Security Administrator

Position: Security Administrator

Duration: 10 months

Location: Carson City, NV (Onsite from day 1)

Special Requirement:

• PowerShell or similar scripting experience creating their own code with the ability to manipulate data and log files. They should be able to, for example, correlate key value columns from two or more sets of data to combine and summarize the data. For example, pull a list of computers from Active Directory and an inventory system and combine the results to show a unified view, or trigger an action such as moving a computer that has not been "seen" in either system for a designated to a designated OU in AD. Tools other than PowerShell may be acceptable if they can be automated and approved for our environment.
• End-to-end experience setting up logging / SEIM systems and writing associated rules. Knowledge of Regular Expressions and Yara rules would be typical as well as syslog configuration, NXLog or similar. Setting up streams to break up incoming logs into buckets and fields is a plus.
• Demonstrated ability to create and organize documentation such as runbooks and system build documentation.
• Working knowledge in networking, firewalls, Window ecosystem, and Linux.
• Hands on individual contributor or wants to apply prior hands on experience.
• A passion for cybersecurity.

Job Description:

This Statement of Work outlines the agreement between the Nevada Department of Taxation and the service provider for the provision of Information Security Analyst services. The Analyst will assist the Information Security Officer (ISO) in enhancing the organization's information security posture by developing and maintaining documentation and playbooks, configuring logging and alert systems, creating automations, and supporting compliance and risk management activities. The role enables the ISO to focus on strategic priorities by offloading routine and technical tasks. The goal of this SOW is to augment the bandwidth of the ISO, matching the skillset of the contractor to a subset of the key responsibilities listed below.

Responsibilities

• Documentation and Runbook Development
  • Develop and maintain detailed documentation and playbooks for daily, weekly, and monthly information security operations, including incident response procedures and system maintenance tasks.
  • Create and update checklists for operational tasks, such as patch management, vulnerability scans, and access control reviews.
  • Format and standardize information security policies, procedures, and guidelines for clarity and accessibility.
• Logging and Alert Configuration
  • Configure logging mechanisms for security tools (e.g., Graylog, NXLog, Logstash FortiAnalyzer) to capture relevant security events and system activities.
  • Set up and fine-tune alert rules for real-time detection of security incidents, such as unauthorized access attempts or anomalous network traffic.
  • Monitor and validate log integrity and retention policies to ensure compliance with organizational and regulatory requirements.
• Creating Automations and Workflows
  • Develop automated scripts (e.g., using Python or PowerShell) to streamline repetitive security tasks, such as log analysis, vulnerability scanning, and report generation.
  • Create workflows to automate incident response processes, including ticket creation, escalation, and notification for security events.
  • Integrate automation tools with existing security platforms (e.g., SIEM, ticketing systems) to improve operational efficiency and reduce response times.
• Risk and Compliance Support
  • Collect and organize data for risk assessments, including asset inventories, vulnerability scan results, and threat intelligence feeds.
  • Support compliance audits by preparing documentation and evidence for frameworks like IRS Publication 1075 and PCI DSS.
  • Track and report on remediation efforts for identified vulnerabilities and compliance gaps.
• Data Reporting and Metrics
  • Collect and analyze data from security tools (e.g., firewalls, IDS/IPS, endpoint protection platforms) to generate metrics on vulnerabilities, incidents, and system performance.
  • Develop automated scripts (e.g., using Python or PowerShell) to streamline data collection and reporting processes.
• Operational Support:
  • Assist in the execution of operational tasks, such as user access reviews, security patch verification, and backup validation.
  • Support the ISO in coordinating incident response drills and tabletop exercises.

Perform additional tasks as directed to support information security initiatives.

DELIVERABLES

Modernization Project Deliverables

• Implementation Plans
• Scope Management Plans
• Project Communications Plan
• Activity List
• Risk Management Plan

Required /Desired Skills:

• Agreement to follow IRS Pub 1075 Requirements
• Agreement to State background check

Education

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field preferred.

Technical Skills

• Strong working knowledge of computer networks, Windows, and Linux.
• Proficiency in configuring and managing SIEM tools.
• Experience with scripting languages (e.g., Python, PowerShell) for automation and data processing.
• Familiarity with security tools, such as firewalls, IDS/IPS, endpoint detection and response EDR), and vulnerability scanners (e.g., Nessus).
• Experience as a database administrator (Oracle/SQL Server/Postgres) a plus.

Soft Skills

• Strong attention to detail and documentation skills.
• Ability to communicate technical concepts clearly to non-technical stakeholders.
• Strong organizational and time-management skills.

Preferred Knowledge

• Understanding of information security frameworks (e.g., NIST, CIS).
• Familiarity with compliance requirements (IRS Pub 1075, PCI DSS).
• Experience with data visualization tools (Excel).

Certifications (preferred but not required)

• CompTIA Security+, Certified Information Systems Security Professional (CISSP), or equivalent.