Lead Red Team Engineer

Schedule: Full-time

What You'll Do:

Under general supervision in the Office of Information Security & Privacy, identifies weaknesses in the State’s security controls as well as the State’s detection & response capabilities by:

• Planning exercises emulating adversaries’ operations.

• Identifies & uncovers misconfigurations in the State’s network.

• Evaluates the security of the State’s websites to discover otherwise unknown security issues.

• Conducts/leads penetration tests &/or coordinates with external penetration testing partners to verify vulnerabilities are exploitable.

• Presents findings to stakeholders & advises on corrective measures on vulnerabilities.

• Engineers’ offensive security solutions to exploit IT infrastructure & application weaknesses.

• Collaborate with other technical resources to develop & implement mitigation strategies for discovered vulnerabilities.

• Monitors & evaluates the effectiveness of the enterprise's cybersecurity safeguards vis-à-vis findings to ensure that findings from exercises are adequately addressed

• Identifies, collects, & reports metrics related to progress, operations, & findings.

• Works with agencies on requests for regulatory penetration testing to ensure that their testing is adequate.

• Leads efforts to evaluate, recommend & implement IT security standards & best practices to remediate discovered vulnerabilities.

• Conducts threat or target analysis of cyber defense information & production of threat information within the enterprise.

• Mentors & assists junior staff.

What’s in it for you:

At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:

Medical Coverage

Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans.

Dental, Vision and Basic Life Insurance

Dental, vision, and basic life insurance premiums are free after completed eligibility period. Length of eligibility period is dependent on union representation.

Time Away From Work and Work/Life Balance

Paid time off, including vacation, personal, and sick leave

11 paid holidays per year

Childbirth/Adoption leave

Employee Development Funds

The State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.

Ohio Public Employees Retirement System

OPERS is the retirement system for State of Ohio employees. The employee contributes 10% of their salary towards their retirement. The employer contributes an amount equal to 14% of the employee’s salary. Visit the OPERS website for more information.

Deferred Compensation

The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.

Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.

Completion of undergraduate core coursework in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.

-Or 12 mos. exp. as Enterprise Information Security Professional 1, 69981.

-Or equivalent of Minimum Class Qualifications For Employment noted above.

Job Skills: Cybersecurity, Information Technology, Problem Solving, Critical thinking

Knowledge:

1. Computer science, computer security best practices

2. Cyber security policy development & business/IT planning

3. Network security measures, equipment & software

4. Federal statutes, laws, regulations, policies, & guidelines pertaining to computer security

5. Technical writing techniques

6. TCP/IP protocols & computer hardware systems

7. Integration of firewalls, intrusion detection/prevention systems, users’ authentication systems, virtual private networks

8. Computer networking both wired & wireless

9. Disaster recovery planning

10. Security architecture

11. Division & agency policies & procedures

12. Information security program management & project management principles & techniques.

13. Enterprise incident response program, roles, & responsibilities.

14. Penetration testing principles, tools, & techniques

Skills:

1. Operation of personal computer & associated hardware/software

2. Skill in determining how a security system should work (including its resilience & dependability capabilities) & how changes in conditions, operations, or the environment will affect these outcomes

3. Use of penetration testing tools & techniques

4. Use of social engineering techniques

5. Use of vulnerability scanning tools

6. Software development & scripting

Abilities

1. Interpret extensive variety of technical material in books, manuals, & network/system diagrams

2. Apply techniques for conducting host & network-based intrusions using offensive security technologies

3. Apply techniques for detecting host & network-based intrusions using intrusion detection technologies

*Developed after employment.