Security Engineering Information Technology Apprentice/Infrastructure Specialist Associate

Security Engineering Information Technology Apprentice/Infrastructure Specialist Associate State of Ohio - Administrative Services - 3.7 Columbus, OH Job Details Full-time $24.16 - $25.77 an hour 2 hours ago Benefits Paid holidays Health insurance Dental insurance Paid time off Vision insurance Loan forgiveness Life insurance Qualifications Computer operation Network troubleshooting Technical documentation Computer hardware Technical writing IT services information & network security Vulnerability management IP networking Client-server architecture

Full Job Description What You'll Do:

Works under immediate supervision & requires some knowledge of information technology in order to assist Office of Information Security and Privacy staff for assigned program area during rotation: Security Engineering Assists in providing support, administration, and maintenance necessary to ensure effective and efficient information security systems Assists in conducting technology assessment and integration process Provides and supports a prototype capability and/or evaluates its utility Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions Provides guidance to customers about applicability of information systems to meet business needs Assists to develop and conduct test of systems to evaluate compliance with specification and requirements by applying principles and methods for cost-effective planning, evaluation, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating IT. Security Incident Response Team Assists in investigation of cybersecurity events related to information technology (IT) systems, networks, and digital evidence Assists to identify, analyze, and mitigate threats to internal information technology (IT) systems, and/or networks Assists to test, maintain, and review infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and re-sources Monitors network to actively remediate unauthorized activities. Assists in the response to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security Risk and Compliance Assists in performance of security reviews, to identify gaps in security architecture, and develop a security risk management plan Assists in reviewing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network Assists with review of qualifications of the cloud service providers to thoroughly vet cloud vendors Assists in performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) on new systems and applications for initial installations and major updates Vulnerability Management Assists in conducting assessments of threats and vulnerabilities; determining deviations from acceptable configurations, enterprise or local policy; assessing the level of risk and determining appropriate mitigation countermeasures in operational and nonoperational situations Assists in the measuring the effectiveness of defense-in-depth architecture against known vulnerabilities Supports penetration testing on networks, systems or elements of systems Assists to identify systemic security issues based on the analysis of vulnerability and configuration data Assists in the preparation of vulnerability reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions Why Work for the State of Ohio At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees•. For a list of all the State of Ohio Benefits, visit our Total Rewards website!

Our benefits package includes:

Medical Coverage Free Dental, Vision and Basic Life Insurance premiums after completion of eligibility period Paid time off, including vacation, personal, sick leave and 11 paid holidays per year Childbirth, Adoption, and Foster Care leave Education and Development Opportunities (Employee Development Funds, Public Service Loan Forgiveness, and more) Public Retirement Systems (such as OPERS, STRS, SERS, and HPRS) & Optional Deferred Compensation (Ohio Deferred Compensation) Benefits eligibility is dependent on a number of factors. The Agency Contact listed above will be able to provide specific benefits information for this position.

Qualifications Minimum Qualifications:

Apprentice:

1 course or 2 months experience in Information Systems/Information Technology, or a related field including but not limited to:

Software Engineering/Development, Data Analytics/Business Intelligence, Database Administration, Network, IT Security and Help Desk/Customer Support Associate:

18 months combined work exp. &/or trg. In any combination of the following: installing, monitoring/maintaining, configuring, upgrading, &/or administering/operating a single technology domain. Or successful completion of IT Apprenticeship program at designated agency. Or completion of associate core program in computer science or information systems

Knowledge of:

Computer hardware and software Ticketing software (e.g. Service Now)

• Customer Service techniques and standards
• State IT policies, procedures and applicable laws
• Operations and processes for diagnosing common or recurring system problems
• Computer Network Defense and vulnerability assessment tools, including open source tools, and their capabilities
• Current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities
• Database procedures used for querying security tools to gather information
• Classes of attacks (e.g., passive, active, insider, close-in, distribution, etc.)
• Different operational threat environments (e.g., first generation [script kiddies], second generation [non- nation state sponsored], and third generation [nation state sponsored])
• Electronic devices (e.g., computer systems/components, access control devices, digital cameras, electronic organizers, hard drives, memory cards, modems, network components, printers, removable storage devices, scanners, telephones. How traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System Interconnection Model (OSI)
• Incident response and handling methodologies
• System and application security threats and vulnerabilities
• Personally Identifying Information (PII) System and application security threats and vulnerabilities
• Operations and processes for diagnosing common or recurring system problems
• Principal methods, procedures, and techniques of gathering information and producing, reporting, and sharing intelligence
• Organization's core business/mission processes
• Skill in: Technical writing and documentation practices (e.g standard operating procedures, training documents, work flow diagrams)
• Reading/verbal comprehension (i.e. comprehend and apply written & verbal instructions) Operating PC Hardware and Software (e.g. MS Word, Excel, PPT, Outlook) Critical thinking (i.e. impact analysis, troubleshooting) Conducting open source research for troubleshooting network and client-server issues
• Basic operation of computers Using network analysis tools to identify vulnerabilities
• Preserving evidence integrity according to standard operating procedures or national standards
• Securing network communications

Abilities:

Communication (e.g. Oral, Written, Active Listening) Problem sensitivity/problem solving Time Manage (e.g. organization and prioritization) Active learning Match the appropriate knowledge repository technology for a given application or environment

• Identify systemic security issues based on the analysis of vulnerability and configuration data
• Accurately define incidents, problems, and events in the trouble ticketing system
• Apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Share meaningful insights about the context of an organization's threat environment that improve its risk management posture
• Developed after employment Supplemental Information When completing your online Ohio Civil Service Application, be sure to clearly describe how you meet the qualifications outlined on this job posting.

All answers to the supplemental questions must be supported by the work experience/education provided on your civil service application. If you require a reasonable accommodation for the application process, please email the Human Resources contact on this posting so arrangements can be made ADA Statement Ohio is a Disability Inclusion State and strives to be a model employer of individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs, and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws. Drug-Free Workplace The State of Ohio is a drug free workplace which prohibits the use of marijuana (recreational marijuana/non-medical cannabis). Please note, this position may be subject to additional restrictions pursuant to the State of Ohio Drug-Free Workplace Policy (HR-39), and as outlined in the posting.