CAREER DESCRIPTION

DESCRIPTION
The Orange County Employees Retirement System (OCERS) invites you to join our growing Information Security TEAM! We are now accepting on-line applications to fill the newly added position of Cybersecurity Analyst.

WHO WE ARE
Established in 1945, the Orange County Employees Retirement System (OCERS) provides retirement, death, disability, and cost-of-living benefits to retirees of the County of Orange and certain districts. Our services begin the moment a new hire becomes an OCERS member and continue throughout the member’s career and retirement. Serving approximately 48,000 members, OCERS is governed by a ten-member Board of Retirement that is responsible for managing a $21 billion dollar fund. For more information about OCERS, please click here. We are driven by our Mission, Vision, and Values:

Mission
OCERS mission is to provide secure retirement and disability benefits with the highest standards of excellence.

Vision
OCERS vision is to be a trusted partner providing premier pension administration, distinguished by consistent, quality member experiences and prudent financial stewardship.

Values

• Open and Transparent
• Commitment to Superior Service
• Engaged and Dedicated Workforce
• Reliable and Accurate
• Secure and Sustainable

THE OPPORTUNITY
Under the direction of the Director of Information Security, the Cybersecurity Analyst will perform a variety of duties including the evaluation, implementation, maintenance, and daily management of the agency’s information security systems and solutions. Additionally, they will perform duties related to threat detection and prevention, vulnerability management, security education, incident response, security control implementation, and similar related duties as required. This position requires strong analytical skills, strong knowledge of cybersecurity standards and principles, and the ability to interface with all levels of staff.

The Cybersecurity Analyst reports directly to the Director of Information Security and is expected to uphold the highest standards of accountability, professionalism, customer service, and excellence. This position is responsible for protecting OCERS' systems, member data, and member funds from cyberattacks and fraudulent activities.

ESSENTIAL DUTIES AND RESPONSIBILITIES
Include, but are not limited to the following:

Security Systems Administration

• Perform daily administrative tasks associated with the organizations' various security systems
• Support computer users with security-related software installations, implementation of new security products and procedures, and troubleshooting of existing security solutions
• Compile and validate security-related statistical data; prepare reports and meeting agendas

Threat/Vulnerability Analysis and Remediation

• Analyze threat intelligence feeds/security bulletins to identify potential threats and vulnerabilities
• Identify vulnerable systems and mitigate the associated risk by applying security patches, making configuration changes, implementing compensating controls, etc.

Incident Detection, Investigation, and Response

• Monitor alerts from various systems to identify and investigate anomalous activity
• Analyze system alerts, outages, and abnormal system behavior due to potential security events
• Identify and document security events and incidents; take action to prevent compromise

Security Awareness Training and Education

• Assist in the development and implementation of security awareness training programs
• Train and educate staff on information security protocols, policies, and procedures
• Enforce organization security policies and procedures

Security Control Implementation and Assessment

• Evaluate, recommend, implement, and monitor security measures and programs in accordance with organization policies, procedures, and standards
• Facilitate audits and assessments; reports the status of remediation efforts
• Research the latest information security trends and recommend security enhancements

General

• Establish and maintain cohesive working relationships with public officials, vendors, supervisors, executives, technical and non-technical staff, and others encountered in the course of work
• Perform additional duties as assigned

MINIMUM QUALIFICATIONS
The minimum qualifications required for entry into the classification are as follows:

Education/Experience

• A Bachelor's Degree from an accredited college or university and two (2) years of experience in an Information Security, Cybersecurity, or Information Technology role

• An Associate Degree from an accredited community college and four (4) years of experience in an Information Security, Cybersecurity, or Information Technology role

Highly Desirable Qualifications
One (1) or more certifications such as CISSP, CISM, GSE, or equivalent

Desirable Qualifications
One (1) or more certifications such as CC, Security+, GSEC, or equivalent

Special Notes, Licenses, or Requirements

• A valid California Class C driver’s license or the ability to arrange necessary and timely transportation for field travel; may be required to use personal vehicle
• Successful candidates must be able to pass a thorough background investigation, including Live Scan fingerprint screening

Please click here for additional details about the Cybersecurity Analyst classification.

KNOWLEDGE/SKILLS/ABILITIES
Sample of KSAs necessary to perform essential duties of the position:

Knowledge of:

• Principles of vulnerability management, including analysis, discovery, assessment, prioritization, remediation, and patch management
• Endpoint protection strategies such as next-generation antivirus (NGAV) and secure configurations
• Principles of identity and access management, including single sign-on (SSO), multi-factor authentication (MFA), privileged access management (PAM), and password management
• Principles of email security including anti-spam, anti-phishing, attachment protection, URL protection, impersonation protection, SPF, DKIM, and DMARC
• Network technologies such as local area networks, wide area networks, virtual private networks, edge/gateway firewalls, and web application firewalls
• Internet security technologies such as secure web gateways, URL filtering, and secure browsing
• Security principles of Microsoft technologies, including Active Directory, Group Policy, Microsoft 365, Microsoft desktop and server operating systems
• Principles of threat analysis and interpretation of threat intelligence feeds
• Information security frameworks such as the NIST Cybersecurity Framework (NIST CSF), NIST 800-53, ISO 27001, CIS Controls, etc.

Skills/Ability to:

• Work independently with minimal supervision while completing a large volume of work and managing competing priorities to accomplish identified goals and objectives in a timely manner
• Demonstrate professional-level experience in presenting ideas and complex technical material clearly, concisely, and logically both orally and in writing
• Demonstrate integrity when applying information security principles and practices, dealing with confidential/secret information, and handling issues of a highly sensitive nature
• Identify and define actual and potential issues or concerns pertaining to the confidentiality, integrity, and availability of OCERS data and systems
• Use sound and logical judgment and make effective decisions to resolve identified issues Read, understand, and interpret complex technical information and governmental regulations
• Prepare, interpret, and evaluate a variety of narrative and statistical data and reports
• Communicate effectively in English, orally and in writing, with a variety of individuals representing diverse cultures and backgrounds
• Demonstrate strict confidentiality, professionalism, integrity, and compliance with applicable laws and regulations at all times

PHYSICAL, MENTAL, AND ENVIRONMENTAL CONDITIONS
The following is a description of the physical and mental abilities that are customarily required to perform the essential job functions of this position.

Physical and Mental Demands

• Speak and hear well enough to communicate clearly and understandably in person, over the telephone, and in small groups
• Vision sufficient to read fine print and a computer monitor
• Manual dexterity sufficient to use hands, arms, and shoulders repetitively to operate a telephone, keyboard, and write
• Mental stamina to interact professionally with members of the Board of Retirement, employers, peers, and members
• Independent body mobility, agility, and stamina to stand, walk, stoop, bend, and twist, to access a standard office environment
• Ability to sit for prolonged periods of time
• Body strength sufficient to lift 15 pounds and carry files/equipment

Environmental Conditions

• The primary workplace is in an office environment, working with standard office equipment
• Peripheral office equipment generates a quiet to moderate noise level
• Operates in an environment that includes elected officials, non-elected officials, government agencies, community interest groups, and the general public
• Out-of-area travel may be required to attend meetings and professional conferences

BENEFITS
OCERS offers a competitive benefits package that includes a choice of several health plans, annual leave, and paid holidays. Additionally, OCERS has a defined benefit pension plan which has reciprocity with the Public Employees Retirement System (PERS) and a deferred compensation 457 plan. OCERS offers up to an annual $10,000 Educational and Professional Reimbursement, a $3,500 taxable optional benefit plan, and a flexible/hybrid work schedule.

For additional information and details about the OCERS pension and benefits offered, please click here.
OCERS' Human Resources Department will screen all application materials to identify qualified candidates. After screening all applications, the more qualified candidates will be referred to the next step in the recruitment process and notified via e-mail of all further procedures applicable to their application status.

Applications Appraisal Panel (AAP) | Application Rating (Refer/Non-Refer):
Application materials will be rated by a panel of job knowledge experts for those qualifications most needed to perform the duties of the job. The more qualified candidates will be referred to the next step. All notifications regarding this recruitment will be sent via e-mail.

Qualifications Appraisal Panel | Oral Interview:
Candidates will be interviewed and rated by a panel of job knowledge experts. Each candidate's rating will be based on responses to a series of structured questions designed to elicit the candidate's qualifications for the job.

Based on OCERS' needs and the number of applications received, the selection procedures listed above may be modified, and all affected candidates will be notified.
E-mail is the primary form of notification during the recruitment process. Please ensure your correct e-mail address is on your application and only use one e-mail account.

Your application should highlight all the areas in which you have developed expertise, matching your professional experience with the specific qualifications listed above.

It is recommended that you record or print your confirmation page, as this verifies receipt of your on-line application.

You may apply on-line at the OCERS website: https://www.ocers.org/careers-ocers.

For specific information pertaining to this recruitment, please contact Felicia Durrah at (714) 569-4810 or email fdurrah@ocers.org.

Do not submit resumes to this email address as they will not be considered in lieu of the required application process.

FREQUENTLY ASKED QUESTIONS:
Click here for additional Frequently Asked Questions.

ADDITIONAL INFORMATION

Please see the below for important information regarding COVID-19 related requirements:

The COVID-19 pandemic continues to evolve, and laws, regulations, and policies regarding COVID-19 are subject to change. The position for which you are applying may be required to adhere to any applicable State or County Public Health Orders. You will receive notification of any requirement as it applies to this position.

NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.

Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with governmentjobs.com, ocgov.com, and ocers.org. If your email address should change, please update your profile at www.governmentjobs.com.

EEO INFORMATION

OCERS, as an Equal Employment Opportunity employer, encourages applicants from diverse backgrounds to apply.

Administrative Management
In addition to the County's standard suite of benefits - such as a variety of health plan options, sick and vacation time and paid holidays - we also offer an excellent array of benefits such as:

• Retirement: Benefits are provided through the Orange County Employees' Retirement System (OCERS)
  
  Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits.
  http://www.ocers.org/active-member-information.
• Paid Leave: Twelve holidays per year plus sick and vacation time.
• Health & Dependent Care Reimbursement Accounts
• Dental Insurance: County pays 100% of employee and dependent premiums.
• Paid Life Insurance: $100,000 life insurance policy
• Paid Accidental & Death and Dismemberment Insurance: $100,000 AD&D insurance policy
• Paid Short & Long Term Disability insurance programs
• 457 Defined Contribution Program

Click here to view the Orange County Employee Benefits Home Page.