60633 aso6 serverdesktop aug08
TRANSCRIPT
-
8/14/2019 60633 ASO6 ServerDesktop AUG08
1/6
-
8/14/2019 60633 ASO6 ServerDesktop AUG08
2/6
- 2 -
D:\DOCUMENTS AND SETTINGS\MXELG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\OLK8B\UPDATED ASO6 JP JUL 08.DOC
3. Special Conditions (Such as non-metropolitan location, travel requirements, frequent overtime, etc.) Intrastate and Interstate Travel as required (occasional)
Some out of hours work may be required Will be required to be On-Call Willing to undertake Criminal Offenders History checks and other security clearances if
required.
-
8/14/2019 60633 ASO6 ServerDesktop AUG08
3/6
- 3 -
D:\DOCUMENTS AND SETTINGS\MXELG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\OLK8B\UPDATED ASO6 JP JUL 08.DOC
JOB SPECIFICATION (continued) Position: Unit: Approval:
4. Statement of Key Outcomes and Associated Activities (Group into major areas ofresponsibility/activity and list in descending order of importance.)
4.1 Contributes to the security of server and desktop infrastructure by:
Specifying server and desktop security configurations, including server hardeningrequirements, and implementing these in conjunction with LAN and Desktop Servicessection.
Ensuring that servers and desktops are appropriately patched against security threats,by assessing security advisories, determining JTSs response to each, and liaising withLAN and Desktop Services section over implementation.
Ensuring that servers and desktops are appropriately and efficiently updated with anti-virus software definitions, in conjunction with LAN and Desktop Services section.
Specifying and implementing server and desktop audit logging requirements. Administering server and desktop security in conjunction with the Security
Administrator. Reviewing audit logs for unusual activity and actual or suspected breaches of policy and
other security incidents. Assisting in the investigation of and recovery from security incidents involving server
and desktop infrastructure. Reviewing server access permissions on a periodic basis and removing obsolete
accesses. Auditing compliance with the server and desktop aspects of JTS security policies. Auditing security related aspects of server and desktop siting, configuration and
management practices, recommending improvements, and liaising with LAN andDesktop Services section and relevant external service providers to implement suchrecommendations.
Preparing, reviewing and updating server and desktop security manuals, proceduresand other documentation.
Contributing to appropriate server and desktop infrastructure contingency plans.
4.2 Monitors appropriateness of server and desktop security controls and contributes toplans for security development that support effective program delivery by:
Assessing the security risks associated with the provision of server and desktopservices.
Assessing and proposing appropriate security changes to mitigate identified risks to anacceptable level
Evaluating the effectiveness of security controls against organisational and riskmitigation objectives, and proposing improvements where necessary.
-
8/14/2019 60633 ASO6 ServerDesktop AUG08
4/6
- 4 -
D:\DOCUMENTS AND SETTINGS\MXELG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\OLK8B\UPDATED ASO6 JP JUL 08.DOC
4.3 Provides expert technical services and advice regarding server and desktop securityby:
Developing, utilising and monitoring information/resource networks that contribute toawareness of industry trends and best practice in server and desktop security
Advising JTS on matters associated with developments in server and desktop securityand their application to JIS
Advising client agencies on appropriate courses of action with regard to server anddesktop security.
4.4 Provides backup and support to the Principal Network Security Analyst by:
Developing proficiency in network security matters and the network security controlsutilised on the Justice wide area network.
Undertaking activities allocated by the Principal Network Security Analyst.
4.5 Responsible and accountable for adhering to the requirements of the OHSW Act1986, relevant OHSW Regulations 1995; the Equal Opportunity Act 1984; the PSMAct 1995 and the principles of diversity; and the Departments policies andprocedures.
Certified Correct by Line Manager ............................................................................................ ......... ./........ .. /......... .
Acknowledged by Occupant ....................................................................................................... ..... ...../..... ...../..... .....
-
8/14/2019 60633 ASO6 ServerDesktop AUG08
5/6
- 5 -
D:\DOCUMENTS AND SETTINGS\MXELG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\OLK8B\UPDATED ASO6 JP JUL 08.DOC
PERSON SPECIFICATION (continued) Position: Unit: Approval:
Essential Minimum Requirements (Those characteristics considered absolutely necessary.)
1. Educational/Vocational Qualifications (Include only those listed in Commissioners Standard 2 as anessential qualification for the specified classification group.)
NIL
2. Personal Abilities/Aptitudes/Skills (Related to the job description and expressed in a way which allowsobjective assessment.)
Proven ability to analyse, evaluate and apply information to align server and desktopsecurity policy and practices with Portfolio and government directions
Proven ability to communicate effectively, in writing and verbally, with a wide range ofpeople from both technical and non-technical backgrounds
Demonstrated high level of technical competency and ability to provide superioranalytical skills in solving complex technical problems
Proven ability to work effectively as a member of a team or individually Demonstrated ability to work under limited direction and in a professional manner Proven commitment to the provision of excellent customer service and process/service
improvement.
3. Experience (including community experience)
Significant experience in developing and implementing server and desktop securitystrategies/policies/processes to support Portfolio policy and strategy
Experience in risk assessment processes and in identifying and implementing mitigationstrategies in relation to the protection of IT assets
Experience in developing and maintaining effective networks, alliances and operationalrelationships with internal and external clients and stakeholders in an outsourcedenvironment
Significant experience in monitoring the operation of server and desktop securitycontrols and identifying and analysing potential security incidents
Significant investigative and problem solving experience in server and desktop securityissues
Substantial experience in the use of Perl, Shell or similar scripting languages.
4. Knowledge
Generic: Knowledge of the principles and practice of OHSW, Equal Opportunity, the PSM Act
Employee conduct standards and diversity appropriate to the requirements of theposition.
-
8/14/2019 60633 ASO6 ServerDesktop AUG08
6/6
- 6 -
D:\DOCUMENTS AND SETTINGS\MXELG\LOCAL SETTINGS\TEMPORARY INTERNET FILES\OLK8B\UPDATED ASO6 JP JUL 08.DOC
Technical: Thorough general knowledge of server and desktop security and audit issues Extensive practical knowledge of Windows server and desktop operating systems and
all aspects of their security and audit controls, particularly Windows NT and Windows2000.
Significant practical knowledge of Unix and Linux operating systems and all aspects oftheir security and audit controls
Extensive knowledge of LAN data communications technologies and protocols A good understanding of security principles, issues and risks associated with the use of
the Internet, and the provision of services via the Internet
PERSON SPECIFICATION (continued) Position: Unit: Approval:
Desirable Characteristics (To distinguish between applicants who have met all essential requirements.)
1. Personal Abilities/Aptitudes/Skills
NIL
2. Experience
Experience in security controls associated with wide area networks.
3. Knowledge
A good understanding of intrusion detection technologies Significant practical knowledge of MS-Exchange and all aspects of its security and audit
controls Knowledge of PIX and Checkpoint Firewall capability and configuration Knowledge of router and switch capability and configuration Knowledge of VPN capability and configuration.
4. Educational/Vocational Qualifications ( Considered to be useful in carrying out the responsibilities of theposition.)
Tertiary qualifications in an IT related discipline.
5. Other details