Scope of Services
• The Information Security Management (ISM) Office is looking for an expert Developer to support the Department’s efforts to ensure the security of the Department’s Information Technology systems. This ISM’s Office is responsible for the Department’s adherence to the Florida Cybersecurity Standards (F.A.C. 60GG-2).
• This position will be a lead member of the effort to review system security plans, assess risk, and recommend system controls to improve system security. This team member must have excellent communication skills to aid in communications on technical issues (with other developers, database administrators, architects, etc.) and business process issues (with Functional Leads, Subject Matter Experts, etc.). The ISM will look to this team member to give recommendations for updates to the System Security Plan Template utilized by the Department. Our goal for this position is to have a better understanding of application development and use that to improve our methods of evaluating and improving system risk.
• While this position will report to the ISM, at times it will also be involved in the development and/or maintenance of security-related components for use within FDOT’s Enterprise Application environment. This work would include participation as a member of a full lifecycle agile development team under the direction of FDOT’s Enterprise Architect. Develops custom software applications and databases, implements enhancements to existing systems, troubleshoots application issues, implements integration between applications, and implements and supports Off the Shelf software solutions. Must be able to make high-level design choices and implement solutions following technical standards, including software coding standards, tools, and platforms for the enterprise. Work directly with subject matter experts (SME) and other stakeholders to ensure solutions meet defined requirements. Will be involved, and work in concert with other team members, to analyze, design, implement, and test solutions.
• Bachelor’s or Master’s Degree in Computer Science, Information Systems, Cybersecurity or other related field. Or equivalent work experience.
Primary Job Duties/ Tasks
• The submitted candidate must be able to perform the following duties and/or tasks:
• Review System Security Plans and provide comments and feedback to project teams for improvements in security controls.
• Provide updates to the FDOT System Security Plan Template.
• Develop new System Security Plan Templates for differing types of technology such as Operational Technology and Custom of the Shelf Systems (COTS).
• Understand the concepts of the Florida Cybersecurity Standards and use that information to recommend changes to standards, policies and procedures to bring the Department into compliance with those standards.
• Work as a senior developer on various cross-functional application projects, ensuring that robust and scalable solutions are implemented. Collaborate with other team members and Subject Matter Experts to ensure solutions are implemented according to customer requirements.
• Responsible for full lifecycle application development. Ensures code is written to implement the architecture and design such that it meets standards in terms of code quality and efficiency
• Fully unit test all solutions prior to User Acceptance Testing and implementation.
• Initiate, drive and deliver effective experiences in partnership with distributed cross-functional teams to ensure all aspects of the architectural vision are communicated, supported and delivered to the highest standards; align core .NET based platform development initiatives with Department development vision, strategy and deployment
• Develop and apply knowledge of trends, relevant software development technologies and methodologies.
Job Specific Knowledge Skills and Abilities (KSAs):
• The submitted candidate must be able to apply specific knowledge, skills, and abilities in the following areas:
Knowledge of secure coding practices
• Knowledge of the Florida Cybersecurity Standards (F.A.C. 60GG-2)
• Knowledge of core cybersecurity concepts such as phishing, intrusion detection/prevention, defense in depth, perimeter security, and incident response.
• Knowledge of the management of sensitive data, confidential data and personally identifiable data (PII).
• Knowledge of vulnerability management and the tools and resources used to address vulnerabilities in a large enterprise.
• Knowledge of static and dynamic application/code scanning tools.
• Knowledge of design patterns, performance issues and troubleshooting strategies
• Knowledge of development methodologies including waterfall and agile
• Skill in architecting and deploying high volume, high transaction based, distributed and redundant web applications
• Skill with Microsoft SQL and other Relational Database Management Systems (RDBMS) including Oracle
• Skilled in verbal and written communication, interpersonal, conflict resolution, and customer service
• Ability to work effectively in a fast-paced, high volume, deadline-driven environment
• Ability to balance multiple demands and work both independently and as part of a team
• Ability to conduct complex systems analysis and translate user requirements into business solutions
• Ability to integrate research and best practices into problem avoidance and continuous improvement
• Ability to architect cloud-based applications leveraging PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) offerings for leading vendors such as Microsoft Azure and Amazon Web Services.
• Ability to lead technical teams in delivering web technology architecture, design, and implementation
• Ability to effectively work as part of a distributed development team
• Ability to display professionalism in dealing with all levels of management and staff
• Ability to exhibit creativity and resourcefulness at problem solving while collaborating and working effectively with others across varied disciplines
• Ability to support security incident response efforts through analysis of system logs.
• Knowledge of OOP (Object Oriented Programming) concepts
General Knowledge Skills and Abilities (KSAs):
• The submitted candidate must be able to apply common knowledge, skills, and abilities in the following areas:
• Communication: Have the ability to clearly convey information, in both written and verbal formats, to individuals or groups in a wide variety of settings (i.e.; project team meetings, management presentations, etc.). Must have the ability to effectively listen and process information provided by others.
• Customer Service: Works well with clients and customers (i.e.; business office, public, or other agencies). Able to assess the needs of the customer, provide information or assistance to satisfy expectations or resolve a problem.
• Decision Making: Makes sound, well-informed, and objective decisions.
• Flexibility: Is open to change, new processes (or process improvement), and new information. Has the ability to adapt in response to new information, changing conditions, or unexpected obstacles. Ability to receive and give constructive criticism, and maintain effective work relationships with others.
• Interpersonal: Shows friendliness, courtesy, understanding, and politeness to others.
• Leadership: Motivates, encourages, and challenges others. Is able to adapt leadership styles in a variety of situations.
• Problem Solving: Able to identify, evaluate, and use sound judgement to generate and evaluate alternative actions, and make recommendations as accordingly.
• Team Building: Encourages, inspires, and guides others toward accomplishing the common goal.
• Quality Assurance: Knowledge of the ideologies, techniques and tools for quality assurance and control. The ability to put the ideologies, techniques, and tools into practice.