60633 aso6 serverdesktop aug08

8/14/2019 60633 ASO6 ServerDesktop AUG08

1/6


2/6

- 2 -

D:\DOCUMENTS AND SETTINGS\MXELG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\OLK8B\UPDATED ASO6 JP JUL 08.DOC

3. Special Conditions (Such as non-metropolitan location, travel requirements, frequent overtime, etc.) Intrastate and Interstate Travel as required (occasional)

Some out of hours work may be required Will be required to be On-Call Willing to undertake Criminal Offenders History checks and other security clearances if

required.


3/6

- 3 -


JOB SPECIFICATION (continued) Position: Unit: Approval:

4. Statement of Key Outcomes and Associated Activities (Group into major areas ofresponsibility/activity and list in descending order of importance.)

4.1 Contributes to the security of server and desktop infrastructure by:

Specifying server and desktop security configurations, including server hardeningrequirements, and implementing these in conjunction with LAN and Desktop Servicessection.

Ensuring that servers and desktops are appropriately patched against security threats,by assessing security advisories, determining JTSs response to each, and liaising withLAN and Desktop Services section over implementation.

Ensuring that servers and desktops are appropriately and efficiently updated with anti-virus software definitions, in conjunction with LAN and Desktop Services section.

Specifying and implementing server and desktop audit logging requirements. Administering server and desktop security in conjunction with the Security

Administrator. Reviewing audit logs for unusual activity and actual or suspected breaches of policy and

other security incidents. Assisting in the investigation of and recovery from security incidents involving server

and desktop infrastructure. Reviewing server access permissions on a periodic basis and removing obsolete

accesses. Auditing compliance with the server and desktop aspects of JTS security policies. Auditing security related aspects of server and desktop siting, configuration and

management practices, recommending improvements, and liaising with LAN andDesktop Services section and relevant external service providers to implement suchrecommendations.

Preparing, reviewing and updating server and desktop security manuals, proceduresand other documentation.

Contributing to appropriate server and desktop infrastructure contingency plans.

4.2 Monitors appropriateness of server and desktop security controls and contributes toplans for security development that support effective program delivery by:

Assessing the security risks associated with the provision of server and desktopservices.

Assessing and proposing appropriate security changes to mitigate identified risks to anacceptable level

Evaluating the effectiveness of security controls against organisational and riskmitigation objectives, and proposing improvements where necessary.


4/6

- 4 -


4.3 Provides expert technical services and advice regarding server and desktop securityby:

Developing, utilising and monitoring information/resource networks that contribute toawareness of industry trends and best practice in server and desktop security

Advising JTS on matters associated with developments in server and desktop securityand their application to JIS

Advising client agencies on appropriate courses of action with regard to server anddesktop security.

4.4 Provides backup and support to the Principal Network Security Analyst by:

Developing proficiency in network security matters and the network security controlsutilised on the Justice wide area network.

Undertaking activities allocated by the Principal Network Security Analyst.

4.5 Responsible and accountable for adhering to the requirements of the OHSW Act1986, relevant OHSW Regulations 1995; the Equal Opportunity Act 1984; the PSMAct 1995 and the principles of diversity; and the Departments policies andprocedures.

Certified Correct by Line Manager ............................................................................................ ......... ./........ .. /......... .

Acknowledged by Occupant ....................................................................................................... ..... ...../..... ...../..... .....


5/6

- 5 -


PERSON SPECIFICATION (continued) Position: Unit: Approval:

Essential Minimum Requirements (Those characteristics considered absolutely necessary.)

1. Educational/Vocational Qualifications (Include only those listed in Commissioners Standard 2 as anessential qualification for the specified classification group.)

NIL

2. Personal Abilities/Aptitudes/Skills (Related to the job description and expressed in a way which allowsobjective assessment.)

Proven ability to analyse, evaluate and apply information to align server and desktopsecurity policy and practices with Portfolio and government directions

Proven ability to communicate effectively, in writing and verbally, with a wide range ofpeople from both technical and non-technical backgrounds

Demonstrated high level of technical competency and ability to provide superioranalytical skills in solving complex technical problems

Proven ability to work effectively as a member of a team or individually Demonstrated ability to work under limited direction and in a professional manner Proven commitment to the provision of excellent customer service and process/service

improvement.

3. Experience (including community experience)

Significant experience in developing and implementing server and desktop securitystrategies/policies/processes to support Portfolio policy and strategy

Experience in risk assessment processes and in identifying and implementing mitigationstrategies in relation to the protection of IT assets

Experience in developing and maintaining effective networks, alliances and operationalrelationships with internal and external clients and stakeholders in an outsourcedenvironment

Significant experience in monitoring the operation of server and desktop securitycontrols and identifying and analysing potential security incidents

Significant investigative and problem solving experience in server and desktop securityissues

Substantial experience in the use of Perl, Shell or similar scripting languages.

4. Knowledge

Generic: Knowledge of the principles and practice of OHSW, Equal Opportunity, the PSM Act

Employee conduct standards and diversity appropriate to the requirements of theposition.


6/6

- 6 -


Technical: Thorough general knowledge of server and desktop security and audit issues Extensive practical knowledge of Windows server and desktop operating systems and

all aspects of their security and audit controls, particularly Windows NT and Windows2000.

Significant practical knowledge of Unix and Linux operating systems and all aspects oftheir security and audit controls

Extensive knowledge of LAN data communications technologies and protocols A good understanding of security principles, issues and risks associated with the use of

the Internet, and the provision of services via the Internet

PERSON SPECIFICATION (continued) Position: Unit: Approval:

Desirable Characteristics (To distinguish between applicants who have met all essential requirements.)

1. Personal Abilities/Aptitudes/Skills

NIL

2. Experience

Experience in security controls associated with wide area networks.

3. Knowledge

A good understanding of intrusion detection technologies Significant practical knowledge of MS-Exchange and all aspects of its security and audit

controls Knowledge of PIX and Checkpoint Firewall capability and configuration Knowledge of router and switch capability and configuration Knowledge of VPN capability and configuration.

4. Educational/Vocational Qualifications ( Considered to be useful in carrying out the responsibilities of theposition.)

Tertiary qualifications in an IT related discipline.

5. Other details

60633 aso6 serverdesktop aug08

Documents