IT Security Specialist

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent combination of education and experience).
• 2 years of experience in IT security, system/network administration
• Knowledge of SIEM tools, vulnerability management, and incident response.
• Understanding of networking concepts, firewalls, and cloud security.

Nice To Haves

• Familiarity with municipal applications (ERP, utility billing, municipal court, GIS, etc.).
• CompTIA Security+
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Strong analytical and problem-solving skills with attention to detail.
• Effective written and verbal communication for both technical staff and non-technical audiences (including Council and Department Heads).
• High ethical standards and commitment to confidentiality of sensitive government data.

Responsibilities

• Monitor the City’s SIEM, endpoint protection, and firewall systems for suspicious activity.
• Investigate and document security events, escalating incidents in accordance with the City’s Incident Response Plan.
• Support business continuity and disaster recovery efforts, ensuring essential City services remain operational.
• Conduct vulnerability scans on City servers, networks, and applications.
• Lead/participate in incident response efforts, including containment, eradication, recovery, and post-incident reporting.
• Track, prioritize, and remediate vulnerabilities in collaboration with Infrastructure Services and Enterprise Applications teams.
• Assess risks associated with third-party vendors, cloud solutions (e.g., Workday, Tyler, Accela), and payment processing systems.
• Contribute to drafting, reviewing, and enforcing the City’s IT security policies and standards, including acceptable use policies, review of least privilege policies and data protection standards.
• Assist with preparation for audits, council reporting, and grant compliance related to cybersecurity.
• Ensure systems meet compliance with standards such as NIST, CJIS, PCI-DSS, and organizational policies.
• Conduct regular vulnerability scans, risk assessments, and penetration testing.
• Assist in policy development for information security, acceptable use, and data protection.
• Provide ongoing security training to City employees, including phishing awareness and safe technology practices.
• Develop and distribute communication on emerging threats and citywide security reminders.
• Assist in the configuration and monitoring of firewalls, VPNs, and intrusion prevention systems.
• Review logs for unauthorized access attempts or anomalies.
• Partner with the Infrastructure and Support Services divisions to ensure secure configuration of desktops, mobile devices, and enterprise applications.