Portland Community College | Portland, Oregon Portland Community College

Cybersecurity Specialist

 

TITLE: Cybersecurity Specialist

CLASS: Classified

EXEMPT STATUS: Non-exempt

GRADE: 26

JOB SUMMARY

Under the direction of management, the incumbent serves as a technical expert in the area of cybersecurity and the tools and processes required to protect PCC’s cyber assets and its user community. The incumbent provides project coordination to ensure the highest levels of information security, identifying the necessary methods, solutions, and practices. The Cybersecurity Specialist works with other teams at PCC to develop training materials and communicate new concepts in cybersecurity. This position is responsible for implementing and coordinating major segments of PCC’s enterprise security portfolio. The incumbent takes a lead role in detecting, remediating, protecting and maintaining information security on a district level.

TYPICAL DUTIES AND RESPONSIBILITIES

  1. Responds to cybersecurity incidents, and acts as escalation point for high-priority or highly complex incidents.
  2. Coordinates the day-to-day operations of PCC’s information security and data structures by overseeing the operational performance of PCC’s security systems. 
  3. Implements, monitors, and operates intrusion detection systems, intrusion prevention systems, SIEM, and other tools to detect, research, analyze, respond to, and mitigate information security-related vulnerabilities, threats and incidents.
  4. Evaluates current and future security-related requirements. Develops or recommends technical and operational solutions to enhance PCC’s cyber incident response capability.
  5. Performs software upgrades, defines performance criteria, and documents configurations and system specifications. 
  6. Provides secure implementation guidance and governance throughout project life cycle. Identifies and ensures security issues are understood and addressed.
  7. Assists management in the development of incident control documentation, cyber incident response procedures, and other standards, policies, and procedures.
  8. Works with customer and peer organizations to perform research, testing, evaluation, and implementation of security procedures.
  9. Trains and guides staff on cybersecurity, response practices, tools, and capabilities. Acts as a resource to other departments within the College. 
  10. Remains current on best practices, threat intelligence and technology advances in the areas of cybersecurity. Acts as the college’s technical resource for cybersecurity.
  11. Installs, configures and tests security related technologies. Troubleshoots and corrects security and data related problems.
  12. Monitors the work of service providers and/or contractors engaged by PCC.
  13. Provides regular and special reporting, including reports of risks, control deficiencies, remediation strategies, and performance metrics.
  14. Performs other duties as assigned.

WORK ENVIRONMENT AND PHYSICAL REQUIREMENTS

Work environment includes frequent disruptions and changes in priorities. Work is performed in an office environment or using standard information technology equipment combined with specialized cybersecurity products. Working conditions may require various shifts and/or weekends to provide incident response operations, business continuity plans, or disaster recovery operations. There is occasional travel between campuses or to off-site meetings.  Position requires routine periods of standing and walking, lifting of equipment (30-50 pounds) and physical agility. Physical skills are required for keyboarding and operating complex network and computing equipment. This position may require occasional work on weekends, evenings, and holidays.

MINIMUM QUALIFICATIONS

High school diploma or equivalent. Associate’s Degree in Computer Information Systems or related discipline. Relevant experience may substitute for the degree requirement on a year-for-year basis. Four years of applied work experience in cybersecurity, such as developing and deploying security related tools and infrastructure, monitoring and remediating security threats, and implementing active cyber defense and operational practices.

KNOWLEDGE, SKILLS AND ABILITIES

Knowledge of:

  • Applicable information security administration, management, governance, and compliance principles, practices, laws, rules and regulations;
  • Cybersecurity standard frameworks, controls, technology, and solutions;
  • Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
  • Incident response management;
  • Risk assessment methodology;
  • Cyber-attack groups, phases and countermeasures; 
  • Mitigating security controls such as anti-virus, IPS/IDS, email filtering, web site blocking, and patching and overall defense strategies;
  • Insider threat and forensics;
  • Coding best practices as related to security.

Skills in:

  • Developing and implementing cybersecurity strategies and solutions;
  • Researching and locating information related to internal and external organizations using online and other sources;
  • Information system acquisition, development, implementation, and operations; 
  • Security project management and planning;
  • Troubleshooting and operating a computer and various software packages;
  • Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
  • Interfacing with internal or external parties regarding security policy standards violations, security controls failures, and incident response situations;
  • Working with diverse academic, cultural and ethnic backgrounds of community college students and staff;
  • Using judgment and ingenuity in maintaining objectives and technical standards.

Ability to:

  • Effectively communicate technical issues to diverse audiences, both in writing and verbally;
  • Apply a risk-based approach to planning, executing, and reporting to enterprise cybersecurity;
  • Maintaining confidentiality;
  • Evaluate and update and/or revise program materials;
  • Learn quickly and apply knowledge to new situations;
  • Handle sensitive and confidential matters, situations, and data;
  • Understand and follow broad and complex instructions;
  • Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
  • Work independently and prioritize multiple tasks and adapt to needed changes;
  • Remain calm under high pressure/difficult situations.

REVISED: 7/20

NEW: 01/2015