Information Technology Security Administrator - Senior Cybersecurity Engineer

About The Position

The Clark County Department of Aviation (DOA) is seeking qualified candidates for the Information Technology Security Administrator position. This role is crucial for providing information technology security administration and enhancing DOA’s network security, cybersecurity operations, and risk and compliance programs. Responsibilities include maintaining and advancing the DOA’s cybersecurity programs such as Security Information Event Management, Network Security, Endpoint Detection and Response, Email Security, Incident Response, Vulnerability Management, Application Security, Cloud Security, Threat Hunting and Intelligence, OSINT, Infrastructure Protection, and Cybersecurity Awareness Training.

Additionally, the successful candidate will engage in various cybersecurity initiatives, projects, and other duties as assigned, contributing significantly to the DOA’s cybersecurity posture.

This is an open continuous recruitment; scheduling dates will vary depending on the application received and reviewed by Employee Services.

• Serves as an expert advisor to senior management in the development, implementation and maintenance of an information security infrastructure ensuring best practice control objectives for system integrity, availability, confidentiality, accountability and assurance within the context of the airports risk tolerance.
• Identifies and proposes key information security program priorities, initiatives, plans, practices and tools.
• Oversees execution of approved information security project plans and provides regular status reporting on progress of such projects.
• Implement and manage cybersecurity tools such as firewalls, endpoint detection and response, email security, configuration management, continuous monitoring, cloud security, application security, and related items.
• Provides guidance and recommendations regarding prioritization of system security infrastructure investments that mitigate risks, strengthen defenses and reduce vulnerabilities.
• Drafts and proposes organizational information security strategy and action plans based on relevant risk assessment and gap analysis.
• Develops, publishes, and maintains comprehensive information security standards, policies, procedures and guidelines.
• Acts as the primary control point during follow‑up on significant information security incidents, oversees development of response plans and provides timely update reporting.
• Advises the management team on risk issues that are related to information security and recommends actions in support of the wider risk management programs.
• Collaborates with stakeholders and industry partners (e.g., ACI, IATA, A4A, etc.) to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.
• Monitors information security trends and evolving technologies as well as keeps senior management informed about related information security issues.
• Understands potential and emerging information security threats, vulnerabilities, and control techniques and communicates this information to appropriate team members on a timely basis.
• Provides guidance in the event of a security breach, dealing with all relevant requirements (Federal, State and local) as appropriate.
• Maintains relationships with local, state, and federal law enforcement and other related government agencies as needed.
• Engages and directs outside consultants as appropriate on information security audits.
• Conducts regular and ongoing monitoring of and reporting on compliance with information security standards and policies.
• Collaborates with internal security and/or auditing personnel as relevant to information security matters.
• Directs the development and enforcement of information security and privacy policies in compliance with federal, state and local regulations and standards.
• Establishes and maintains security and business recovery policies and procedures.
• Provides security and control measures across multiple computer platforms (e.g. enterprise server, client server, network, Internet/Intranet, and desktop).
• Monitors access and use of…