IT Specialist - Cyber Security

CLASS SUMMARY:

The purpose of this position is to increase the overall cybersecurity posture of the organization by identifying and reducing or eliminating technical risk, completing low to moderately complex technical assignments and project-based work.

ESSENTIAL DUTIES:

This class specification represents only the core areas of responsibilities; specific position assignments will vary depending on the needs of the department.

• Maintains all internal cybersecurity-related systems, including but not limited to vulnerability management, intrusion detection/prevention, firewalls, and security information and event management.
• Collaborates within IT and throughout the organization to assess organizational information security risks and identify paths forward in mitigating or remediating those risks.
• Responsible for network security and logging.
• Stays up to date on emerging threats, industry issues and trends, and the global information security landscape.
• Maintains working knowledge of, and recommends changes to, information security policies.
• Participates in external security assessments and penetration testing.
• Participates in the development and testing of business continuity and incident response plans.
• Performs regular vulnerability scans, reviews findings, and remediates as needed.
• Works with internal and external auditors to document, test, and validate various IT controls.
• Creates documentation related to policies, processes, and systems owned by the Cybersecurity team.
• Provides on site or remote access diagnoses and resolution to IT security problems by responding to service desk requests and planned work requests.
• Manages low to medium complexity service requests through resolution or escalation to another team member by performing work in a manner that minimizes disruption to existing business use.
• Effectively communicates changes to the organization or relevant parties as needed.
• Administers the security awareness training and internal simulated phishing campaigns.
• Administers the following:

• Vulnerability management platform
• Next-Gen Firewall(s) (NGFW)
• VPN
• Host-based firewalls
• Network-based Intrusion Detection and Intrusions Prevention system (NIDS/NIPS)
• Security Information and Event Management (SIEM) platform.
• Data Loss Prevention (DLP)
• Endpoint protection (Next-gen Anti-virus (NGAV), Endpoint Detection and Response (EDR/XDR), Host-based Intrusion Detection and Intrusion Prevention Systems (HIDS/HIPS)

• Contributes to team effort by promoting a culture of service and excellence.
• Performs other duties of a similar nature and level as assigned.

TRAINING AND EXPERIENCE:

Associate degree in information technology or a related field to the area of assignment and two years of technology experience designing and maintaining IT security including networks, security, and hardware; or, an equivalent combination of education and experience sufficient to successfully perform the essential duties of the job such as those listed above.

LICENSING/CERTIFICATIONS:

• Maintain Security Identification Display Area (SIDA) clearance.
• Obtain and maintain position appropriate NIMS & emergency training.

KNOWLEDGE OF:

• Identity and Access Management
• Network Security
  • Access Control Lists (ACL)
  • Intrusion Detection and Prevention (IDS/IPS)
  • Firewall administration.
  • Virtual Private Network (VPN)
• Risk Management
• Security Information and Event Management (SIEM)
• Vulnerability Management
• Security Framework(s)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • National Institute of Standards and Technology (NIST)
• Microsoft Active Directory and all associated tools
• File system access controls.
• Endpoint security, including Windows, Linux, macOS, iOS, and Android.
• Microsoft 365 Compliance and Security
• Azure Security

SKILL IN:

• Demonstrated skill in problem resolution and decision making;
• Demonstrated skill in prioritizing and effectively handling multiple projects;
• Maintaining confidentiality, privacy and security of protected information;
• Clearly and effectively communicating, negotiating and advocating, both orally and in writing;
• Use of a variety of computer-based technologies including word processing and spreadsheets and those specific to job duties;
• Establishing and maintaining effective, fair, cooperative, collaborative and respectful relationships with internal and external colleagues, peers, work teams and workgroups.

ADA AND OTHER REQUIREMENTS:

Positions in this class typically require: climbing, balancing, stooping, kneeling, crouching, reaching, fingering, grasping, standing, walking, talking, hearing, seeing and repetitive motions.

Heavy Work: Exerting up to 10 pounds of force occasionally, and/or up to 50 pounds of force frequently and/or in excess of 20 pounds of force constantly to move objects.

BENEFITS: (Full Time Positions)

• Competitive medical, dental, vision and life insurance coverage options. CVGAA offers a $0 premium medical plan option and does not charge a working spouse surcharge. Health Savings Account, Wellness programs and up to $2,500 a year in employer contributions to qualified childcare expenses.
• Employer and employee contributions to KY Public Pension Authority retirement plan
• 401(k) and 457 options
• Generous paid time off including 10 holidays a year
• Employee Assistance Program
• Tuition Reimbursement and Professional Development programs
• Performance Reward Program

Don't meet every requirement?

If you are excited to make a positive impact for our region, but your experience doesn't align perfectly, we encourage you to apply. You may be the right candidate for CVG Airport Authority, whether it be this role or another.