The IT Security Specialist performs professional work related to the management of information technology security policy, planning, development, implementation, training and support, and provides actionable advice to improve IT security and serves as a team lead to fulfill security objectives within the Court. The incumbent is responsible for developing and implementing local IT security policies, processes, and technologies that are consistent with the Federal Judiciary National Information Security program as well as for collaborating with other Judiciary stakeholders, such as the Administrative Office of the Courts (AO), Ninth Circuit, other Courts’ IT personnel, and commercial IT resource providers.
This position is located at the federal courthouse in Seattle, Washington, with regular travel required to divisional offices, driver’s license required. Part time telework may be considered depending on qualifications and experience.
REPRESENTATIVE DUTIES
- Collaborate and work with the IT Director and other IT team members to complete the annual judiciary IT security self-assessment program (Scorecard).
- Collaborate and work with the IT Director and the other IT team members to progress in closing the gaps in the CUSA (Court-Unit [IT] Security Assessment) findings. This includes monthly updates of the Plan Of Action & Milestones (POA&M).
- Lead, develop and work to initiate and track the annual IT Security Training for all units supported (KnowBe4). This includes ensuring users have completed the training within required deadlines. Track and provide guidance on the required bi-annual training for IT Staff, HR and other specialized personnel by the AO.
- Provide advice on matters of IT security, including security strategy and implementation, to judges, court unit executives, other senior court staff, and Systems Technology Division management. This includes leading and maintaining the judiciary security PII (Personally Identifiable Information) reduction and redaction program (DeleteMe).
- Lead and maintain the management and implementation of secured cloud storage services (Box.com).
- Lead and maintain the inventory disposal process, take the role of the disposal officer.
- Create and employ methodologies, templates, guidelines, checklists, procedures, and other documents in support of the court's IT security framework. Lead and facilitate the
review, update, and the approval process for security documents.
- Develop and administer local court security policies and guidance and assist with the remediation of identified risks and the implementation of security measures.
- Perform research to identify potential vulnerabilities in, and threats to, existing and proposed technologies, develop and implement effective mechanisms and procedures for mitigating risks and threats. This includes collaborate and work with the other team members in ushering patching priorities. This means scheduling monthly meetings and preparing reports of systems and vulnerabilities that need immediate attention or need priorities within 30-60 days or zero day.
- Attend the ISO (Information Security Office) meetings and other security related AO meetings and provide updates to the team either via email or during routine meetings with groups or individuals.
- Maintain and manage systems related to IT security within the court such as the Forcepoint server, vulnerability scanner servers, etc.
- May act as team lead or help the team lead in the administration of IT security-related automated tools including but not limited to antivirus products, operating system/software patch management mechanisms, web security/filtering platforms, system logging facilities, and locally installed firewall appliances.
- Provide security analysis of IT activities to ensure that appropriate security measures are in place and are enforced. Conduct security risk and vulnerability assessments of planned and installed information systems to identify weaknesses, risks, and protection requirements.
- Recommend and implement changes to ensure the reliability of information systems and to prevent and defend against unauthorized access to systems, networks, and data.
- Communicate and collaborate with other judiciary stakeholders including the Administrative Office, the Ninth Circuit IT Security Officer, other court IT personnel, and commercial IT resource providers regarding IT security guidelines, procedures, practices, administration, and incident response.
- Work with IT Management to complete the IT portion of the court's internal controls documentation, international travel policy and Continuity of Operations documentation.
- Work with the CST team and Lead Training Specialist to educate judges about IT security best practices when traveling.
- Other duties as assigned.
QUALIFICATIONS
- Possess technical knowledge and at least 3 years of work experience in network management and security, network traffic analysis, computer hardware and software, and data communications.
- Ability to identify and analyze security risks and implement resolutions.
- Ability to detect, identify, and analyze IT security problems and assess the implications of alternative solutions.
- Knowledge and experience of anti-malware and endpoint security controls.
- Knowledge of IPSec and the ability to use it to protect data, voice, and video traffic.
- Skill in designing security architecture roadmaps and documenting architecture decisions.
- Strong technical writing skills.
- Ability to write, analyze, design and implement security policies and procedures.
- Knowledge and at least 3 years of professional experience in the installation, configuration, and support of Windows Server operating systems, Microsoft Active Directory, and Windows 10/11 desktop operating systems for enterprise of at least 100 users; Working experience of enterprise IT asset management and patch deployment utilities such as Microsoft System Center Configuration Manager, Websense/Forcepoint Triton web security platform, Enterprise log management/analysis platforms including Splunk and Nessus, and Network monitoring solutions such as SolarWinds.
PREFERRED QUALIFICATIONS
- Strong customer service skills; the ability to work cooperatively with clients, team members, and managers;
- The ability to move projects forward and track multiple priorities in a fast-paced environment; and the ability to follow an assigned project through to completion.
- Experience in a federal court environment and/or experience with specialized applications designed for the federal courts.
- A bachelor’s degree from an accredited college or university
- CISSP Certified or Security+ Certified or Network+ Certified
Job Type: Full-time
Pay: $64,980.00 - $150,547.00 per year
Benefits:
- 401(k) matching
- Dental insurance
- Employee assistance program
- Health insurance
- Paid time off
- Retirement plan
- Tuition reimbursement
- Vision insurance
Experience level:
Schedule:
Work Location: Hybrid remote in Seattle, WA 98101