IT Security Engineer

We have a hybrid IT Security Engineer contract that is anticipated to be from May 2024, through October 31, 2024.

Our client is currently working remotely. However, the IT Security Engineer may periodically be required to work onsite at our client offices in Sacramento, California. The IT Security Engineer agrees to collaborate with our client, as needed, to determine a schedule for onsite work, when necessary, as required by our client to successfully provide the required services. The IT Security Engineer must utilize web cameras with videos on if requested by the meeting facilitator or project team.

It is mandated that each state implements a uniform, centralized, interactive, computerized voter registration database that is defined, maintained and administered at the state level. This database must contain the name and registration information of every legally registered active or inactive voter in the state.

California implemented their application to provide a single, uniform, centralized voter registration database that meets applicable requirements and has been declared to be the official system of record for voter registration in the State. This application is currently in the Maintenance and Operations phase. The applications' main functions include:

• Provides a single, official statewide database of voter registration information.
• A publicly available website and California Online Voter Registration (COVR), which allow voters to register online and check registration status.
• Connects the Secretary of State and all 58 county elections offices together to improve the voter registration process.
• A functional interface for counties, which are charged with the actual conduct of elections, to access and update the voter registration data.
• Interfaces with the two county Elections Management Systems (EMS) software solutions from DFM Associates and Runbeck.
• Interfaces with the Department of Motor Vehicles (DMV), the California Department of Corrections and Rehabilitation (CDCR), the California Employment Development Department (EDD), and the Department of Public Health (CDPH) for identification verification and list maintenance purposes.
• Allows third party posting entities (e.g., Rock the Vote, DMV) to post certain data elements on the COVR application on behalf of voter registration applicants who use the third-party posting entity's website to capture specific voter registration information.
• Assigns unique URLs for identifying the origin of the registration for National Voter Registration Act (NVRA) agencies (e.g., Covered California, DMV) and universities.

Our client considers their application to be a large-scale, complex information technology system, arising, in part, from the following:

• There are a large and diverse number of direct stakeholders including 58 counties that have a vested interest in the changes made to our clients' application. All election processes and data requirements are dependent on the availability and accuracy of voter registration data.
• In order to minimize our clients' application impact on county stakeholders, they adopted an implementation strategy enabling county elections officials and staff throughout the state to continue relying upon the independent, proprietary EMSs in use prior to implementation of on their application. This strategy required modification to these EMSs to integrate and directly communicate with our clients' application.
• The EMS in use within any California county is owned, maintained and supported by one of two commercial firms. Our client has contracted with each of these two firms to: collaborate with our client, the System Integrator (SI) and one another to define and design the application-EMS interface; modify or "remediate" their respective EMSs to support that interface; and, test and support the phased deployment of the modified EMSs and the application in conjunction with the our client, the SI and one another. Additional firms may follow an approval process in order to create another EMS that can be used by counties to integrate with our clients' application.
• While this implementation strategy leveraged the counties' investment in and familiarity with their existing EMSs, it also increased the breadth of the project's collaboration, coordination, and communication efforts, which span and interconnect our client, the SI, two EMS contractor teams, and the county stakeholders in all 58 counties.

Our clients' application includes, but is not limited to, the following key technology components:

• Application and database servers
• Wide Area Network infrastructure
• Internet Information Services (IIS)
• Microsoft SQL Server
• Azure Government hosting
• Azure Services
• Business Objects
• Web Services Security
• Microsoft Windows Services
• Microsoft Active Directory
• Internal Web Application
• Public Website
• Simple Object Access Protocol (SOAP)

Minimum Qualifications

• 3 years demonstrated experience assessing the security of complex integrated applications with the following characteristics:
  • Internet accessible databases containing personal (confidential) information.
  • Availability, backup, recovery, and data integrity issues of 24/7 systems.
  • Very large database and high-volume online system, that includes over 1 million records and 100K transactions a year Multiple tier application systems.
  • 2-factor or other physical security controls.
• 3 years demonstrated testing experience for each of the following:
  • Security and penetration/vulnerability testing.
  • Cloud and virtualization security.
  • OS hardening (Windows, Linux).
  • HTTP.
  • TCP/IP.
  • Encryption.
  • Routing protocols.
  • Layer 2 and Layer 3 security.
  • Database security and SQL vulnerabilities.
  • DNS architecture and security implications.
  • IT security best practices.
  • Microsoft.Net Framework.
  • Application and database servers.
  • Azure Government hosting.
  • Azure Services.
  • Wide Area Network infrastructure.
  • IIS.
  • Microsoft SQL Server.
  • Web Services security.
  • Microsoft Windows Services.
  • Microsoft Active Directory.
  • Public Websites.
  • Simple Object Access Protocol (SOAP).

Desirable Qualifications

• 3 years demonstrated experience in providing security planning and implementation services, with at least one large scale government system integration project.
• 3 years demonstrated experience assessing security risks for applications built with:
  • Reporting Services.
  • Internal Web Applications.
  • Multi-node (statewide) networks.
  • Possession of a valid Certified Information Systems Security Professional (CISSP) Certification.
  • Experience with industry standard compliance frameworks (SOX, NIST, etc.).
  • Understanding of State Administrative Manual (SAM) Section 5300, Information Security.

Minimum Application Requirements

Your application will be disqualified if you do not meet all these minimum application requirements.

• Must meet or exceed the Minimum Qualifications.
• Must be a current resident of the United States.
• Must have current work authorization for the United States.
• Must be a direct hire.
• Must agree to a hybrid work schedule when required.

Make sure to check your junk/spam folders as we will use email to reach out to you.