Commonwealth of Pennsylvania

POSITION DESCRIPTION FOR JOB POSTING

Position Number:  50476147

Description Activated On:  10/29/2024 10:22:44 AM


Position Purpose:
Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. 

This role provides consultative expertise on complex information security forensic matters to the Commonwealth CISO and interacts with various IT security teams and leadership across the Commonwealth. The work is supervised by the senior forensic analyst, ensuring the effectiveness of the overall information security program.

Description of Duties:
Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor.

Support all aspects of IT security including: Information, Network, Physical and Security Policies at an Enterprise level.

Serves as a project leader by assigning and reviewing work and performing quality control functions for the work performed by team members on the project for the duration of the security project.

Promotes awareness of security issues among management, employees, and other entities Commonwealth-wide or agency-wide and ensures sound security principles are reflected in the OA/OIT’s vision and goals.

Creates and manages incident response project plans.

Manages and provides reporting and analysis of incidents, status reporting and analyzing benchmarks and milestones to ensure incidents and alerts are triaged properly.

Ensures that all evidence and the collection processes adhere to legal standards and that those processes are defensible in court when necessary.

The individual is responsible for adhering to established principles and practices in incident response, forensic investigation, digital evidence collection, and incident remediation. The individual acts as an incident commander during cyber-related incidents, providing direction to senior leadership.

As a subject matter expert (SME), they analyze cybersecurity incidents and forensic investigations and may testify in court proceedings as an expert witness.
Provides on call and/or emergency support, including after-hours as needed.

Adheres to the established enterprise Incident Response Procedure (IRP) process for Delivery Center related incidents which includes triage, investigations after incidents, impact analysis, root cause analysis (RCA) and recommendations for improvements to avoid similar issues.

Incident Response: Assist in the investigation and response to security incidents, including identifying compromised systems, conducting forensic analysis, and reporting findings.

Digital Evidence Collection: Support the collection, preservation, and proper handling of digital evidence during ongoing investigations while ensuring chain of custody procedures are followed.

Forensic Analysis: Utilize various forensic tools and techniques to analyze data from a wide range of digital sources, including workstations, servers, mobile devices, and network traffic.

Threat Hunting: Assist in proactive threat-hunting activities to detect and analyze advanced persistent threats (APTs) or other malicious activity within the network.

Malware Analysis: Perform basic static and dynamic analysis of malware samples to determine behavior and potential impact.

Report Generation: Create detailed incident reports summarizing findings, methods used for investigation, and recommendations for mitigating risks.

Collaboration: Work closely with senior forensic analysts, security engineers, and IT teams to resolve security issues and prevent further breaches.

Research & Development: Stay up to date on the latest security trends, threats, and tools, contributing to the ongoing improvement of security procedures and forensic methodologies.

Security Tools Management: Assist in the operation and maintenance of forensic and security tools, including SIEM systems, intrusion detection systems (IDS), and endpoint protection tools.

Adheres to established regulatory security compliance processes and procedures via fingerprint-based records check with the Federal Bureau of Investigation (FBI), Criminal Justice Information Services Division (CJIS)

Travel as needed, including overnight stays.

Perform other duties as assigned.

Decision Making:
Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature.

This position is responsible for making independent decisions during the incident response process on threat levels and leading the investigative efforts.

Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License

Experience:

5 years of forensic investigative experience

5 years of experience investigating security incidents.


Licenses, registrations, or certifications:

1. 
  N/A
 
2.  
N/A
 
3.  
N/A
 
4.  
N/A
 
5.  
N/A
 
6.  
N/A

Essential Functions
: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
 
 1. Maintains effective and collaborative working relationships
 2. Communicates and collaborates effectively verbally and in writing
 3. Ensures compliance with IT policies and Commonwealth management directives
 4. Travels as needed, including overnight status.
 5. Adapts quickly to changes in assignments and effectively multitasks in a high-stress environment.
 6. Clearly organize and present data
 7. Solves problems, reconciles competing and conflicting priorities and interests
 8. Analyzes cyber security incidents and forensic investigations as a subject matter expert (SME)
 9. Provides on call and/or emergency support
 10. Work independently.