Information Security Specialist 2, PUC Print (https://www.governmentjobs.com/careers/pabureau/jobs/newprint/4817341) Apply  Information Security Specialist 2, PUC Salary $77,379.00 - $117,536.00 Annually Location Dauphin County, PA Job Type Civil Service Permanent Full-Time Job Number CS-2025-18105-G1518 Department Public Utility Commission Division PU Mis Opening Date 02/05/2025 Closing Date 2/19/2025 11:59 PM Eastern Job Code G1518 Position Number 00118834 Union Non-Union Bargaining Unit A3 Pay Group UT09 Bureau / Division Code 00171803 Bureau / Division PU Mis Worksite Address 400 North Street City Harrisburg, Pennsylvania Zip Code 17120 Contact Name Shannon Marciano Contact Phone 717.787.8714 Contact Email ra-puchr@pa.gov + Description + Benefits + Questions THE POSITION Are you a cybersecurity professional looking for a leadership opportunity in a challenging and rewarding career? If so, the Security Analyst 2 position at the Public Utility Commission (PUC) is the perfect opportunity for you to showcase your skills by strengthening the cybersecurity posture our organization and managing the vulnerability management program. Bring your skills and ambition to our team as we ensure safe and reliable utility service in Pennsylvania! DESCRIPTION OF WORK In this cybersecurity leadership role, you will be responsible for designing, implementing, and maintaining the security systems that protect the PUC's organizational and informational assets. Work includes new and existing projects that help to identify and mitigate security risks, designing and implementing security controls, monitoring and responding to security incidents, and providing technical assistance to users on security matters. You will also act as a liaison with external entities; coordinate with PUC fiscal and procurement organizations; as well as develop and update procedures, processes, and regulations to ensure the PUC’s systems and information remain in a secure state. This is a challenging and fast-paced leadership role that gives you a chance make a real difference in the security of the PUC's operations. You will work with a team of highly skilled professionals and have the opportunity to learn and grow your skills. If you are a motivated and results-oriented individual with a strong passion for cybersecurity, this is the role for you! The Public Utility Commission offers a friendly work environment, alternate work schedules, telework when approved, and the possibility for free parking. Work Schedule and Additional Information: + Full-time employment + Work hours are 8:00 AM to 4:30 PM, Monday - Friday, with a 60-minute lunch. + Telework: Part-time work from home (telework) may be a potential feature of this position. The successful candidate is required to report to the headquarters worksite daily, unless the employee meets eligibility requirements and telework has been approved. Management may discontinue any telework arrangement at any time, for any reason. In order to telework, you must have a securely configured high-speed internet connection. If you are unable to telework, you will have the option to report to the headquarters office in Harrisburg, Pennsylvania. + To be eligible to participate in telework, the employee's alternate (telework) worksite must meet the following requirements: + Within a reasonable travel distance of Harrisburg; and + Within the Commonwealth of Pennsylvania. + Please direct all questions regarding reasonable distance and the type of available telework to the PUC Human Resource Office at ra-puchr@pa.gov or 717.787.8714. + Salary: In some cases, the starting salary may be non-negotiable. + You will receive further communication regarding this position via email. Check your email, including spam/junk folders, for these notices. REQUIRED EXPERIENCE, TRAINING & ELIGIBILITY QUALIFICATIONS Minimum Experience and Training Requirements: + One year as an Information Security Specialist 1;or + Three years of experience performing technical work in information technology security, and an associate’s degree in any information technology field;or + One year of experience performing technical work in information technology security, and a bachelor’s degree in any information technology field;or + An equivalent combination of experience and training. Other Requirements: + You must meet the PA residency requirement (https://www.employment.pa.gov/Additional%20Info/Pages/default.aspx) . For more information on ways to meet PA residency requirements, follow the link (https://www.employment.pa.gov/Additional%20Info/Pages/default.aspx) and click on Residency. + You must be able to perform essential job functions. How to Apply: + Resumes, cover letters, and similar documents willnotbe reviewed, and the information contained therein will not be considered for the purposes of determining your eligibility for the position. Information to support your eligibility for the position must be provided on the application (i.e., relevant, detailed experience/education). + If you are claiming education in your answers to the supplemental application questions, you must attach a copy of your college transcripts for your claim to be accepted toward meeting the minimum requirements. Unofficial transcripts are acceptable. + Your application must be submitted by the posting closing date. Late applications and other required materials will not be accepted. + Failure to comply with the above application requirements may eliminate you from consideration for this position. Veterans: + Pennsylvania law (51 Pa. C.S. §7103) provides employment preference for qualified veterans for appointment to many state and local government jobs. To learn more about employment preferences for veterans, go to www.employment.pa.gov/Additional%20Info/Pages/default.aspx and click the Veterans’ Preference tab or contact us at ra-cs-vetpreference@pa.gov . Telecommunications Relay Service (TRS): + 711 (hearing and speech disabilities or other individuals). If you are contacted for an interview and need accommodations due to a disability, please discuss your request for accommodations with the interviewer in advance of your interview date. The Commonwealth is an equal employment opportunity employer and is committed to a diverse workforce. The Commonwealth values inclusion as we seek to recruit, develop, and retain the most qualified people to serve the citizens of Pennsylvania. The Commonwealth does not discriminate on the basis of race, color, religious creed, ancestry, union membership, age, gender, sexual orientation, gender identity or expression, national origin, AIDS or HIV status, disability, or any other categories protected by applicable federal or state law. All diverse candidates are encouraged to apply. EXAMINATION INFORMATION + Completing the application, including all supplemental questions, serves as your exam for this position. No additional exam is required at a test center (also referred to as a written exam). + Your score is based on the detailed information you provide on your application and in response to the supplemental questions. + Your score is valid for this specific posting only. + You must provide complete and accurate information or: + your score may be lower than deserved. + you may be disqualified. + You may only apply/testoncefor this posting. + Your results will be provided via email. Learn more about our Total Rewards by watching this shortvideo (https://www.youtube.com/embed/HtcSRnndflc?rel=0) ! See the total value of your benefits package by exploring ourbenefits calculator. Health & Wellness We offer multiple health plans so our employees can choose what works best for themselves and their families. Our comprehensive benefits package includes health coverage, vision, dental, and wellness programs.* Compensation & Financial Planning We invest in our employees by providing competitive wages and encouraging financial wellness by offering multiple ways to save money and ensure peace of mind including multiple retirement and investment plan options. Work/Life Balance We know there’s more to life than just work! Our generous paid leave benefits include paid vacation, paid sick leave, eight weeks of paid parental leave, military leave, and paid time off for most major U.S. holidays, as well as flexible work schedules and work-from-home opportunities.* Values and Culture We believe in the work we do and provide continual opportunities for our employees to grow and contribute to the greater good. As one of the largest employers in the state, we provide opportunities for internal mobility, professional development, and the opportunity to give back by participating in workplace charitable giving. Employee Perks Sometimes, it is the little “extras” that make a big difference. Our employees receive special employee-only discounts and rates on a variety of services and memberships. For more information on all of these Total Rewards benefits, please visitwww.employment.pa.gov and click on the benefits box. *Eligibility rules apply. 01 Have you been employed by the Commonwealth of Pennsylvania as an Information Security Specialist 1 for one or more years full-time? + Yes + No 02 If you are claiming experience in the above question, please list the employer(s) where you gained this experience in the text box below. The employer(s) and a description of the experiencemustalso be included in the appropriate sections of your application if you would like the experience to be considered in the eligibility decision. If you claimed you do not have experience, type N/A in the text box below. 03 How much full-time experience do you possess performing technical work in information technology security? + 3 years or more + 2 but less than 3 years + 1 but less than 2 years + Less than 1 year + None 04 If you are claiming experience in the above question, please list the employer(s) where you gained this experience in the text box below. The employer(s) and a description of the experiencemustalso be included in the appropriate sections of your application if you would like the experience to be considered in the eligibility decision. If you claimed you do not have experience, type N/A in the text box below. 05 How many semester credits of undergraduate college education have you completed with major coursework in information technology? If you are claiming credits/degree, you must upload a copy of your college transcript(s) for this education to be considered in the eligibility decision. Unofficial transcripts are acceptable. You must attach your transcript(s) prior to the submission of your application by using the "Attachments" tab on the left. You will not be able to add a transcript(s) to the application after it has been submitted. If your education was acquired outside of the United States, you must upload a copy of your foreign credential evaluation report. We can only accept foreign credential evaluations from organizations that are members of the National Association of Credential Services (NACES). A list of current NACES members can be found by visitingwww.naces.org (”www.naces.org”target=_blank”) and clicking the Evaluation Services Link. For additional information on foreign education credentials, please visithttps://www.employment.pa.gov/Additional%20Info/Pages/default.aspx#q3and click on Other Information. You must attach your documentation prior to the submission of your application by using the "Attachments" tab on the left. You will not be able to add a document to the application after it has been submitted. + 120 credits or more + 90 but less than 120 credits + 60 but less than 90 credits + 30 but less than 60 credits + Less than 30 credits + None 06 How many semester credits of graduate coursework have you completed in asset security, communication and network security, computer forensics, cryptography, cyber defense, cyber threats, digital forensics, discrete probability, fundamental security design principles, identity and access management (IAM), IT governance, IT infrastructure, network defense, networking technology and protocols, security and risk management, security architecture and engineering, security assessment and testing, security operations, security policy, software development security, and/or IT policy, legal, ethics, and compliance? If you are claiming credits/degree, you must upload a copy of your college transcript(s) for this education to be considered in the eligibility decision. Unofficial transcripts are acceptable. You must attach your transcript(s) prior to the submission of your application by using the "Attachments" tab on the left. You will not be able to add a transcript(s) to the application after it has been submitted. If your education was acquired outside of the United States, you must upload a copy of your foreign credential evaluation report. We can only accept foreign credential evaluations from organizations that are members of the National Association of Credential Services (NACES). A list of current NACES members can be found by visitingwww.naces.org (”www.naces.org”target=_blank”) and clicking the Evaluation Services Link. For additional information on foreign education credentials, please visithttps://www.employment.pa.gov/Additional%20Info/Pages/default.aspx#q3and click on Other Information. You must attach your documentation prior to the submission of your application by using the "Attachments" tab on the left. You will not be able to add a document to the application after it has been submitted. + 30 credits or more + Less than 30 credits + None 07 You must complete the supplemental questions below. These supplemental questions are the exam and will be scored. They are designed to give you the opportunity to relate your experience and training background to the major activities (Work Behaviors) performed in this position. Failure to provide complete and accurate information may delay the processing of your application or result in a lower-than-deserved score or disqualification. Youmustcomplete the applicationandanswer the supplemental questions. Resumes, cover letters, and similar documents willnotbe reviewed for the purposes of determining your eligibility for the position or to determine your score. All information you provide on your application and supplemental questions is subject to verification. Any misrepresentation, falsification or omission of material facts is subject to penalty. If requested, you must provide documentation, including names, addresses, and telephone numbers of individuals who can verify the validity of the information you provide in the application and supplemental questions. Read each question carefully. Determine and select which "Level of Performance" most closely represents your highest level of experience/training. List the employer(s)/training source(s) from your Work or Education sections of the application where you gained this experience/training.The "Level of Performance" you choose must be clearly supported within the description of the experience and training information entered in your application or your score may be lowered.In order to receive credit for experience, you must have worked in a job for at least six months in which the experience claimed was a major function. If you have read and understand these instructions, please click on the "Yes" button and proceed to the exam questions. If you have general questions regarding the application and hiring process, please refer to ourFAQ page (https://www.employment.pa.gov/Additional%20Info/Pages/default.aspx) . + Yes 08 WORK BEHAVIOR 1 – SECURITY PLANNING Plans and implements information technology security programs, notably the enterprise vulnerability management program and security awareness initiatives. Recommends and justifies hardware and software upgrades and enhancements to ensure systems and data are appropriately protected. Levels of Performance Select the Level of Performance that best describes your claim. + A. I have experience planning AND implementing information technology security programs. + B. I have experience implementing information technology security programs; however, someone else was responsible for the initial program plan. + C. I have successfully completed college-level coursework related to project planning and implementation or project management. + D. I have NO experience or coursework related to this work behavior. 09 In the text box below, please describe your experience as it relates to the level of performance you claimed in this work behavior. Please be sure your response addresses the items listed below which relate to your claim. If you indicated you have no work experience related to this work behavior, type N/A in the box below. + The name(s) of the employer(s) where you gained this experience. + The specific duties you performed related to security planning. + The type(s) of security projects you planned and/or implemented. + Your level of responsibility. 10 If you have selected the level of performance pertaining to college coursework, please provide your responses to the three items listed below. If you indicated you have no education/training related to this work behavior, type N/A in the text box below. + College/University + Course Title + Credits/Clock Hours 11 WORK BEHAVIOR 2 – SECURITY MONITORING AND TESTING Monitors the network to identify security deficiencies and potential threats. Manages these threats by ensuring corrective actions are implemented to address the associated issues and risks. Collaborates with developers, engineers, and stakeholders to implement security measures into software and systems. Levels of Performance Select the Level of Performance that best describes your claim. + A. I have experience monitoring and testing applications and systems. I was responsible for managing security threats and ensuring corrective action was taken. + B. I have experience monitoring and testing applications and systems. I was responsible for notifying the appropriate staff of security threats so corrective action could be taken. + C. I have successfully completed college-level coursework related to information security monitoring or testing, cybersecurity, or risk mitigation. + D. I have NO experience or coursework related to this work behavior. 12 In the text box below, please describe your experience as it relates to the level of performance you claimed in this work behavior. Please be sure your response addresses the items listed below which relate to your claim. If you indicated you have no work experience related to this work behavior, type N/A in the box below. + The name(s) of the employer(s) where you gained this experience. + The specific duties you performed related to monitoring and/or testing networks/systems for security deficiencies/threats. + The type(s) of corrective action you took to manage or resolve issues/risks. + Your level of responsibility. 13 If you have selected the level of performance pertaining to college coursework, please provide your responses to the three items listed below. If you indicated you have no education/training related to this work behavior, type N/A in the text box below. + College/University + Course Title + Credits/Clock Hours 14 WORK BEHAVIOR 3 – TECHNICAL ASSISTANCE Addresses escalated security incidents by diagnosing and troubleshooting the underlying issues. Collaborates with both end users and service providers to facilitate the resolution of these problems. Educates business departments on the significance of security threats and their potential implications. Investigates security solutions and informs management of new and emerging technologies. Levels of Performance Select the Level of Performance that best describes your claim. + A. I have experience troubleshooting, diagnosing, and resolving escalated information technology issues. I was responsible for responding to complex technical questions and providing guidance as necessary. + B. I have experience troubleshooting, diagnosing, and resolving information technology issues. I was responsible for responding to questions and resolving routine issues but referred more complex technical questions and issues to someone else for resolution. + C. I have successfully completed college-level coursework related to information technology troubleshooting. + D. I have NO experience or coursework related to this work behavior. 15 In the text box below, please describe your experience as it relates to the level of performance you claimed in this work behavior. Please be sure your response addresses the items listed below which relate to your claim. If you indicated you have no work experience related to this work behavior, type N/A in the box below. + The name(s) of the employer(s) where you gained this experience. + The specific duties you performed related to the technical assistance you provided. + The type(s) of issues you diagnosed, troubleshot, and/or resolved. + Your level of responsibility. 16 If you have selected the level of performance pertaining to college coursework, please provide your responses to the three items listed below. If you indicated you have no education/training related to this work behavior, type N/A in the text box below. + College/University + Course Title + Credits/Clock Hours 17 WORK BEHAVIOR 4 – SECURITY DESIGN AND CUSTOMIZATION Designs and customizes information technology security programs to ensure the confidentiality, integrity, and availability of systems and data. Develops IT security measures tailored to the needs of the system. Formulates detailed functional and technical specifications to define how programs interact with each other, the operations each program is permitted to execute, the requisite level of protection, and actions to be undertaken if established requirements are not met. Levels of Performance Select the Level of Performance that best describes your claim. + A. I have experience designing AND customizing information technology security programs to ensure the confidentiality, integrity, and availability of systems, networks, servers, or data. + B. I have experience customizing information technology security programs to ensure the confidentiality, integrity, and availability of systems, networks, servers, or data. Someone else was responsible for the initial design of the program. + C. I have successfully completed college-level course work related to information security concepts and security design. + D. I have NO experience or coursework related to this work behavior. 18 In the text box below, please describe your experience as it relates to the level of performance you claimed in this work behavior. Please be sure your response addresses the items listed below which relate to your claim. If you indicated you have no work experience related to this work behavior, type N/A in the box below. + The name(s) of the employer(s) where you gained this experience. + The specific duties you performed related to designing and/or customizing security programs. + The type(s) of security programs you designed and/or customized. + Your level of responsibility. 19 If you have selected the level of performance pertaining to college coursework, please provide your responses to the three items listed below. If you indicated you have no education/training related to this work behavior, type N/A in the text box below. + College/University + Course Title + Credits/Clock Hours Required Question Employer Commonwealth of Pennsylvania Address 613 North Street Harrisburg, Pennsylvania, 17120 Website http://www.employment.pa.gov