This position is located within the Office of Information Technology Security (OITS) in the Department of Technology Services (DTS). As a Supervisory Information Technology (IT) Specialist within the DTS, the incumbent is a recognized senior IT security expert within the Judiciary with a strong background in security engineering and a proven record of successfully leading hands on security activities, such as developing security architectures, assessing management, operational, and technical controls, providing actionable advice to improve IT security, and directing teams in fulfillment of security objectives. The incumbent will ensure the confidentiality, integrity, and availability of systems, networks, and data across the system development lifecycle, and create, promote, and adhere to standardized, repeatable processes for the delivery of security engineering services. The incumbent will perform multiple and varying assignments under the direction of the Chief, Office of Information Technology Security (OITS).
Duties include, but are not limited to the following:
1. Establishing, directing, and promoting the security engineering services available through the OITS;
2. Supervising Security Engineering Division staff, which includes responsibility for developing and managing the divisions budget, staffing plan, work assignment distribution, and work plans/schedules as well as conducting performance reviews, making decisions on work problems, and resolving conflicts;
3. Leading and developing talented professionals to conceive, design, administer and evaluate new and innovative information technology concepts, approaches, methodologies, techniques, services, guidance, and policies that will constructively transform the information security posture of the Judiciary;
4. Providing technical advisory services to securely design, implement, maintain, or modify information technology systems and networks that are critical to the operation and success of the Judiciary. This includes performing research to identify potential vulnerabilities in and threats to existing and proposed technologies, and effectively explaining the appropriate managers/personnel of the risk potential;
5. Managing and conducting security risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection requirements. Leveraging standard reporting templates, automated security tools, and cross-functional teams to facilitate security assessments;
6. Liaising with program owners, project managers, and other IT and business stake holders to integrate security into the system development life cycle. This includes attending project meetings, educating project stakeholders about security concepts, and creating supporting methodologies and templates to facilitate the inclusion of security requirements and controls. Additionally, serve as subject matter expert on the security documentation process and provide feedback on its completion and appropriateness;
7. Developing and overseeing a security lab capability, which can be leveraged for prototyping secure designs and configurations, testing new security technologies, demonstrating attack techniques, and other related uses;
8. Supporting OITS efforts to develop policies and procedures to ensure information systems reliability and accessibility to prevent unauthorized access to systems, networks, and data;
9. Cultivating relationships with stakeholders (IT managers, system owners, project managers, developers, functional analysts, architects, system administrators, system engineers, network engineers, information system security officers, et al.) within and external to OIT to promote robust security practices. Establishing mechanisms for information sharing and collaborative partnerships;
10. Creating methodologies, templates, guidelines, checklists, and other artifacts to establish repeatablprocesses across the Security Engineering Divisions range of security services;
11. Monitoring the performance of contracts for security-related services and, where applicable, make recommendations for improvement in terms of cost, quality of work, or timeliness of service;
12. Employing extensive knowledge of design patterns used in enterprise applications to design robust and flexible security solutions to protect critical assets and data. Additionally, is able to leverage significant experience with network security controls, such as routers, switches, firewalls, network access controls, and intrusion prevention/detection systems, to coordinate the delivery of holistic security solutions in partnership with network engineering, system development, and other key technical stakeholders.; and
13. Demonstrating strong project management and communication skills.