Cybersecurity Administrator - IT
NOTICE TO APPLICANT
This position will close at 12:00AM MST on the End Date.You must ensure your application reflects the correct and current information for your work experience, hours worked per week per position, education, personal information, etc.
Only the information provided on this application is evaluated when determining compensation.
Job Description
PURPOSE SUMMARY. Responsible for supporting the day-to-day administration, configuration, monitoring, and maintenance of the County's information security tools and controls. The position focuses on implementing approved security policies, procedures, baselines, and controls; monitoring security events; supporting vulnerability management; administering email security protections; assisting with security incident response; and providing operational reports and documentation. The Cybersecurity Administrator collaborates with IT staff, county departments, vendors, and the Information Security Engineer to help protect County data, systems, and technology assets from cyber threats.
ESSENTIAL DUTIES.
1. Strategic Planning
Maintain operational runbooks, checklists, knowledge-base articles, configuration notes, and administrative documentation for assigned security tools and recurring security tasks.
Provide technical information and supporting documentation for risk, compliance, and audit remediation activities.
Provide technical input to support updates to security procedures, baselines, and standards when requested.
Monitor industry security updates, changes, technologies, emerging threats and best practices for continuous improvement.
Identify and track operational security metrics for assigned tools, controls, alerts, email security activity, vulnerabilities, and remediation efforts.
Assist with assessment of computer systems and security risks by researching potential threats and vulnerabilities.
Support preventive measures, control techniques, patch prioritization, and remediation tracking.
Stay up-to-date on the latest email security threats and trends and adapt configurations accordingly.
Assist with security education, training, and awareness activities using approved materials and guidance.
2. Acquisition & Deployment
Configure and maintain approved email encryption solutions and email authentication controls to ensure the confidentiality of sensitive information (e.g. SPF, DKIM, DMARC, S/MIME, PGP).
Implement and follow approved IT security and privacy policies, standards, guidelines, baselines, processes, and procedures.
Implement and maintain approved security controls such as firewalls, intrusion detection/prevention systems (IDS/IPS), access controls, endpoint protection, web filtering, and related security technologies.
Implement and enforce security technologies and methodologies including: VPN, Wireless Authentication, and Enterprise anti-virus software.
Assist IT managers and staff with technical implementation of approved security and compliance requirements within projects, initiatives, and operations.
Promote a culture of security by encouraging employees to report suspicious emails and potential security concerns.
3. Operational Management
Administer, configure, monitor, and maintain assigned security software, hardware, and cloud security tools to ensure reliable operation and appropriate protection.
Monitor security logs, network traffic, endpoint alerts, authentication logs, and email systems for anomalies, suspicious activity, and potential security incidents.
Administer and maintain email security gateways and filtering solutions to block spam, phishing attempts, malware, and other malicious content.
Run periodic vulnerability scans and security checks using approved tools and procedures.
Validate findings, document remediation status, and work with IT teams to address identified weaknesses.
Perform initial triage, collect logs and technical evidence, document actions taken, and escalate incidents according to approved incident response procedures.
Assist with containment, remediation, and recovery activities for security incidents within assigned systems and tools.
Provide technical support and information for coordination with law enforcement, outside agencies, external auditors, vendors, or managed security service providers as directed.
Investigate reported phishing messages and suspicious email activity; document findings and escalate significant trends, incidents, or risks.
Assist with internal investigations by reviewing security logs, email (traces, quarantine records, archives), and related system activity to identify source and destination, content, attachments, URLs, policy actions, and indicators of suspicious or unauthorized activity.
Monitor networks, systems, and applications for conformance with approved security requirements, baselines, and policies.
Respond to security incidents, including availability to respond to system problems and security events after hours.
Participate in the IT department’s internal SIRT (Security Incident Response Team) and support incident response activities.
ADDITIONAL DUTIES. Other duties as assigned.
QUALIFICATIONS.
A. Education. Bachelor’s degree from an accredited college or university in Computer Science, Cybersecurity, Information Technology, or related field.
B. Experience. Four (4) years of experience administering, configuring, monitoring, or supporting security technologies in an enterprise environment. One (1) year experience managing projects.
C. Education/Experience substitution. In accordance with County policy.
D. Licenses/Certifications. CompTIA Security+ is required or able to obtain within 2 months of hire. PenTest+ and Cloud+ certifications are preferred. Other security-related certifications are desirable, such as CISSP, SANS GSEC/GCIA/GCIH, or equivalent security certifications. Project Management certification is also desirable (PMP, CAPM, PPM, Project+, etc.)
E. Other (e.g., post-offer medical exam, polygraph, background check, driver’s license record, etc.). Must pass NCIC background and driving record check.
KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED BY THE POSITION:
Knowledge of:
Incident response, threat modeling, and mitigation.
Windows and Linux server management including OS hardening techniques.
Common internet protocols such as DNS, SMTP, LDAP, etc.
Network hardware and software theory and operations (including layer 2 through 7 protocols as well as hardware architecture).
Email security solutions (e.g. Mimecast), including email gateways, filtering, quarantine management, archiving/eDiscovery support, and encryption solutions.
Microsoft 365 security tools, including Defender, Purview, Entra ID, Exchange Online, and audit/search capabilities.
Endpoint Detection and Response tools (e.g. SentinelOne or equivalent).
Firewall and network-security management tools (e.g. Palo Alto Panorama or equivalent).
Security log review, alert triage, and event correlation using SIEM or centralized logging tools.
Email authentication and protection technologies, including SPF, DKIM, DMARC, TLS, URL protection, attachment sandboxing, and impersonation protection.
IPRA, litigation hold, eDiscovery, and records-retention support related to security systems and email platforms.
Ability to:
Prioritize tasks, manage time effectively, and work independently in a fast-paced environment.
Understand and communicate (written and verbal) effectively with staff, users and vendors.
Provide excellent customer service.
Support and administer the implementation of approved security technologies and methodologies including firewalls, VPN, Cisco ISE, endpoint protection, and enterprise anti-virus software.
Recognize, document, and escalate security risks, incidents, and operational issues appropriately.
Maintain accurate documentation for configurations, incidents, scans, and security administration tasks.
Preserve confidentiality and chain-of-custody when handling sensitive security records, email data, investigation materials, or IPRA-related exports.
Translate technical findings into clear, factual summaries for supervisors, IT staff, HR, legal, or leadership.
Prioritize alerts, requests, investigations, and remediation tasks based on severity, business impact, and direction from leadership.
Escalate high-risk findings, suspected compromise, policy violations, or legal-sensitive matters through the appropriate chain of command.
Skill in:
Enterprise level IT infrastructure administrative techniques.
Security tool administration, monitoring, and configuration management.
Analytical thinking, troubleshooting, and problem solving.
Basic scripting or automation for administrative security tasks, such as PowerShell, command-line tools, or vendor-provided administrative consoles.
Conducting email investigations involving phishing, spoofing, impersonation, malicious attachments, suspicious URLs, and unauthorized email activity.
Ticketing, change-management, and documentation practices for security-related work.
Vulnerability scanning, patch-validation support, and remediation tracking.
Administering email-security platforms, including policy review, quarantine management, message tracing, archive searches, and eDiscovery support.
Creating clear technical notes, investigation summaries, screenshots, evidence packages, and operational reports.
Project planning and management.
Compensation Range
$65,457.60 - $106,808.00Doña Ana County is an Equal Employment Opportunity Employer. It is our policy to abide by all federal and state laws prohibiting employment discrimination on the basis of a person’s race, color, religion, age, national origin, sex, disability, serious medical condition, genetic information, ancestry, spousal affiliation, gender identity, sexual orientation or any other unlawful criteria, except where a reasonable Bona Fide Occupational Qualification exists.
Doña Ana County will make reasonable accommodation(s) for the known physical or mental limitations of an applicant with a disability, upon request, unless the accommodation(s) would cause an undue hardship on the operation of the County. Please see http://www.donaanacounty.org/ada/ for our Public Notice and to get the Testing/Interview Accommodation Request Form or call 575-647-7210 for assistance.