CITY OF LOWELL

Job Posting

Management Info Services (MIS)

Cyber Security Specialist

Job Title: Cyber Security Specialist (2700-69, J#6228, 3720)

Department: Management Information Systems (MIS)

Reports To: Chief Information Officer (CIO) or delegate(s) accordingly

Union: AFSCME, Local 2532

Salary: $51.4276 (min) to $55.3654 (max) per hour; 40 hours per week

FLSA: Non exempt

SUMMARY

This position will serve as the Cyber Security Specialist (CSS) for the City of Lowell (City) within the Management Information Systems Department (MIS). Under the general direction of the Chief Information Officer (CIO), the CSS will lead the efforts to secure and protect the City’s systems and data from unauthorized access/ modification/ destruction and will be responsible for implementing/ administering/ monitoring the City’s security solutions.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities are not intended to be an exhaustive list of all responsibilities,

duties and skills; they are intended to be accurate summaries of what the job involves and what is

required to perform it. Employees are responsible for all other duties as assigned to them. In order to perform this job successfully, the employee must be able to perform each essential duty and responsibility satisfactorily.

• Direct and coordinate special projects and programs as assigned by the CIO or delegate(s).

• Act on behalf of MIS regarding all security-related matters at the local, state, and/or federal

level accordingly.

• Advise and assist in the formulation/ administration/ implementation/ direction of strategic

security plans, programs, procedures and policies.

• Work to ensure that the City’s various security-related components run smoothly and

function properly throughout the City.

• Install/ configure/ maintain/ upgrade/ troubleshoot applications/ network connectivity/

hardware/ firewalls/ and operating systems as necessary to maintain operational readiness

and mitigate cyber security incidents.

• Interact with various on premise/ cloud hosted/ hybrid systems, as well as a variety of 3rd

party vendors and other systems which will require interaction with, access to, or

integration with the City’s various systems.

• Monitor/ review/ analyze log files and other security tools to identify and report any

unusual or suspect activities, including potential incidents, network intrusions, malware

events, etc.

• Manage, audit and maintain access control systems.

• Recommend implementation of controls and configurations aligned with security polices

and legal/ regulatory/ audit requirements.

2

• Assist with the review, testing, and assessment of new technologies and tools as assigned.

• Establish, maintain, and implement successful relationships with management, staff, and

vendors focused on improving and increasing security awareness and compliance

throughout the City.

• Ensure compliance with configuration and security standards, as applicable.

• Supervise vendors performing systems-related projects and activities, including 3rd party

security testing as appropriate.

• Maintain current knowledge of information security technologies and expand scope of

knowledge by performing research, attending security forums, presentations, formal

trainings, and share same with City staff accordingly.

• Assist in training City staff on cybersecurity issues and promote a safe and secure user

experience.

• Provide courteous and quality email, telephone, on-site and web-based technical support

to City staff.

• Strive to solve technical issues directly or assess/ diagnose accordingly for review/

discussion with other technical staff or 3rd parties, accordingly.

• Research emerging trends, threats and vulnerabilities to aid in the identification of network

incidents and recommend security best practices.

• Assess existing security posture and recommend areas of continuous improvement.

SUPERVISORY RESPONSIBILITIES

Under direction from the CIO, the CSS may supervise junior cyber security staff, other MIS staff,

vendors, or other 3rd parties performing security-related projects and activities.

QUALIFICATIONS

The requirements listed below are representative of the education, knowledge, skill, and/or ability

required. Reasonable accommodations may be made to enable individuals with disabilities to

perform the essential functions.

Knowledge, Skills, and Abilities (KSAs)

• Strong leadership skills to lead technology vision and the ability to execute decisions.

• Strong critical thinking skills, and a solid foundation in information technology, including

change management and project management plan development.

• Strong customer service, interpersonal, written and oral communication skills.

• Demonstrable understanding and experience in the full spectrum of standard technologyrelated

administrative tasks including server build/ administration/ rollouts/ account and

security management/ Active Directory and Group Policy Objects.

• Working knowledge of IT operations, responsibilities, workflow processes and procedures.

• Firm understanding of network and data security principals.

• Ability to effectively express/ interact with and communicate technical concepts/ ideas/

information to management/ peers and non-technical audiences.

• Must work well in a team environment.

• Ability to read and interpret documents such as application manuals, knowledgebase, and

other technical and procedural materials/ manuals geared to all levels and furnished in

written/ verbal/ diagram/ or schedule form.

3

• Ability to multitask, maintain a systemic approach to problem resolution, solve practical

problems and deal with a variety of situations with limited information; strong analytical

and problem solving skills; able to interpret/ assess/ identify root causes, diagnose

symptoms/ issues/ situations in order to resolve them correctly; able to use the Internet for

research and problem resolution.

• Knowledge of and working familiarity with the following tools and systems: MS Active

Directory, MS SQL, Barracuda BTEP, CrowdStrike, DUO, basic command line tools,

PowerShell scripting, LINUX.

• Experience interacting with network firewalls, routers, and other infrastructure.

• Experience and knowledge of network and log management tools and endpoint protection.

• Knowledge of cloud/ on-premise/ hybrid environments; knowledge of TCP/IP and data

protocols.

• Knowledge of security standards such as NIST/ FISMA/ SANS/ CIS Critical Security

Controls/ Risk Management Framework/ CJIS/ FIPS 140-2/ PCI compliance.

• Knowledge of regulatory requirements related to data protection and privacy, including

HIPAA/ FERPA, etc.

• Demonstrated ability to analyze/ assess/ identify opportunities and implement solutions to

improve efficiency and reduce waste; apply strong knowledge and understanding of the

principles, methods, and techniques of process/ quality improvement.

• Demonstrable understanding and experience in the full spectrum of technologies, work

processes/ flows, network systems, applications, and networking principals essential to

deliver successful technology solutions within the City.

• Able to build constructive working relationships in high performing teams and across

organizational units.

• Able to multitask, solve practical problems and deal with a variety of situations with limited

information; strong analytical and problem-solving skills; able to interpret, assess, and

diagnose symptoms; able to leverage resources for research and problem resolution.

• Able to perform a wide variety of duties and responsibilities with accuracy and speed under

the pressure of time-sensitive deadlines.

• Able to work under limited supervision.

Education & Certifications:

• Bachelor or Master Degree in Computer Science, Management Information Systems,

Business, or other related field.

• A minimum of 6 years of work experience working within the cyber security field.

• A minimum 4 years of experience in a similar environment performing security, network,

and technology administration or any equivalent combination of education, training,

certifications, and experience which provides the required KSAs to perform the essential

duties and responsibilities of the position.

• Active and current technical certifications in at least two of the following: CEH, CISM,

CompTIA Security , CISSP, CISM, CISA, or CCSP.

LANGUAGE SKILLS

Ability to read and interpret documents such as safety rules, operating and maintenance

instructions, and procedure manuals. Ability to write routine reports and correspondence. Ability

to speak effectively before groups of customers or employees of organization.

4

REASONING ABILITY

Ability to solve practical problems and deal with a variety of concrete variables in situations

where only limited standardization exists. Ability to interpret a variety of instructions furnished

in written, oral, diagram, or schedule form.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met in order to

successfully perform the essential functions of this job. Reasonable accommodations may be made

to enable individuals with disabilities to perform the essential functions. Ability to access, input,

and retrieve information from a computer or other computational device. Answer telephones, and

maintain multiple files. Must read and analyze large quantities of data/ information.

Must have sufficient mobility to get back and forth from office to off-site meetings, locally/

regionally/ nationally. Stand, walk, sit, use hands to finger, handle or feel, reach with hands and arms, stoop, kneel, crouch, or crawl, and taste or smell. The employee may frequently lift, carry or position objects weighing up to twenty-five pounds and occasionally with assistance may lift, carry and position heavy objects up to seventy-five pounds utilizing proper body mechanics and techniques. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those that may be encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Occasional exposure to outside weather conditions. Risk of electrical shock while working with equipment.

The noise level in the work environment is usually moderate to high.

The City of Lowell is a smoke and drug-free employer and requires a physical with drug screen and CORI post offer.

Qualified individuals should apply by the deadline by submitting application/resume with cover letter using the City of Lowell job opportunities online portal: https://selfservice885.tdr.tylerhosting.cloud/ess/employmentopportunities/default.aspx

The City is committed to encouraging diversity and inclusion through equitable opportunities for all community members. The aim is for our workforce, including contractors, to be truly representative of all sections of society and our community, and for each team member to feel respected while fostering belonging.

"The City of Lowell assures that every individual shall have equal access to all City employment opportunities. The City is all-inclusive and no person shall be denied equal access because of race, creed, color, religion, national origin, sex, sexual orientation, gender identity, age, military service, or physical/mental disability."

EOE/AA/504 Employer

Job Type: Full-time

Pay: $51.42 - $55.36 per hour

Expected hours: 40 per week

Benefits:

• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Retirement plan

Schedule:

• Monday to Friday

Ability to Relocate:

• Lowell, MA: Relocate before starting work (Required)

Work Location: In person