Why live in Helena, Montana? · Helena is surrounded by rolling hills and lofty mountains and is tucked below the Continental Divide. · It is a relatively quiet place to call home where small-town living collides with outdoor adventure. · Helena has a rich history and was originally founded as a gold camp during the Montana gold rush. · Learn more about moving to and/or living in Helena, Montanahere.* // /In this position you will be afforded the opportunity to telework, however there will be required weekly in-office day(s) in Helena. Specific c//onditions will be outlined as part of the job offer and must adhere to state policy./ / / *Why should you keep reading and consider working here? The State Information Technology Services Division - Office of the CISO (Security Services) provides security services and support to all state government agencies, our mission is to protect citizen’s data. We utilize best practice standards and frameworks to deliver high quality security services to state agencies. We value collaboration, teamwork, and respect; and we promote a culture of diversity, equity, and inclusion to provide a safe environment for our employees to grow their skills. We invest in our employees by providing professional development opportunities that lead to career advancement and fulfillment. We use exciting technologies and solve complex issues. Our team has visibility into the State’s network and systems, and our actions have a direct impact on the State’s cybersecurity posture. Security Services is a fun place to do serious work. (You can learn more about SITSDhere.) What is this career opportunity? Do you want to help lead Montana in protecting and defending our citizens’ data from cyber threats? TheSenior Offensive Security Specialistis an exciting role for an experienced professional in the cybersecurity field to specialize in Red Team/Offensive Security activities. This position is responsible for administering the Offensive Security Program including vulnerability assessments, vulnerability consultation, and penetration testing. If you are experienced in penetration testing of web application, cloud, and/or database security, consider joining our team and lead the team in offensive security tactics; teach efficient techniques for responding to threat actors; facilitate attack/defense exercises within the Bureau; analyze malware; provide subject-matter expertise; and recommend security controls to reach desired posture and substantially impact enterprise security. What are we looking for?__ * * Education and Experience: · 4 years' experience in Cybersecurity · Bachelor’s degree in Information Security, Technology, or related field may substitute for 2 years of required experience · Proficiency in one of more of the following languages: PowerShell, Bash, Java, Python, C, C , or C# · Security certifications CEH, GPEN, and/or OSCP, or the ability to achieve one of those certifications within six months of hire. · Alternate combinations of education, experience, and certifications will be considered on a case-by-case basis. * *Certifications: The following certifications are preferred but not required: o Pentest , KLCP, GCFE, GCFA, E|CIH, CySA , CASP , or CISSP * * Competencies: Knowledge of: * * Cyber threats and vulnerabilities. * Network traffic analysis methods. * Database, Cloud, and/or Web Application Security * Vulnerability assessment * Cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). * Website types, administration, functions, and content management system (CMS). * Attack methods and techniques (DDoS, brute force, spoofing, etc.). * Host-based security products and how those products affect exploitation and reduce vulnerability. * Internal tactics to anticipate and/or emulate threat capabilities and actions. * Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. * Intrusion detection methodologies and techniques for detecting host and network-based intrusions. * Web Application Security Risks (e.g., Open Web Application Security Project Top 10 list) *Skill in: * Conducting research using our threat intelligence tools. * Social engineering techniques * Defining and characterizing all pertinent aspects of the operational environment. * Evaluating information for reliability, validity, and relevance. * Identifying cyber threats which may jeopardize organization and/or partner interests. * Using security event correlation tools. * Detecting host and network-based intrusions via intrusion detection technologies. * Conducting trend analysis. * Reading, interpreting, developing, and deploying signatures. Ability to: * * Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. * Accurately and completely source all data used in intelligence, assessment and/or planning products. * Evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. * Function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise. * Think critically. * Think like threat actors. * Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. * Apply techniques for detecting host and network-based intrusions using intrusion detection technologies. * Conduct forensic analyses in and for both Windows and Unix/Linux environments. * Interpret the information collected by network tools *Does this sound like you? Please tell us how and why by submitting yourresume andcover letter. In your cover letter, provide an example of how you’ve directly contributed to the security of an environment you were responsible for in a technical or advisory capacity. /(Please Note: You do not need to complete the “work experience” or the “education & certifications” portion of the application process in our recruiting system. You only need to upload the requested documentation.)/ What can you expect from us in return for your hard work? Ø Lookhereto see the additional benefits! They include: o Work/life Balance o Health Coverage o Retirement plans o Paid Vacation and Sick Leave and Holidays o And more… Ø Public Service Loan Forgiveness (PSLF) –Employmentwith the State of Montana may qualify you to receive student loan forgiveness under the PSLF. Lookhereto learn more and see if you may qualify! * * Other important information to be aware of. · This position requires the successful completion of a criminal background check. · Only online applications are accepted. By applying online, you are able to receive updates and monitor the status of your application.* Title: *Sr Offensive Security Specialist - Hybrid (66920) Location: Helena Requisition ID: 24141240