Is responsible for the implementation of security policies, procedures and standards set by the Information Security Manager. This classification works in close partnership with application development and operations teams. Work involves implementation of security into the Agile process for application development. Investigate and understand projects and technologies and give security guidance to ensure that controls are properly implemented.
This classification is distinguished by the responsibility of providing technical leadership of security initiatives. This classification is within the Information Technology Services (ITS) division with a focus on information security. Incumbents of this classification report to the Information Security Manager.
Assists in the implementation of new technologies ensuring secure code and application configurations.
Assists in developing key elements and requirements for application security.
Possesses full knowledge of the Colorado Judicial Department’s goals as established by its cyber security plan, stated policies, procedures and standards. Actively works towards upholding those goals.
Assists in performing, monitoring, and maintaining relevant security systems and provides support and troubleshooting for those systems when required.
Performs software architecture security analysis, web application penetration testing, and application reverse engineering.
Performs application vulnerability assessments and works with technology stakeholders to remediate findings.
Performs security code review across a variety of programming languages.
Develops, documents and implements application security procedures.
Operates, supports, configures and maintains security tools required for application testing.
Evaluates and reviews security of all new application technologies and cloud solutions.
Collaborates with internal stakeholders on addressing application security issues.
Adheres to established change control procedures and assists the development team during the application testing and deployment process.
Executes security incident response process as needed.
Provides Tier 1, 2 and 3 support for relevant information security related systems, supporting application development and business analysts in troubleshooting production issues.
Develops and maintains good working relationships with all Department employees and vendors.
Acts as a resource to internal ITS staff, judicial districts, other state agencies, and/or other organizational units as directed.
Travels throughout the state of Colorado as required, not to exceed 10% of the time.
Shares on-call support for all in-place security solutions.
May perform other duties related to information security technology and application development.
Attends meetings and training as required.
Performs other duties as assigned.
Responsible for one's own work product and may provide guidance, assistance, or mentorship to less knowledgeable or experienced coworkers, volunteers, or interns. This may include scheduling of work, instructing in work methods, and reviewing work products.
Graduation from an accredited college or university with a bachelor’s degree in computer science or related field and five years of work experience in software engineering with strong object-oriented skills. Additional information security or software engineering skills may substitute for the required education on a year-for-year basis. CISSP and CSSLP is preferred.
While performing the duties of this job, the employee is regularly required to talk and hear. The employee is frequently required to sit and reach with hands and arms and perform repetitive motions with wrists, hands, and fingers. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 50 pounds or more. Specific vision abilities required by this position include close vision, color vision, depth perception, ability to adjust and focus, and the ability to see clearly at 20 feet or more.
While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts, work in high precarious places and the risk of electrical shock. Frequently handles emergency or crisis situations and may be subject to varying and unpredictable situations and work hours. The employee is subject to frequent interruptions, multiple calls and inquiries, and may occasionally handle absentee replacement on short notice. The noise level in the work environment is usually moderate.