services will be supporting (ie., PeopleSoft Absence Management, Technical Writing, Open Desktop Deployment, etc.).
Category - Identify the category number and name from which services are being requested.
Category Number
Service Category pplication Development Support Services Computer Programming Services Computer Systems Analysis Support Services Computer Systems Security Services Database Management Services Desktop Support Services Electronic Document Management System (EDMS ) Services Electronic Commerce/EDI Services GIS Support Services Help Desk Support Services IT Business Analyst Services IT Support Staff Services (Operations) IT Training Services Network Support Services Network Security Services Professional Services Project Management Services Quality Assurance Support Services Report Writing/Development Services Strategic Planning Support Services Telecommunications Services Unix Administration Support Services Website Administration and Content Management Support Services Windows Administration Support Services Wireless Networking Services
Job Classification - Identify the job title from the vendor's services list that best fits the services you need (i.e., Windows Administrator, Information Security Specialist, etc.). If vendors have different job titles, use the one with the best fit and aligns with all titles or provide a generic title that aligns with all titles.
Task Order Description - Provide a brief explanation of the project the services will be supporting.
Priority - Identify if this is Normal or Urgent priority. This indicates to the vendor that the turn-around time needs to be of normal duration or a bit quicker.
Estimated Start Date - Identify the date you wish to have services start.
Estimated Duration - Identify, in weeks, how long the services are required.
Work Schedule - Identify the work schedule for the services to be provided (i.e., Mon-Thurs, 7:30a - 5:30p).
Location of Work - Identify the location at which the services will be provided (i.e., 240 Water Street, City Hall).
Deliverables - Identify the work products to be produced by the services (i.e., Requirements Documents (format to be provided), Architectural Design and As-builts Documents (format to be provided), Installation Instructions, etc.).
Required Skills and Experience - Identify the years of experience and the skill set the services must provide. These are the minimum requirements (i.e., 5+ years of experience with C# .Net developing business applications; Use of Team Foundation Server for source code control and automated testing; Ability to interview users for functional requirements and document those requirements; Ability to create application Test Plans, etc.).
Desired Skills and Experience - Identify any additional experience and skills the services should provide. These are the additional requirements that will make a resource more desirable and valuable.
Task Order Point of Contact - This is always the Senior Administrative Analyst.
Project Point of Contact - Identify the name, phone number and email address of the person submitting the Task Order.
01122022
Task Order Name
Contract to Hire Information Security Engineer III - Certified position
Category
4 - Computer Systems Security Services
Job Classification
CYBER SECURITY ENGINEER III - CERTIFIED
Class Code - 001268
PURPOSE
Under minimal supervision, architects, installs, configures, operates, implements, and maintains information security systems and operational processes. Manages cyber security incident response, vulnerability assessment, cyber security training, and Managed Security Services Programs; and performs related duties as assigned.
ESSENTIAL FUNCTIONS
- cts as compliance subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs
- Oversees the daily operations of the Managed Security Services Program (MSSP) and vendor relationship, and Security Information and Event Management (SIEM) platforms
- Leads and/or participates in the definition, identification, evaluation, and selection of security technologies, techniques, and tools, manages relationships, and negotiates with vendors, outsourcers, and contractors to obtain security-related services and products
- Leads the Cyber Security Incident Response technical team and maintains awareness of security and privacy legislation, regulations, advisories, alerts, and vulnerabilities that apply to the City and its mission and makes recommendations for changes or enhancements
- Conducts annual audits and updates the Cyber Security Incident Response Plan Technical Handling Guides
- cts as a security operations subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs and provides escalation support for non-routine security anomalies and incidents
- Manages the City's technical compliance programs for Nevada Revised Statutes (NRS), Payment Card Industry (PCI-DSS), Criminal Justice Information Services (CJIS) Policy, and the Health Insurance Portability and Accountability Act (HIPAA) as well as the cyber security training program, including executive reporting
- Manages vulnerability assessments program to identify security architectural, policy, and procedural gaps as they relate to operational security and risk and makes recommendations to mitigate overall risk
- Responsible for the development and maintenance of security policies, procedures, and guidelines as they relate to compliance, operations, and security best practices
- Manages and coordinates the City's technical compliance programs; manages the responses to requests for legal holds, public records requests, and confidential investigations
- Bachelor's Degree from an accredited college or university in Computer Science, Information Technology, Information Security, or a related field
- Five (5) years of experience in Cyber Security with an emphasis in analysis and incident response which includes:
- Three (3) years of experience providing information security services in a highly regulated environment such as payment card industry, law enforcement or healthcare (PCI-DSS, CJIS, HIPAA); or
- Three (3) years of experience supervising, developing, and supporting information security programs
- Note: An equivalent combination of related training and experience may be considered
- Must possess a current (ISC) 2 Certified Information Systems Security Professional (CISSP) certification at time of hire
- Must possess or obtain within six (6) months of hire the Payment Card Industry (PCI) Internal Security Assessor (ISA) certification OR the GIAC - Certified Incident Handler (GCIH) certification
- Must possess or obtain within two (2) years of hire at least three (3) of the below certifications and maintain them as a condition of continued employment.
- (ISC)2 - HealthCare Information Security and Privacy Practitioner HCISPP
- (ISC)2 - Certified Cloud Security Professional CCSP
- ISACA - Certified in Risk and Information Systems Control CRISC
- ISACA - Certified Information Systems Auditor CIS
- ISACA - Certified Information Security Manager CISM
- GIAC - Certified Forensic Analyst GCF
- GIAC - Certified Enterprise Defender GCED
- GIAC - Certified Forensic Examiner GCFE
- Splunk - Enterprise Certified Admin
- Must pass a nationwide fingerprint-based record check, and a wants/warrants check.
- Must complete Security Awareness and National Crime Information Center (NCIC)/Nevada Criminal Justice Information System (NCJIS) certification within six months of hire/transfer and be recertified every two years. Must maintain certifications in NCIC/NCJIS as a condition of continued employment
- Desirable: Master's Degree in a related field
- Desirable: Familiarity with legal hold processes and requirements
- Desirable: Splunk operations and administration experience
- Desirable: Any of the following certifications:
- GIAC - Cloud Security Essentials GCLD
- GIAC - Cyber Threat Intelligence GCTI
- GIAC - Continuous Monitoring Certification GMON
- GIAC - Network Forensic Analyst GNF
- GIAC - Reverse Engineering Malware GREM
- GIAC - Defending Advanced Threats GDAT
- GIAC - Certified Detection Analyst GCD
- GIAC - Defensible Security Architecture GDS
- GIAC - Certified Windows Security Administrator GCWN
- GIAC - Open-Source Intelligence GOSI
- ISACA - Certified Information Systems Auditor CIS
- Splunk - Enterprise Certified Admin
- Thorough knowledge of federal, state, local, and other information security regulations and compliance requirements which include PCI and HIPAA; vendor management, security product selection, configuration, and monitoring processes; the principles and practices of project management; security strategies and technologies; scripting languages; routing, switching, and bridging in LAN & WAN environments; access methods and network topologies, Windows and Linux server administration; incident response procedures and standards; designing and implementing security controls to identify vulnerabilities and protect electronic infrastructures; building, maintaining, and upgrading security technologies
- Good knowledge of security standards, regulations, and best practices; incident response procedures and standards; network-based and system-level attacks and mitigation methods; financial impact analyses processes and procedures; and secure configuration of workstation operating systems and software; DNS, DHCP and NTP; financial impact analysis processes and procedures
- bility to analyze and define problem sources and conceptualize practical solutions based on the computing environment; organize and prioritize a series of requests based on dynamic factors; plan and implement solutions with foresight and consideration of future computing environments; diagnose and resolve complex computer-related issues; analyze programs, policies, and operational needs, and identify and recommend alternatives and improvements; communicate effectively with individuals from various socioeconomic, ethnic, and culturally diverse backgrounds; and establish and maintain effective and positive working relationships with those contacted in the course of work.
- FLSA Status: Exempt
- Wage Assignment: Pay Band 2
- Supervisory classification: No
- EEO 4 Category: Professionals
- For work environment and physical requirements click here
Task Order Description
This is a contract to hire position. Candidates must meet the Minimum Requirements
nd have competencies in the Knowledge, Skills, and Abilities defined in the above job
description. Candidates will be assigned specific job duties and assignments to be
completed within the first six months (evaluation period). Upon successful completion
of assigned job duties and assignments, successfully completing a thorough
background check (Local, State, Federal) and other City of Henderson hiring requirements,
the candidate will be offered a full-time position with a tangible career path.
Regardless of the approach, candidates must:
- Meet the Minimum Requirements.
- Have competencies in the Knowledge, Skills, and Abilities.
- Successfully complete a thorough background check (local, state, federal) and
- Successfully complete probationary period assignments.
The selection process will include:
- Vendor pre-screening based on required and desired knowledge, skills and abilities.
- COH review and selection of proposed candidates to move forward in the
- selection process.
- Vendor proctored exam.
- COH selection interview.
Based on the requirements defined in this Task Order, the vendor will pre-screen all
candidates to ensure they meet minimum qualifications in the position description and
have the required and desired experience.
The City will review all proposed candidate applications and will inform the vendor of the
candidates that are invited to move forward in the selection process.
The proposed candidates selected to move forward in the selection process will be required
to take a quick test. The City will provide the test to the vendor and the vendor will issue
nd proctor the test to the selected candidates.
Priority
High
Estimated Start Date
SAP
Estimated Duration
6 months
Work Schedule
M-Th, 7:30am to 5:30 pm except City holidays, eligible for 1 day a week telecommute after 60 days
Location of Work
240 S. Water Street, Henderson, NV 89015 (City Hall)
Deliverables
n/
Required
Skills and Experience
Contained in the Minimum Qualifications and Knowledge, Skills and Abilities areas in the Job Classification section above. Emphasis should be given to experience in the compliance and risk assessment areas.
Desired
Skills and Experience
Contained in the Minimum Qualifications and Knowledge, Skills and Abilities areas in the Job Classification section above. Emphasis should be given to experience in the compliance and risk assessment areas.
Payment for Services
Vendor may submit invoices for services rendered on a monthly basis. Invoices must identify the resource name, hourly rate, hours worked, total cost and a short description of services provided.
Task Order Point of Contact Name Phone Number Email Address Shirley Wallace 702-267-4307 Shirley.wallace@cityofhenderson.com
Project Point of Contact Name Phone Number Email Address Terry Daus 702-267-4260 Terry.Daus@cityofhenderson.com
Process Overview
Usage Instructions
Task Order Number - Unique identifier of the Task Order assigned by administrative support staff (fy-###, 09-001).
Task Order Name - Identify the name of the project the services will be supporting (ie., PeopleSoft Absence Management, Technical Writing, Open Desktop Deployment, etc.).
Category - Identify the category number and name from which services are being requested.
Category Number
Service Category pplication Development Support Services Computer Programming Services Computer Systems Analysis Support Services Computer Systems Security Services Database Management Services Desktop Support Services Electronic Document Management System (EDMS ) Services Electronic Commerce/EDI Services GIS Support Services Help Desk Support Services IT Business Analyst Services IT Support Staff Services (Operations) IT Training Services Network Support Services Network Security Services Professional Services Project Management Services Quality Assurance Support Services Report Writing/Development Services Strategic Planning Support Services Telecommunications Services Unix Administration Support Services Website Administration and Content Management Support Services Windows Administration Support Services Wireless Networking Services
Job Classification - Identify the job title from the vendor's services list that best fits the services you need (i.e., Windows Administrator, Information Security Specialist, etc.). If vendors have different job titles, use the one with the best fit and aligns with all titles or provide a generic title that aligns with all titles.
Task Order Description - Provide a brief explanation of the project the services will be supporting.
Priority - Identify if this is Normal or Urgent priority. This indicates to the vendor that the turn-around time needs to be of normal duration or a bit quicker.
Estimated Start Date - Identify the date you wish to have services start.
Estimated Duration - Identify, in weeks, how long the services are required.
Work Schedule - Identify the work schedule for the services to be provided (i.e., Mon-Thurs, 7:30a - 5:30p).
Location of Work - Identify the location at which the services will be provided (i.e., 240 Water Street, City Hall).
Deliverables - Identify the work products to be produced by the services (i.e., Requirements Documents (format to be provided), Architectural Design and As-builts Documents (format to be provided), Installation Instructions, etc.).
Required Skills and Experience - Identify the years of experience and the skill set the services must provide. These are the minimum requirements (i.e., 5+ years of experience with C# .Net developing business applications; Use of Team Foundation Server for source code control and automated testing; Ability to interview users for functional requirements and document those requirements; Ability to create application Test Plans, etc.).
Desired Skills and Experience - Identify any additional experience and skills the services should provide. These are the additional requirements that will make a resource more desirable and valuable.
Task Order Point of Contact - This is always the Senior Administrative Analyst.
Project Point of Contact - Identify the name, phone number and email address of the person submitting the Task Order.