"Information Security Specialist I or II - ITS Information Security"

JOB DESCRIPTION

Information Security Specialist I
This is a technical position responsible for assisting with efforts to defend against hacking and other malicious attempts to penetrate the university’s network. Responsible for assisting in supporting intrusion detection hardware, software, and monitoring tools on the network that will detect intrusions and penetration attempts. Works under general supervision, with moderate latitude for the use of initiative and independent judgment. Reports to the Chief Information Security Officer.

Information Security Specialist II
This is a technical position responsible for coordinating efforts to defend against hacking and other malicious attempts to penetrate the university’s network. Responsible for supporting intrusion detection hardware, software, and monitoring tools on the network that will detect intrusions and penetration attempts. Assists in developing, creating, and maintaining policies and procedures related to the area of responsibility. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. Reports to the Chief Information Security Officer.

QUALIFICATIONS

Completion of at least two years of college coursework or an Associate’s degree in computer science or a related field is required. Related experience may be substituted for required education on a basis set forth by the Department of Human Resources.

Information Security Specialist I
Two years of related experience is required. Experience working on network hardware and software including experience with TCP/IP at the protocol level and Ethernet is required. Experience in system administration is preferred.

Information Security Specialist II
Five years of related experience is required. Experience managing network equipment or security appliances is required. Experience working on network hardware and software including substantial experience with TCP/IP at the protocol level and Ethernet is required. Experience in system administration is required. Experience in higher education is preferred.

ESSENTIAL JOB FUNCTIONS

Information Security Specialist I

1. Assists in supporting firewalls, physical security, encryption, authentication, and other security related tools.
2. Monitors the external and internal network, intrusion detection system reports, and real time information.
3. Assists in coordinating risk assessment; compiles reports.
4. Assists in coordinating computer incident response efforts, including investigation, evidence gathering, recovery assessment, patch updates, and CERT notifications.
5. Tracks security patches and incidents and relays relevant information to departmental management.
6. Assists in maintaining departmental website.
7. Assists in the management of the Endpoint Protection solution for the university.
8. Performs periodic scans of campus systems and advises administrators of system vulnerabilities.
9. Provides security documentation related to the area of responsibility.
10. Assists in developing, supporting, and implementing departmental and university policy.
11. Assists coordinating with the campus network administrator on projects affecting core services.

Information Security Specialist II

• Assists with developing and defining the general information systems security strategy.
• Monitors the external and internal network, intrusion detection system reports, and real time information.
• Manages the firewall, including creating an auditing firewall rules.
• Coordinates responses to information security incidents on campus, including investigation, evidence gathering, and remediation.
• Assists in creating, reviewing, and maintaining university and departmental policies in accordance with applicable laws and security standards.
• Manages the external controlled penetration test scans and web application vulnerability scans for the university; performs periodic internal scans on sections of the network.
• Assists in creating, maintaining, and implementing the information security program, data standards, and security control standards catalog for the university.
• Coordinates risk assessment and compiles reports for executive management.
• Performs reporting to the state for security incidents, annual risk assessments, and the information security program.
• Assists in the creation and management of the data categorization process for the university.
• Assists with PCI audits and general IT audits.
• Manages the security information event management systems, file integrity monitoring systems, data loss prevention systems, and endpoint protection solution for the university.
• Tracks security patches and incidents and relays relevant information to the appropriate parties on campus.
• Assists in maintaining departmental disaster recovery plan.
• Analyzes and evaluates software and hardware solutions in conjunction with the Project Management Office for compliance with university information technology policies and security best practices.

NON-ESSENTIAL JOB FUNCTIONS

1. Performs other related duties as assigned

REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES

The individual must possess the following knowledge, skills, and abilities or be able to explain and demonstrate that the individual can perform the essential functions of the job, with or without reasonable accommodation.

Information Security Specialist I

1. Knowledge of, or the ability to learn, university policies and procedures.
2. Knowledge of, or the ability to learn, federal, state, and local laws, statutes, regulations, codes, and standards related to the area of responsibility, including TAC 202, DIR, PCI, FERPA, HIPAA, and NIST 800.
3. Knowledge of network systems and network integration, including: firewalls, routers, DNS, DMZ, and VPN.
4. Knowledge of security technology and security policies and procedures related to the area of responsibility.
5. Knowledge of authentication, authorization, access control, detection, and auditing as it relates to the area of responsibility.
6. Ability to communicate effectively in both oral and written form.
7. Ability to maintain effective relationships.
8. Ability to work successfully as a member of a team and independently with moderate supervision.

Information Security Specialist II

• Knowledge of, or the ability to learn, university policies and procedures.
• Knowledge of federal, state, and local laws, statutes, regulations, codes, and standards related to the area of responsibility, including TAC 202, DIR, PCI, FERPA, HIPAA, and NIST 800.
• Knowledge of network systems and network integration, including: firewalls, routers, DNS, DMZ, and VPN.
• Knowledge of security technology and security policies and procedures related to the area of responsibility.
• Knowledge of authentication, authorization, access control, detection, and auditing as it relates to the area of responsibility.
• Organizational skills in managing projects simultaneously while maintaining a satisfactory work product.
• Ability to communicate effectively in both oral and written form.
• Ability to establish and maintain a good rapport with university faculty and staff, students, and the general public.
• Ability to identify problems, evaluate alternatives, and recommend effective solutions.
• Ability to work successfully as a member of a team and independently with limited supervision.
• Ability to supervise others.

SPECIAL INSTRUCTIONS TO APPLICANT

Salary grade varies with position level:
Information Security Specialist I - 57 Information Security Specialist II - 55

SPECIAL CONDITIONS OF EMPLOYMENT

Stephen F. Austin State University recognizes the potential for accidents in performing job-related tasks. SFA promotes a safe working environment. Employees will be responsible for completing assigned tasks safely and efficiently. Employee evaluations will include safe job performance.

This is a security-sensitive position subject to criminal record check.
This is a safety-sensitive position subject to drug and alcohol testing.
This is an IT-sensitive position subject to the Computer and Network Security policy.
Any person occupying this position must be able to maintain the security and integrity of any elements of the state’s critical infrastructure to which they have access.