Duty Statement Form (TECH 052)



State of CaliforniaCalifornia department of technologyDuty StatementTech 052 (Rev. 02/2018)RPA NUMBER (HR Use Only)20-047 ProposedALERT: This form is mandatory for all Requests for Personnel Action (RPA).INSTRUCTIONS: Before completing this form, read the instructions located on last page. Section A: Position ProfileA. DateB. appointment effective dateC. Incumbent NameJune 13, 2019VACANTd. CIVIL SERVICE CLASSIFICATIONe. POSITION WORKING TITLEInformation Technology Specialist IIInformation Technology Specialist IIF. Current Position NumberG. proposed Position Number (Last three (3) digits assigned by HR)695-331-1414-010H. office / section / unit / physical Location of PositionI. supervisor Name and classificationOffice of Information Security / Security Solutions / Rancho CordovaDavid Lane, Information Technology Manager IJ. Work Days / Work Hours / work shift (day, swing, grave)K. Position Requires: fingerprint background check FORMCHECKBOX Yes FORMCHECKBOX NoMonday-Friday, 8:00am-5:00pm Driving an Automobile FORMCHECKBOX Yes FORMCHECKBOX NoSection B: Position Functions and DutiesIdentify the major functions and associated duties, and the percentage of time spent annually on each (list higher percentages first). Information Technology Domains (Select all domains applicable to the incumbent’s duties/tasks.) FORMCHECKBOX Business Technology Management FORMCHECKBOX Information Security Engineering FORMCHECKBOX IT Project Management FORMCHECKBOX Software Engineering FORMCHECKBOX Client Services FORMCHECKBOX System EngineeringOrganizational Setting and Major FunctionsUnder the general direction of the Information Technology Manager I (IT Mgr I), the Information Technology Specialist II (IT Spec II) is responsible for leading the ongoing maintenance and support of production security systems and services managed by the Security Solutions unit.The IT Spec II develops and maintains expert level knowledge of relevant IT security infrastructure and technologies under the administration of Solutions, of applicable State/Federal and industry regulations and best practices with respect to information security, and of department and information security policies and procedures. Security best practices and the most complex technical and administrative requirements must be expertly interpreted and applied in a highly complex technical environment.Essential Functions60%System Development and OperationsArchitect internal and statewide cybersecurity solutions within the California Department of Technology (CDT) data centers and commercial/government cloud environments including Amazon Web Services (AWS), Microsoft Azure, and others.Design, deploy, operate, optimize, and maintain Splunk platform architecture for large-scale and distributed deployments in Infrastructure as Code (IaC).Build and maintain cybersecurity systems, hardware, software, and configurations using Open Source and Commercial Off The Shelf (COTS) solutions.Work with CDT resources, customers, and vendors to maintain an adequate security architecture. Review completion and implementation of system additions and/or enhancements and make recommendations to management and/or customers.Perform IT security monitoring of Security Solutions’ systems and environments providing recommendations and analysis for remediation.Troubleshoot performance degradations and service outages of Security Solutions’ systems.20%Governance?Assess and maintain system compliance with appropriate control sets and best practices.?Adhere to CDT change control requirements and processes.?Participate in a DevOps CI/CD solution that delivers tools and processes for rapid application development efforts and on-going production operations.?Develop tests to ensure systems meet documented business and user requirements.?Develop and maintain a comprehensive set of procedures and system security plans.15%General SupportParticipate in largescale efforts such as department wide risk assessments, compliance audits, technology evaluations, and document reviews.Advise other IT experts throughout the organization on a variety of situations and issues that involve applying or adopting new security theories, concepts, principles, standards, methods, and practices.Marginal Functions 5%?Keeping abreast of cybersecurity technologies & techniques, operating systems, network protection technologies, cloud services, system architecture, systems development lifecycle, and risk management.?Maintain current knowledge of relevant technology as assigned.?Participate in special projects as required.Perform other duties as requiredWork Environment RequirementsThe incumbent works in an office environment and is required to:?Operate a personal computer (word processor, spreadsheet, e-mail communication, presentation, and diagramming applications).?Use technical software for monitoring a variety of security-related items; and copy machine, fax machine, telephone system.?Successfully complete (pass) a fingerprint background criminal record check completed by the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI).Allocation Factors Supervision Received:The incumbent works under the general direction of the IT Mgr I. The IT Spec II is expected to complete assignments independently as a technical specialist. The IT Spec II will develop and execute project plans for assignments (including scope of work, identification of internal and external staff stakeholders as well as resources requirements).The IT Spec II has the responsibility to review progress, report problems, and provide recommendations (i.e., changes in priority or schedules) to Office of Information Security and CDT management as necessary. The IT Spec II is required to perform all duties and functions with a very high degree of independence.Actions and Consequences:The IT Spec II provides the highest level of analysis for the selection of products and services offered to CDT customers. As an external representative of the CDT to its customers, the Government Operations Agency, and the Office of Information Security, the highest degree of professionalism and knowledge of security trends within the CDT customer base and within the industry are required.The IT Spec II possesses knowledge of industry compliance requirements and trends including: FISMA/NIST 800-53, FedRAMP, IRS, CJIS, PCI, HIPAA requirements are essential. The IT Spec II will effectively ensure that Security Solutions’ products and services align with customer security requirements. The inability to perform this function at the mastery level would result in the delivery of inappropriate security services to CDT customers.Personal Contacts:The IT Spec II is in personal contact with a wide variety of technical, administrative and CDT executive management on a daily basis. External contacts include CDT customers, the Government Operations Agency, the Office of Information Security, various state and local agencies, and security vendors.Administrative and Supervisory Responsibilities: None. However, the IT Spec II may act as lead on a variety of technical duties on the more complex software systems projects.Supervision Exercised:None, however, the IT Spec II will provide leadership and oversight to CDT and statewide stakeholder groups to achieve security goals and develop uniform security policies, procedures and practices.Other InformationThis position requires:?Knowledge and expertise in system administration.?Knowledge and expertise in cybersecurity technologies and related best practices.?Knowledge and expertise in Windows and Linux operating systems.?Knowledge and expertise in managing virtualized and physical server environments.?Knowledge and expertise in system engineering and operations.?Knowledge of multi-location Data Center operations and technologies.?Knowledge or experience working with advanced software defined networks concepts, Cloud computing, and Infrastructure as a Service methodology.?Knowledge of NIST 800-53 and California State Administrative Manual.?Experience evaluating new cybersecurity technologies for and making effective recommendations for their use.?Ability to possess a high level of analytical and problem-solving skills.?Ability to complete the most complex alternative analyses.?Ability to communicate clearly in both oral and written format.?Ability to work cooperatively with all levels of staff and management?Ability to speak persuasively and professionally in public.Desirable Qualifications:? Knowledge of computer networking concepts and protocols, and network security methodologies.?Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).?Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.?Knowledge of cybersecurity and privacy principles.?Knowledge of cyber threats and vulnerabilities.?Knowledge of specific operational impacts of cybersecurity lapses.?Knowledge of complex data structures.?Knowledge of computer programming principles?Knowledge of organization's enterprise information security architecture.?Knowledge of organization's evaluation and validation requirements.?Knowledge of cybersecurity and privacy principles and methods that apply to software development.?Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).?Knowledge of local area and wide area networking principles and concepts including bandwidth management.?Knowledge of low-level computer languages (e.g., assembly languages).?Knowledge of operating systems.?Knowledge of Privacy Impact Assessments.?Knowledge of programming language structures and logic.?Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).?Knowledge of secure configuration management techniques.?Knowledge of software debugging principles.?Knowledge of software design tools, methods, and techniques.?Knowledge of software development models (e.g., Waterfall Model, Spiral Model).?Knowledge of software engineering.?Knowledge of structured analysis principles and methods.?Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.?Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language).?Knowledge of interpreted and compiled computer languages.?Knowledge of secure coding techniques.?Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).?Knowledge of software quality assurance process.?Knowledge of supply chain risk management standards, processes, and practices.?Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.?Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).?Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).?Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).?Knowledge of Personally Identifiable Information (PII) data security standards.?Knowledge of Payment Card Industry (PCI) data security standards.?Knowledge of Personal Health Information (PHI) data security standards.?Knowledge of information technology (IT) risk management policies, requirements, and procedures.?Knowledge of embedded systems.?Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.?Knowledge of penetration testing principles, tools, and techniques.?Knowledge of root cause analysis techniques.?Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)?Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.?Skill in conducting software debugging.?Skill in creating and utilizing mathematical or statistical models.?Skill in creating programs that validate and process multiple inputs including command line arguments, environmental variables, and input streams.?Skill in designing countermeasures to identified security risks.?Skill in developing and applying security system access controls.?Skill in discerning the protection needs (i.e., security controls) of information systems and networks.?Skill in writing code in a currently supported programming language (e.g., Java, C++).?Skill in secure test plan design (e. g. unit, integration, system, acceptance).?Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).?Skill in developing applications that can log and handle errors, exceptions, and application faults and logging.?Skill in using code analysis tools.?Skill in performing root cause analysis.?Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).incumbent Statement: I have discussed the duties of this position with my supervisor and have received a copy of the duty statement. Incumbent Name (Print)Incumbent SignatureDate Supervisor Statement: I have discussed the duties of this position with the incumbent. Supervisor Name (Print)Supervisor SignatureDate ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download