HHS Security Incident Manager (Information Security Specialist 3)

Would you like to step into a position where your technical expertise helps safeguard essential services for millions of Pennsylvania residents? As a senior-level technical specialist, the Information Security Specialist 3 guides important cybersecurity efforts across diverse platforms. Your work will improve security readiness and support fast, effective responses to threats. This role allows you to grow while helping strengthen statewide cybersecurity. Advance your career with us!

This position plays a key role in building and supporting the Commonwealth's enterprise SIEM and log management capabilities. It focuses on engineering, analysis, and collaboration that enable strong threat detection and efficient incident response. As an Information Security Specialist 3, you will perform the following duties:

• Incident Leadership: Provide guidance during cybersecurity events and support coordinated response efforts
• SIEM Engineering: Conduct advanced configuration, maintenance, and optimization of enterprise SIEM and log management tools
• Data Pipeline Design: Build ingestion processes that onboard, parse, normalize, and enrich data from varied systems
• Detection Development: Create and refine correlation rules and alerts that improve identification of threats
• Log Analysis: Evaluate data to uncover visibility gaps and recommend improvements to monitoring coverage

Interested in learning more? Additional details regarding this position can be found in the position description.

Work Schedule and Additional Information:

• Full-time employment
• Work hours are 8:00 AM to 4:30 PM, Monday - Friday, with 60-minute lunch.
• Telework: You may have the opportunity to work from home (telework) part-time; two days telework and three days in office per week. In order to telework, you must have a securely configured high-speed internet connection and work from an approved location inside Pennsylvania. If you are unable to telework, you will have the option to report to the headquarters office in Harrisburg. The ability to telework is subject to change at any time. Additional details may be provided during the interview.
• Salary: In some cases, the starting salary may be non-negotiable.
• You will receive further communication regarding this position via email. Check your email, including spam/junk folders, for these notices.

QUALIFICATIONS

Minimum Experience and Training Requirements:

• One year as an Information Security Specialist 2 (Commonwealth job title or equivalent Federal Government job title, as determined by the Office of Administration); or
• Four years of experience performing technical work in information technology security, and an associate's degree in any information technology field; or
• Two years of experience performing technical work in information technology security, and a bachelor's degree in any information technology field; or
• An equivalent combination of experience and training.

Other Requirements:

• This particular position also requires you to possess three or more years of full-time experience with designing, managing, and optimizing SIEM (Security Information and Event Management) and log management concepts, including data ingestion, normalization, and correlation.
• This particular position also requires you to possess three or more years of full-time experience with enterprise logging across cloud, endpoint, network, and identity platforms.
• This particular position also requires you to possess three or more years of full-time experience with creating query languages and scripting for data analysis and detection development.
• You must meet the PA residency requirement. For more information on ways to meet PA residency requirements, follow the link and click on Residency.
• You must be able to perform essential job functions.

Legal Requirement:

• You must pass a background investigation and meet Criminal Justice Information Services (CJIS) compliance requirements.

How to Apply:

• Resumes, cover letters, and similar documents will not be reviewed, and the information contained therein will not be considered for the purposes of determining your eligibility for the position. Information to support your eligibility for the position must be provided on the application (i.e., relevant, detailed experience/education).
• If you are claiming education in your answers to the supplemental application questions, you must attach a copy of your college transcripts for your claim to be accepted toward meeting the minimum requirements. Unofficial transcripts are acceptable.
• Your application must be submitted by the posting closing date. Late applications and other required materials will not be accepted.
• Failure to comply with the above application requirements may eliminate you from consideration for this position.
• All application materials and interview responses must reflect the applicant's own experience, qualifications, and work. Applicants may use generative AI tools for preparation purposes only. Use of AI to misrepresent or falsify information, or to assist during interviews, is not permitted. Review the Guidance for Generative AI Tools & Job Seekers for additional information.

Veterans:

• Pennsylvania law (51 Pa. C.S. *7103) provides employment preference for qualified veterans for appointment to many state and local government jobs. To learn more about employment preferences for veterans, go to www.pa.gov/agencies/employment/how-to-apply.html and click on Veterans.

Telecommunications Relay Service (TRS):

• 711 (hearing and speech disabilities or other individuals).

If you are contacted for an interview and need accommodations due to a disability, please discuss your request for accommodations with the interviewer in advance of your interview date.

The Commonwealth is an equal employment opportunity employer and is committed to a diverse workforce. The Commonwealth values inclusion as we seek to recruit, develop, and retain the most qualified people to serve the citizens of Pennsylvania. The Commonwealth does not discriminate on the basis of race, color, religious creed, ancestry, union membership, age, gender, sexual orientation, gender identity or expression, national origin, AIDS or HIV status, disability, or any other categories protected by applicable federal or state law. All diverse candidates are encouraged to apply.

• Completing the application, including all supplemental questions, serves as your exam for this position. No additional exam is required at a test center (also referred to as a written exam).
• Your score is based on the detailed information you provide on your application and in response to the supplemental questions.
• Your score is valid for this specific posting only.
• You must provide complete and accurate information or:
  • your score may be lower than deserved.
  • you may be disqualified.
• You may only apply/test once for this posting.
• Your results will be provided via email.