Location: Northeastern Regional Information Center - 900 Watervliet-Shaker Road
The work involves responsibility for assessing, testing, reporting and recommending appropriate remediation measures within the information security and systems architecture of the Capital Region BOCES/ Northeastern Regional Information Center (NERIC) Data & Network Operations Center including end user networks and devices. This class differs from that of an Information Security Analyst by virtue of the fact that a Senior Information Security Analyst position may exercise leading the work of others. The incumbent will ensure information security access management, processes and industry standards are followed and maintained. The incumbent may assist BOCES Network Services personnel with identifying and troubleshooting issues relating to information security. Employees in this classification are tasked with assisting administration with internal investigations. Work is performed under the general supervision of a BOCES Supervisor. Does related work as required.
1. Leads the information and security work of the Data & Network Operations Center of the Regional Information Center.
2. Monitors system vulnerability, analyzes findings and performs and/or recommends necessary remediation.
3. Participates in network placement and design review.
4. Assists with activities for providing back-up, recovery and business continuity.
5. Diagnoses and resolves Information Security system, hardware and software problems.
6. Reviews daily security appliances and system logs.
7. Supports forensic and audit reviews to ensure compliance with established standards.
8. Communicates results of daily internal system log analysis and review to appropriate staff.
9. Performs patching of security platforms.
10. Certifies acceptance of data signatures.
11. Advises and assists with system performance and data related tuning.
12. Supports internal investigations by monitoring, retrieving data and reports relating to employees charged with misconduct.
13. Good knowledge of a data & network operations center, infrastructure, systems management, structures and techniques.
14. Good knowledge of electronic data processing systems, principles, practices and procedures of systems and applications programming.
15. Good knowledge of security events incident management (SEIM) platforms.
16. Good knowledge of security login platforms.
17. Working knowledge of electronic data transmission storage and access control.
18. Working knowledge of common information management frameworks.
19. Familiarity with current literature, sources of information and technological developments in the field of information security and systems architecture.
20. Ability to analyze systems requirements of a variety of applications and to design appropriate infrastructures.
21. Ability to track and maintain the inventory of infrastructure, replacement lifecycle and relative budget and planning.
22. Ability to prepare reports and diagrams relative to systems architecture.
23. Ability to direct and review the work of others.
24. Ability to prepare written and oral reports.
25. Ability to accurately convey both written and verbal directions.
26. Ability to form and maintain effective working relationships.
27. Ability to exercise independent judgment.
28. Physical condition commensurate with the demands of the position.
A. Graduation from a regionally accredited college or university or one accredited by the New York State Board of Regents to grant degrees with a Bachelor’s degree in information security, information systems, computer science, information resources management, information technology or a closely related field, and four (4) years of work experience in information technology, which included, or was closely related to, two of the eight domains of information security1; OR,
B. Graduation from a regionally accredited college or university or one accredited by the New York State Board of Regents to grant degrees with an Associate’s degree in information security, information systems, computer science, information resources management, information technology or a closely related field, and six (6) years of work experience in information technology, four (4) years of which included, or was closely related to, two of the eight domains of information security1.
PROMOTIONAL: Twenty-four (24) months of permanent competitive class status as an Information Security Analyst.
1. The following are the eight domains of information security: 1. Security and Risk Management; 2. Asset Security; 3. Security Engineering; 4. Communication and Network Security; 5. Identity and Access Management; 6. Security Assessment and Testing; 7. Security Operations; and, 8. Software Development Security.
2. Certifications in the domains of information security, such as SSCP, CCSP, CAP, CSSLP, CCFP, or HCISPP, may be substituted for two (2) years of experience.
Vacancies are filled by certified list provided by Albany County Civil Service. Should no certified list be available, candidates appointed to this position will be serving in a provisional appointment in accordance with New York State Civil Service Law. The candidate must successfully complete a competitive examination and be eligible for appointment in accordance with Civil Service Law and the Civil Service Rules for Albany County to obtain a permanent appointment.