In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:
Knowledge of:
- Analytical procedures and methods;
- The functions of California State Government, including the principles, practices, policies, and reporting requirements of the California Office of Information Security (OIS);
- The California State Administrative Manual (SAM) and Statewide Information Management Manual (SIMM);
- The application of security policies and procedures, security and privacy awareness programs, business continuity, technical, disaster, and operational recovery plans; and the National Institute of Technology (NIST) 800-53 security and privacy controls framework;
- Administration and support of information security and infrastructure services, solutions, and tools including:
o Web Application Firewall solutions, like Microsoft Front Door;
o Dynamic Application Security Testing solutions, like Invicti DAST;
o Security Information and Event Management solutions, such as Microsoft Sentinel;
o Endpoint Protection Platforms and Extended Detection and Response solutions, such as the Microsoft Defender Suite and Defender XDR;
o Vulnerability management solutions, such as Microsoft Defender Vulnerability Management;
o Identity and Access Management systems, such as Microsoft Active Directory and/or Azure Entra ID;
o Security awareness and training platforms, such as KnowBe4;
o Scripting and data query tools, such as Microsoft PowerShell, Microsoft SQL, and Kusto Query Language; and
o Common programming languages and platforms, like MS .NET, C#, or Java.
Ability to:
- Effectively communicate, both verbally and in writing;
- Develop clear, accurate, and concise reports, correspondence, issue papers, memorandums, and other types of written communication;
- Network, communicate, and interface effectively with business and technical personnel with various levels of IT knowledge;
- Demonstrate strong interpersonal skills;
- Provide technical guidance for lower level staff and State contractors/consultants;
- Apply technical knowledge effectively and methodically; and
- Provide information security operational support services that adhere to Departmental policies and procedures and other governing State laws.