An island community rich in history and opportunity, Galveston is the ideal place to live, work and raise a family!Job DescriptionPosition OverviewThe IT Security Specialist is responsible for safeguarding the City’s information systems, networks, and data. This role is a versatile position that combines aspects of monitoring, incident response, compliance, and security engineering. The specialist works closely with Infrastructure, Applications, and Support Services teams to ensure the confidentiality, integrity, and availability of information technology resources, while also supporting user awareness and compliance initiatives.
Key Responsibilities- Monitor the City’s SIEM, endpoint protection, and firewall systems for suspicious activity.
- Investigate and document security events, escalating incidents in accordance with the City’s Incident Response Plan.
- Support business continuity and disaster recovery efforts, ensuring essential City services remain operational.
- Conduct vulnerability scans on City servers, networks, and applications.
- Lead/participate in incident response efforts, including containment, eradication, recovery, and post-incident reporting.
Track, prioritize, and remediate vulnerabilities in collaboration with Infrastructure Services and Enterprise Applications teams. - Assess risks associated with third-party vendors, cloud solutions (e.g., Workday, Tyler, Accela), and payment processing systems.
- Contribute to drafting, reviewing, and enforcing the City’s IT security policies and standards, including acceptable use policies, review of least privilege policies and data protection standards.
- Assist with preparation for audits, council reporting, and grant compliance related to cybersecurity.
- Ensure systems meet compliance with standards such as NIST, CJIS, PCI-DSS, and organizational policies.
- Conduct regular vulnerability scans, risk assessments, and penetration testing.
- Assist in policy development for information security, acceptable use, and data protection. - Provide ongoing security training to City employees, including phishing awareness and safe technology practices.
- Develop and distribute communication on emerging threats and citywide security reminders.
- Assist in the configuration and monitoring of firewalls, VPNs, and intrusion prevention systems.
- Review logs for unauthorized access attempts or anomalies.
- Partner with the Infrastructure and Support Services divisions to ensure secure configuration of desktops, mobile devices, and enterprise applications.
QualificationsEducation & Experience- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent combination of education and experience).
- 2 years of experience in IT security, system/network administration
Technical Skills- Knowledge of SIEM tools, vulnerability management, and incident response.
- Familiarity with municipal applications (ERP, utility billing, municipal court, GIS, etc.).
- Understanding of networking concepts, firewalls, and cloud security.
Certifications (Desired)- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
Competencies- Strong analytical and problem-solving skills with attention to detail.
- Effective written and verbal communication for both technical staff and non-technical audiences (including Council and Department Heads).
- High ethical standards and commitment to confidentiality of sensitive government data.
Compensation RangeDOQ
The City of Galveston is an equal opportunity employer and will consider only the qualifications of the applicants. The City does not tolerate any form of discrimination based on race, color, religion, sex, age, national origin, or physical/mental disability in employment or provision services.