This listing has expired and therefore is not publicly viewable.
|Company||California Department of Corrections and Rehabilitation|
|Preferred GIAC Certifications||GLEG, GCFA, GSLC, GNFA, GCPM|
|Salary||$85000 - $108000|
The CDCR Security Intelligence and Operations Center (SIOC) will be leading every aspect of security for one of the most technologically driven correctional and law enforcement operations, the members will coordinate with private, state and federal entities to secure some of the most confidential and sensitive crime and safety information in California. These positions will be at the leading edge to counteract hacker attacks, perform ongoing red-team engagements, proactive insider threat hunting, incident response, cyber threat intelligence collection and analysis, and defense countermeasure implementation. The mission of this team is critical to California in order to enhance public safety by protecting the privacy and civil liberties of all individuals, safeguarding sensitive information, preserving confidentiality, and enabling the Agency to proactively enforce safety, innovate law enforcement, detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, correctional operations, and rehabilitation efforts. The SIOC supports Agency-wide goals and ensures a secure computing environment providing availability, confidentiality and integrity of correctional and rehabilitative information.
Oversee management and supervisory activities for the Cyber Security Intelligence and Operations Center (SIOC)
including initial implementation and continuous improvement of functions within the SIOC and the ISO. The SIOC
manager will define and facilitate security alert queue and defining of response procedures as well as ensuring
metrics are well defined and are being met. The incumbent will manage, initialize and refine team processes and
functions to perform threat hunting for malicious and criminal activity across the network and digital assets. Manage
and mentor technical security, digital forensics and threat intelligence analysts to provide indications and warnings,
and contribute to predictive analysis of malicious activity. Provide leadership and direction to a security team
responsible for information security policy, architecture, operations, administration, compliance and audit support.
Managing day-to-day operations of security functions, development of security initiatives and standards, definition of
work practices and relevant metrics for tracking performance, engaging with Agency-wide functional teams to
implement practices that meet defined policies and standards for information security, and developing organizational
communication campaigns to foster a culture of awareness. Act as a subject matter expert for an allocated
geographic and/or thematic area, closely following open source and closed intelligence source reporting on
associated actor groups (nation-state, criminal, hacktivist, and terrorist), incidents and campaigns. Provide
administrative and managerial direction to direct staff and extended personnel participating on information security
efforts. Provide technical leadership, mentorship, and guidance to staff.
Establish and maintain working relationships/partnerships with the cyber security, infrastructure support teams
throughout the Information Technology organization, law enforcement, legal, prosecutorial, and other business units.
Creating security strategies, architect secure solutions including cloud deployments, overseeing implementation of
host based security and system hardening, and managing the deployment of security services including remote
access, penetration testing, security architecture, threat hunting, fraud detection, network security, scanning
services, log management, and security monitoring/systems. The SIOC manager will enhance skills of the team to
develop policies and procedures that ensure security awareness, risk mitigation and compliance to enhance
CDCR’s security posture. As an active member of the Computer Security Incident Response Team (CSIRT) by
enabling the team to provide technical analysis and identify remediation procedures. Identify, develop, manage, and
productively leverage external relationships to enhance intelligence collection efforts. Regularly produce Threat
Intelligence Reports detailed analysis on cyber events, including relevant political, economic, and geopolitical
variables. Provide a forward-looking view of the threat, predicting shifts in adversarial intent, goals, and strategic
objectives. Participate in inter-agency efforts on Information Security efforts. Participate on governance boards and
prepare briefings to executive branch cabinet level members on information security maturity, threats, and relevant