Red Team Engineer (Enterprise Information Security Professional 1)

Job Description

About Us:

The Ohio Department of Administrative Services (DAS), Office of Information Technology (OIT) is seeking an experienced and motivated professional to serve as a Red Team Engineer (Enterprise Security Professional 1) for the Office of Information Security and Privacy (OISP) team within the Office of Information Technology at DAS.

Led by Director Kathleen C. Madden, the Ohio Department of Administrative Services is the engine of state government, providing innovative solutions and supporting the efficient operation of state agencies, boards and commissions. The Office of Information Technology at DAS delivers information technology (IT) and telecommunication services to State of Ohio agencies, boards and commissions.

What You'll Do:

Under general supervision in the Office of Information Security and Privacy, identifies weaknesses in the State's security controls as well as the State's detection and response capabilities by:

• Conducts exercises emulating adversaries' operations.
• Identifies and uncovers misconfigurations in the State's network.
• Evaluates the security of the State's websites to discover otherwise unknown security issues.
• Conducts penetration tests and/or coordinates with external penetration testing partners to verify vulnerabilities are exploitable.
• Presents findings to stakeholders and advises on corrective measures on vulnerabilities.
• Engineers offensive security solutions to exploit IT infrastructure and application weaknesses.
• Collaborates with other technical resources to develop and implement mitigation strategies for discovered vulnerabilities.
• Monitors and evaluates the effectiveness of the enterprise's cybersecurity safeguards vis-à-vis findings to ensure that findings from exercise are adequately addressed.
• Identifies, collects, and reports metrics related to progress, operations, and findings.
• Works with agencies on requests for regulatory penetration testing to ensure that their testing is adequate.
• Conducts efforts to evaluate, recommend & implement IT security standards & best practices to remediate discovered vulnerabilities.
• Conducts threat or target analysis of cyber defense information and production of threat information within the enterprise.

Performs other duties as assigned.

Position may require flexible schedule to include evening, weekends or call-in to meet urgent business needs.

What's in it for you:

At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website ! Our benefits package includes:

Medical Coverage

• Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans.

Dental, Vision and Basic Life Insurance

• Dental, vision, and basic life insurance premiums are free after completed eligibility period . Length of eligibility period is dependent on union representation.

Time Away From Work and Work/Life Balance

• Paid time off, including vacation, personal, and sick leave
• 11 paid holidays per year
• Childbirth/Adoption leave

Employee Development Funds

• The State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.

Ohio Public Employees Retirement System

• OPERS is the retirement system for State of Ohio employees. The employee contributes 10% of their salary towards their retirement. The employer contributes an amount equal to 14% of the employee's salary. Visit the OPERS website for more information.

Deferred Compensation

• The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.

Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.

Qualifications

Minimum Qualifications:

Completion of undergraduate core coursework in computer science; 12 mos. trg. or 12 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.

-Or 12 mos. exp. as Information Technology Apprentice, 69910; successful completion of Ohio Cyber Apprenticeship program; additional 12 mos. trg. or exp. in Information Systems/Information Technology with a focus in one of the following areas: Software Engineering/Development, Data Analytics/Business Intelligence, Database Administration, Network, IT Security, and Help Desk/Customer Support.

-Or equivalent of Minimum Class Qualifications for Employment noted above. Note: The Ohio Cyber Apprenticeship program is a program offered by the Department Administrative Services. 2000 hrs. of on the job experience and 200 certified instructional credits must be earned in order to complete this program.

Job Skills: Cybersecurity, Information Technology, Critical Thinking

Knowledge:

1. Computer science, computer security best practices

2. Cyber security policy development and business/IT planning

3. Network security measures, equipment & software

4. Federal statutes, laws, regulations, policies, & guidelines pertaining to computer security

5. Technical writing techniques

6. TCP/IP protocols and computer hardware systems

7. Integration of firewalls, intrusion detection/prevention systems, users' authentication systems, virtual private networks

8. Computer networking both wired & wireless

9. Disaster recovery planning

10. Security architecture

11. Division & agency policies & procedures

12. Information security program management and project management principles and techniques.

13. Enterprise incident response program, roles, and responsibilities.

14. Penetration testing principles, tools, and techniques

15. `Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Skills

1. Operation of personal computer & associated hardware/software

2. Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes

3. Use of penetration testing tools and techniques

4. Use of social engineering techniques

5. Use of vulnerability scanning tools

6. Software development and scripting

Abilities:

1. Interpret extensive variety of technical material in books, manuals, & network/system diagrams

2. Apply techniques for conducting host and network-based intrusions using offensive security technologies

3. Apply techniques for detecting host and network-based intrusions using intrusion detection technologies

Supplemental Information

Applying for Position:

• When completing your online Ohio Civil Service Application, be sure to clearly describe how you meet the minimum qualifications outlined on this job posting .
• All answers to the supplemental questions must be supported by the work experience/education provided on your civil service application.
• If you require a reasonable accommodation for the application process, please email the Human Resources contact on this posting so arrangements can be made.