Job Specifications
An Official website of the Commonwealth of Massachusetts
Job Description - Cybersecurity Engineer (25000868)
Job Description
Cybersecurity Engineer - ( 25000868 )
Description
Posting Number 2025-14
SALARY RANGE (Grade 14) CSAXXX:$79,353.09 - $119,029.61 (Commensurate with experience)
This position will be based out of theBoston, Lawrence, Brockton,Marlboro, orChicopeeOSA offices. Please indicate your geographical preference in office location when applying per the application instructions below. Overview
Posting Number 2025-14
SALARY RANGE (Grade 14) CSAXXX: $79,353.09 - $119,029.61 (Commensurate with experience)
This position will be based out of the Boston, Lawrence, Brockton, Marlboro, or Chicopee OSA offices. Please indicate your geographical preference in office location when applying per the application instructions below. GENERAL STATEMENT OF DUTIES
We are seeking a dedicated Cyber Security Engineer to support the research, implementation, monitoring, and governance of the agency's network security infrastructure. This role works closely with the Senior Network Security Engineer to safeguard agency data, ensure compliance with regulatory standards, and proactively mitigate cyber threats.
The OSA is looking for motivated individuals who seek public service as an opportunity to expand their knowledge and exposure to new technology while giving back to the community. If you love to get things done and can take on responsibility, we have the job for you. SUPERVISION RECEIVED
Incumbent receives supervision from the Assistant Director of IT, Network Operations and works with the Network Security Engineer. DUTIES AND RESPONSIBILITIES
The OSA is a small Commonwealth government agency of 230 individuals, governed separately from the State's networks, but interacting with them to perform data extracts and secure communications. Agency offices are located across the state at seven (7) locations connected by secured private lines. Key responsibilities will include supporting the research, acquisition, implementation, and monitoring of new network devices and software for the secure operation of the agency workflows. Duties are shared across modern infrastructure and a skilled IT workforce of over a dozen technicians and engineers, and include the following:
Assist in maintaining the agency's cybersecurity strategy and data governance policies.
Monitor and enforce data protection and retention rules using Microsoft Purview.
Analyze security events and logs to identify risks and maintain compliance with industry regulations.
Conduct security audits, vulnerability assessments, and penetration testing to strengthen the agency's security posture.
Respond to and investigate data breaches, ensuring swift remediation and transparent communication.
Provide cybersecurity awareness training and technical support to agency staff.
Stay informed on emerging threats and recommend proactive security measures.
Maintain thorough documentation of security policies, procedures, and protocols.
Acquire and maintain key certifications. QUALIFICATIONS REQUIRED QUALIFICATIONS AND EXPERIENCE
Minimum of 3 years of experience in cybersecurity roles.
Experience with data classification and securing sensitive information (PHI, PII, financial data).
Familiarity with security tools and technologies such as firewalls, SIEMs, intrusion detection/prevention systems, and data loss prevention solutions.
Practical experience with Microsoft M365 administration, MS Purview, Fortinet, Juniper, Cisco, and Tenable products.
Microsoft Active Directory and Entra ID (Azure Active Directory).
Excellent problem-solving skills with attention to detail.
Strong communication and collaboration abilities to work effectively across teams.
Ability to work independently and manage multiple activities simultaneously.
Capable of both oral and written communications, including the ability to communicate complex technical information effectively to non-IT staff. DESIRED QUALIFICATIONS
Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
Relevant certifications such as CISSP, CISM, or CISA (highly desirable).
Strong understanding of cybersecurity frameworks, including NIST, ISO 27001, and CIS Controls.
Knowledge of business continuity and disaster recovery planning.
Software security and QA assessments.
Knowledge of IP networking and topologies.
Knowledge of and experience with AI chatbots for ideation or problem-solving.
The Office of the State Auditor is committed to providing equal employment opportunities. Employment actions such as recruiting, hiring, training, and promoting individuals are based upon a policy of non-discrimination. Employment decisions and actions are made without regard to race, color, gender, religion, age, national origin, ancestry, sexual orientation, gender identity and expression, disability, military status, genetic information, political affiliation, or veteran's status.
Official Title : Eng