Lucid Technologies Inc

Under broad supervision, plans, directs and coordinates agency activities in the field of Information Security. Develops and enforces the organization's security policies and procedures. Incorporates the design of and develops security procedures.

We are looking for a skilled cybersecurity professional with relevant technical experience. As the Information Security Analyst 3, reporting to the CISO, the selected candidate will perform technically and lead the hands-on technical team in administering IT security tools, automation, and compliance standards. Security based planning, implementation, and monitoring security measures duties included. Help the security team coordinate Information Technology activities in the information and cybersecurity. Assist with security policy and procedures development and policy enforcement. Ensure the security awareness and training programs are functioning as designed. Work with the security team and other stakeholders with building and 

maintaining the business continuity, disaster recovery, and incident response plans. 

Analytical duties include an additional focus on protecting Agency data by performing threat and incident detection, incident handling, and incident response. Ability to work under minimal supervision and the selected candidate may supervise the work of others. 

You will have the opportunity to learn and grow; both personally and professionally

through our training and development programs. While your path in the Office of 

Information Security will be unique in protecting the Agency’s assets, your journey will help the Department achieve our goal of becoming the most efficient and accessible tax administrator in the country. 

Primary Duties & Job Responsibilities:  

Complete task designed to ensure security of the Agency’s systems and information assets through confidentiality, integrity & availability. 

Implement confidentiality measures that protects against unauthorized access, modification, 

or destruction and helps to develop IT security policies and standards to support the security objectives. 

Develop and enforce the organization's security policies and procedures, security awareness program, the information security portion of the business continuity and disaster recovery plans, and all industry and government compliance issues. 

Work with end users to determine needs of individual divisions and offices within the 

department 

Conduct Risk Management analysis to identify areas of risk and develop security measures to prevent loss and assist in the Mitigations of those risks. 

Participate in training, self-study, and statewide initiatives on security standards and best practices to serve as a valuable go-to security subject matter expert for the Agency. 

Actively monitor the Agency’s infrastructure and systems for security threats. Actively 

manage various security programs/platforms, monitors the use of data files, and regulates access to safeguard agency information in those computer files. 

Work with business owners, IT managers, Agency Staff, and vendors to provide timely and 

efficient IT coordination of security services to meet Agency business needs. 

Create reports on status of Agency information security programs and projects and 

communicate reports to senior management and the leadership teams. 

Develop, deliver, and maintain security standards, system security plans, best security and 

operations practices, architecture, and systems. Implement IT system security plans, projects, 

and other initiatives 

Report directly to the InfoSec Team on matters concerning the Agency’s security status & 

posture. Assists in Information Security Investigations, Threat Assessments and Mitigations 

Assist with numerous Information Security tools and programs. 

Bachelor's degree in information technology, computer science, information assurance, 

or a related field from an accredited college or university 

6 years of information technology experience, 2 years of which in information security or information assurance. 

Note: An equivalent combination of education and job specific experience 

that provided them knowledge, experience and competencies required to successfully perform the job at the level listed may be substituted on a year-over-year basis. 

Hands on working experience with at least two or more of these security technologies (e.g., 

Vulnerability Management, Penetration Testing, Email Security, EDR, MFA, SIEM, IPS, Firewalls) 

Possess one or more current industry certifications relevant to the job e.g., Security+, CISSP, 

CISM, C-RISC, CISA, SANS certifications, or equivalent experience 

Experience with security tools and technology such as, i.e., FireEye (Trellix), Tenable.io, 

Nessus, Splunk, SolarWinds, Varonis, GRC tools, CrowdStrike Falcon, and LogRhythm 

Knowledge & experience with cloud technologies: Amazon Web Services (AWS), to include WatchGuard, Guard Duty, Identity & Access Management (IAM), Microsoft Azure 

Technical knowledge in endpoint security, VPN, Firewall, network monitoring, intrusion 

detection, web server security, and wireless security 

Practical experience in systems administration, vulnerability management, endpoint 

management, and email security operations and management 

Excellent analytical and critical thinking skills to identify possible threats.

Familiarity with IRS Publication 1075, NIST SP 800-53 Privacy Controls, NIST SP 800-63 Digital 

Identity Guidelines, NIST SP 800-88 Guidelines for Media Sanitization, NIST SP 800-18 System 

Security Plans (SSP), NIST SP 800-52, FIPS-140, NIST SP 800-61, NIST SP 800-83, other NIST SP 

Guidelines, etc., knowledge of NIST Frameworks, FISMA, CIS Controls, and the Criminal Justice 

Information Services Policy 

Progressive experience in information technology, incident response & incident reporting, 

technical support, cybersecurity, cryptography, and knowledge of data encryption 

techniques 

Ability to work independently and prioritize multiple projects in a highly dynamic environment. 

Excellent communication and teamwork skills and demonstrated across broad group of 

technical and non-technical stakeholders 

Assist with Office of Information Security Risk Assessments, System Security Plans, and other reports required by the IRS Office of Safeguards, state audits, and other third-party assessors. 

Knowledge and experience in Policies and procedures development, revision and 

management would be a plus.

Bachelor's degree in information technology, computer science, information assurance, or a related field from an accredited college or university Required 

Information technology experience Required 6 Years

Information security or information assurance experience Required 2 Years

Security+, CISSP, CISM, C-RISC, CISA, SANS certifications (MUST UPLOAD CERTIFICATIONS) Required  

FireEye (Trellix), Tenable.io, Nessus, Splunk, SolarWinds, Varonis, GRC tools, CrowdStrike Falcon, and LogRhythm Required  

Amazon Web Services (AWS), to include WatchGuard, Guard Duty, Identity & Access Management (IAM), Microsoft Azure Required 

Technical knowledge in endpoint security, VPN, Firewall, network monitoring, intrusion detection, web server security, and wireless security Required 

Practical experience in systems administration, vulnerability management, endpoint management, and email security operations and management Required  

Excellent analytical and critical thinking skills to identify possible threats. Required 

Ability to work independently and prioritize multiple projects in a highly dynamic environment. Required 

Knowledge of NIST Frameworks, FISMA, CIS Controls, and the Criminal Justice Information Services PolicyHighly desired 

Experience in incident response & incident reporting, technical support, cybersecurity, cryptography, and knowledge of data encryption techniques Highly desired 

Knowledge and experience in Policies and procedures development, revision and management. Highly desired