Commonwealth of Pennsylvania

POSITION DESCRIPTION FOR JOB POSTING

Position Number:  50296280

Description Activated On:  6/29/2026 3:49:16 PM


Position Purpose:
Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. 

This position will serve as an agency Information Security Specialist 1 and will report directly to the agency Senior Security Engineer. The Security Specialist 1 will focus on where sensitive data is present and the effectiveness of cybersecurity controls to protect that information.

This position will be responsible for exporting vulnerability reports to key stakeholders, monitoring security tools for potentially malicious activity, generating key cyber threat intelligence reports, and supporting security architecture.

Description of Duties:
Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor.

TECHNICAL ANALYST FOR THREAT AND VULNERABILITY MANAGEMENT

• Support security hardening configurations to include operating systems, commercial software and custom applications.

• Ensure vulnerability scanning and remediation of significant issues occur before new infrastructure or applications enter production status.

• Evaluate cybersecurity advisories, communicate internally and influence vulnerability remediation.

• Facilitate remediation of cybersecurity issues. Tracks to closure with process and technical control owners.

• Improve processes to reduce the time to remediate vulnerabilities and to detect suspicious activity.

• Gathers technical security artifacts and evidence in support of external audits. Conducts remediation within scope of the cybersecurity program and related technology.

CYBER THREAT INTELLIGENCE ANALYST
• Analyze and contextualize cyber threat intelligence from open source (OSINT), commercial, and internal telemetry to identify emerging threats, adversary tactics, and risks relevant to the PSERS environment.

• Produce actionable intelligence deliverables, such as threat briefs, adversary profiles, and strategic assessments to support security operations, incident response, and leadership decision making.

• Collaborate with other information security, IT, and stakeholder teams to translate intelligence into detections, alerts, and mitigations, including enrichment of SIEM workflows.

• Track and assess threat actor activity and campaigns using MITRE ATT&CK framework, continuously refining prioritization based on business impact and threat relevance.
• Develop policies, procedures and standards to mitigate adversary Tactics, Techniques and Procedures (TTPs) with a focus on data security.


SIEM AND SECURTIY TOOLS ANALYST

• Configure reporting and alerts. Replicate security logging and events to the SIEM. Integrate alerts into IT systems and processes.

• Enhance log/event centralization and monitoring via SIEM software.

• Evaluate existing Security Operations Center (SOC) monitoring services and make recommendations for improvement.

• Review SIEM analysis reports and alerts. Investigate suspicious activity. Participate in incident response activities.
• Assist in root cause analysis at the conclusion of an incident. Provide recommendations and influence change to prevent recurrence.
• Conduct further analysis using internal security tools to identify and investigate potential security threats.
• Investigates and performs forensic analysis within endpoints, networks and applications to include policy and user acceptable use violations.
• Gathers technical security artifacts and evidence in support of external audits. Conducts remediation within scope of the cybersecurity program and related technology.

• Escalate findings to Information Security Specialist 2 for in-depth investigation and analysis.

• Provide after-hours support coverage when necessary.

ENTRY LEVEL ANALYST FOR SECURITY BY DESIGN

• Assist in projects for design and implementation of security technology.

• Participate in projects to establish security controls in the design phase of new systems and applications.

• Validates inventory records of where sensitive data is stored, processed and transmitted within the agency. Confirms access controls are in place based on the principles of least privilege and separation of duties.

• Evaluate change requests to determine if appropriate security controls are included.

• Evaluate security policy exception requests, including compensating controls and residual risk.
• Review firewall rules on a regular basis and provide feedback for change management policy regarding firewall rules.

IDENTITY AND ACCESS MANAGEMENT ASSISTANT
• Provide backup support for IAM lifecycle tasks (basic provisioning/deprovisioning).
• Assist IAM analysts with identity alert triage during peak periods.
• Support authentication troubleshooting at a Tier 1 level.


OTHER DUTIES

• Provide support for privacy framework requirements within the scope of cybersecurity.

• Perform related duties and fulfill responsibilities as required.

• This position is identified as essential - level 2. It supports a critical business function and when there is a declaration of an office closing, emergency or disaster, the successful candidate may be required to participate/assist in those functions to aid the business continuity process. As such, the successful candidate may be required to remain at or report to work at headquarters or an alternate site and be available or reachable by telephone during the recovery process.


Decision Making:
Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature.

Responsible for independent decision making relating to assigned areas of responsibility. Works under limited supervision, with latitude for the use of initiative and independent judgment.

The position has analytical and consultative responsibilities for implementation and on-going maintenance of the agency’s information security software and devices. The Security Specialist works closely with the agency IT Team, the Commonwealth of Pennsylvania Information Security Team and Vendor Information Security Teams. Supports multiple projects with deadlines.

Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License

Experience:



Licenses, registrations, or certifications:

1. 
  N/A
 
2.  
N/A
 
3.  
N/A
 
4.  

 
5.  

 
6.  


Essential Functions
: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
 
 1. Maintains broad IT technical knowledge and ability to apply expertise to both actively and proactively problem solve existing and future potential
 2. See job duties listed above
 3. See job duties listed above
 4.
 5.
 6.
 7.
 8.
 9.
 10.