Harris County was founded in 1836 and is located in the Gulf Coast region of Texas approximately 50 miles from the Gulf of Mexico. Harris County covers over 1700 square miles with over 4 million residents, making it the most populous county in Texas and third most populous in the United States.
The Harris County Central Technology Services (CTS) exists to support the mission of Harris County by developing, implementing and supporting high quality, innovative and cost effective information technology solutions.
Under general direction, executes vulnerability, threat and incident management processes to help ensure cybersecurity risks and threats are proactively identified and addressed to maintain the protection of Harris County information and information systems.
• Assists in the design and implementation of vulnerability management tools and processes
• Executes vulnerability management processes and outcomes to ensure proactive discovery and remediation of risks
• Effectively communicates security vulnerabilities and risks to issue owners and assists in remediation efforts
• Serves as a subject matter expert on vulnerability and threat management
• Analyzes vulnerability data to determine broad issues/trends and to determine root cause problems
• Researches, designs and implements solutions to address root cause problems on behalf of the enterprise
• Assists in the governance of cybersecurity policies and enforcement of vulnerability remediation deadlines
• Adheres to cybersecurity and vulnerability management procedures, tools and internal reporting/tracking mechanisms
• Supports the development of cybersecurity procedures, metrics/measures packages, project plans, and communications as needed to support the overall delivery of cybersecurity objectives
• Participates on Cybersecurity Incident Response Team (CIRT) investigation and response activities as required
• Demonstrates knowledge and understanding of the global threat landscape, cybersecurity trends, emerging technologies and an ability to relate them to the County and its objectives
• Works on multiple projects as a subject matter expert, including projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments
• May also participate in the evaluation and implementation of other new security solutions and technologies
EDUCATION: High school diploma is required.
EXPERIENCE: A minimum of 3 years of progressive work experience in Information Security is required, including direct experience executing vulnerability, incident or threat management processes, tools and technologies to include:
• Hands-on experience operating vulnerability scanning, incident detection & response (IDR) or penetration testing tools
• Experience performing vulnerability assessments or penetration tests
• Experience validating, analyzing and prioritizing reported vulnerability and security risks
• Ability to build and maintain strong relationships across departments/teams and effectively communicate vulnerability findings to issue owners and support remediation efforts
• Strong organizational skills, including the ability to adhere to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel
• Strong technical writing, research, analysis and analytical/problem solving skills
• A passion for cybersecurity, self-starter mentality, flexibility and willingness to take on new challenges and ability to thrive in a team environment
Bachelor's degree in Computer Science, Information Systems or similar area of study from an accredited college or university is preferred
Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or CompTIA Security+ Certification is preferred
• Experience in security event analysis, monitoring and response technologies and processes
• Experience in threat intelligence gathering, research and analysis
• Experience participating in Cybersecurity Incident Response Team (CIRT) activities
• A broad understanding of cybersecurity concepts across all domains, applicable security frameworks (e.g. ISO 2700X, NIST and CIS Critical Security Controls) and regulations (e.g. SOX, PCI, HIPAA and CJIS)
• Ability to confront challenges in a constructive fashion and influence others through consensus building techniques
40 hours per week / Monday – Friday. Weekends and 24 on-call infrequently, as needed
Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to CJI (Criminal Justice Information) systems or access to an area where CJI is received, maintained or stored either manually or electronically (i.e. custodian, maintenance).
- Conviction, probation, or deferred adjudication for any Felony
- Conviction, probation, or deferred adjudication for any Class A Misdemeanor
- Conviction, probation, or deferred adjudication for a Class B Misdemeanor if within the previous 10 years;
- Open arrest for any criminal offense (Felony or Misdemeanor)
- Family Violence conviction