Cybersecurity Administrator

Telework: This position will report to the headquartered location a minimum of 2 days per week. You may have the opportunity to telework the remainder of the week, if desired and based on business need., The Cybersecurity Administrator leads daily cybersecurity operations, including incident response, vulnerability management, SOC Coordination, and proactive threat hunting. This role ensures alignment with NIST CSF, NIST SP 800-53, and JCIS requirements, manages cyber risks and supports audits, oversees the security technology stack, and partners with internal units to promote secure-by-design practices. The position also contributes to security awareness initiatives, maintains security policies and standards, supervises cybersecurity staff, and communicates risk and incident updates to leadership. The Cybersecurity Administrator has a primary reporting line to the Director of IT & Cyber Operations and a secondary reporting line to the Chief Technology & Security Officer., * Owns incident response procedures (classification, triage, containment, eradication, recovery), playbook development, tabletop exercise, and after-action review with corrective actions

• Coordinates Security Operations Center (SOC) activities to enhance mean time to detect and respond (MTTD/MTTR) to cybersecurity incidents
• Ensures continued alignment with NIST CSF, NIST 800-53, and CJIS Security Policy control families at the direction of the Chief Technology & Security Officer (CTSO)
• Oversees the daily tactical operations of the Vulnerability Management Program including asset coverage, scanning cadence, risk-based prioritization, exception handling, and executive reporting
• Analyzes and manage cybersecurity-related risks in alignment to the Cyber Risk Management Program including updates to the risk register, corrective actions, and formal risk acceptance processes
• Collaborates with the Technology Strategy section on the Security Awareness & Training Program to ensure periodic training is administered to OAG staff, phishing campaigns are orchestrated, and metrics are collected for continuous improvement and learning activities
• Contributes to the development and ongoing maintenance of security policies, procedures, standards, and programs to ensure continued attestation and training is administered
• Provides support during internal and external audits and assessments to ensure findings and Plan of Action & Milestones (POA&M) are managed through closure
• Owns the security technology stack including the SIEM/SOAR, EDR, Vulnerability Management, Email Security, Identity Security, Network Security, and Data Protection platforms
• Partners with the Infrastructure, Technology Experience, Litigation Support, and Software Engineering Units to integrate cybersecurity into the architectural design and ongoing support activities, acting as an advocate for a "secure-by-design" mentality
• Oversees reconnaissance activities in conjunction with partner agencies on threat adversaries within legal and ethical guidelines
• Leads proactive threat hunting activities including hypothesis-driven hunts, detections mapped to the MITRE ATT&CK framework, and continuous tuning of cybersecurity toolsets to improve automated detection and response capabilities
• Supervises cybersecurity personnel, including interviewing, onboarding, performance management, and coaching activities
• Briefs management and executive staff on risk posture, cybersecurity maturity levels, and incidents using data and metrics
• Builds strong relationships with staff from all divisions, sections, and units to align security with mission priorities
• Oversees and participate in on-call rotations and after-hours response during elevated events
• Performs related duties as required.

• An associate's degree in Cybersecurity, Information Technology, or a related field and five (5) years of experience working in a technology and/or cybersecurity focused role, with at least two (2) years of experience supervising a small team
• A bachelor's degree in Cybersecurity, Information Technology, or a related field and three (3) years of experience working in a technology and/or cybersecurity focused role, with at least two (2) years of experience supervising a small team
• A master's degree in Cybersecurity, Information Technology, or a related field and two (2) years of experience working in a technology and/or cybersecurity focused role, with at least two (2) years of experience supervising a small team
• Seven (7) years of experience working in a technology and/or cybersecurity focused role, with at least two (2) years of experience supervising a small team
• Any combination of experience, training, and education

Preferred Knowledge, Skills, and Abilities

• Hands-on-familiarity with compliance standards such as SOC 2, HIPPA, NIST 800-171, 800-53, CSF, or similar
• Experience with SIEM/SOAR, EDR, Vulnerability Management, Email Security, Identity Security, Network Security, and Data Protection technology platforms
• Experience with incident response procedures and concepts
• Conceptual understanding of MITRE ATT&CK frameworks
• Ability to manage and prioritize cybersecurity vulnerabilities
• Ability to make quick but informed decisions in a fast-paced environment during periods of high stress
• Ability to express ideas clearly and concisely, orally and in writing

Position Type: Full-time, Non-civil service, Non-union Work Hours: 8:30 - 5:00 Salary Range: Starting salary of $87,903, commensurate with experience