- Analyzing, assessing and creating detailed report findings discovered during network
- security assessments.
- Providing recommendations to mitigate and remediate gaps in network security vulnerabilities
- Working with third-party vendors and City agencies to coordinate technology discovery, performing analysis of the network architecture, and producing call-flows diagrams; working remotely and onsite at various City facilities.
- Review and triage vulnerability alerts into manageable reports, provide relevant analysis, suggest mitigation procedures, track remediation, identify gaps and escalate as appropriate.
- Assist in the execution, design and configuration of the internal UT IoT/ICS Lab.
MANDATORY SKILLS/EXPERIENCE:
- Minimum 12 years of subject matter expertise performing network assessments on complex enterprise networks.
- Strong knowledge of enterprise cyber security infrastructure.
- Experience implementing citywide projects and programs focused on endpoint defensive and perimeter protection technologies, email security strategy, and identity management.
- High degree of confidence and briefing skill; comfortable fielding questions and articulating project/program details in front of senior leadership.
DESIRABLE SKILLS/EXPERIENCE:
- Significant and demonstrated capabilities to assess organizational cybersecurity hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership.
- Significant track record of executing cybersecurity uplift in government, financial services orprofessional services industry.
- Theoretical and practical understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/remediation methods; experience in cyber forensics and highly complex threat analyses.
- In-depth knowledge of complex network architecture, internet connectivity, firewall and DMZ hosting strategies.
- Knowledge of data privacy regulations and compliance issues.
- Track record of applying innovation successfully in technology environments.
- Excellent written and verbal communication skills.
- Certifications: CISSP, CISA, CRISC or other information security certifications.
- Knowledge of common information security management frameworks: ISO 27001, COBIT, NIST, CIST or other data security standards.