Information Security Analyst

Applications will be accepted until position is filled - Apply on-line. At the option of the hiring official, a candidate will be placed in one of the following levels based on education, experience, knowledge, skills, and behaviors required. SUMMARY - Senior Information Security Analyst: Under the general supervision of the Supervisor, IT Infrastructure, the Senior Information Security Analyst performs troubleshooting, installation, and maintenance on equipment and software systems related to electronic access control and monitoring.

The incumbent ensures the stability and integrity of in-house electronic access control and monitoring systems. In addition, the incumbent performs change management and configuration activities, security controls testing, system baseline activities, vulnerability testing and analysis, and network traffic analysis to ensure system reliability and security. The incumbent participates in in-house, regulatory, and industry teams including working groups, committees, incident response teams, and business continuity teams as required.

Also, the incumbent participates in exercises that test policies, procedures, and skills which are required by business and critical operations. The incumbent responds to anomalous events that will require analysis and will have to synthesize and correlate complex events to ensure operational security. SUMMARY - Information Security Analyst: Under the general supervision of the Supervisor, IT Infrastructure, the Information Security Analyst performs troubleshooting, installation and maintenance on equipment and software related to electronic access control and monitoring.

The incumbent ensures the stability and integrity of in-house electronic access control and monitoring systems. In addition, the incumbent participates in in-house, regulatory and industry teams including working groups, committees, incident response teams and business continuity teams as required. The incumbent also participates in exercises that test policies, procedures and skills which are required by business and critical operations.

The incumbent responds to anomalous events that will require analysis and will have to synthesize and correlate complex events to ensure operational security. ESSENTIAL DUTIES AND RESPONSIBILITIES - Senior Information Security Analyst include the following; other duties may be assigned. Ensures the stability and integrity of in-house electronic access control and monitoring systems which may include SEIM devices, IDS sensors, IPS, data diodes, firewalls, switches, routers, application white listing, network anomaly detection devices, log retention systems, log forwarding systems, network monitoring systems, and analytics software used in the monitoring of critical cyber assets associated with the operation of multiple departments.

Performs change management and configuration activities, security controls testing, system baseline activities, vulnerability testing and analysis, and network traffic analysis to ensure system reliability and security. Installs, troubleshoots, and maintains hardware and software systems related to electronic access control and monitoring systems. Reviews logs, configurations, rule sets, user accounts, account groups, and network traffic for adherence to policy/procedure.

Responds to anomalous events that will require analysis and will have to synthesize and correlate complex events to ensure operational security. Tests and implements IDS/IPS rule sets and signatures. Conducts security controls testing after significant changes to cyber assets to ensure proper security posture to meet regulatory guidelines.

Monitors cyber assets and critical infrastructure to ensure system up-time. Engages in change/configuration management activities for cyber assets. Performs network traffic analysis when anomalous traffic needs to be investigated.

Assists in conducting incident response and forensic investigations. Conducts vulnerability testing, analysis, and mitigation for cyber assets. Analyzes network infrastructure rule sets manually and uses software tools to ensure proper security posture for compliance.

Writes reports and briefings related to specific information security issues. Tickets and tracks operational issues related to the security posture of cyber assets which are in scope for this group. Conducts research on network products, services, protocols, and standards to remain abreast of developments in the information security industry.

Participates in exercises that test policies, procedures, and skills which are required by business and critical operations. Participates in in-house, regulatory, and industry teams including working groups, committees, incident response teams, and business continuity teams as required. ESSENTIAL DUTIES AND RESPONSIBILITIES - Information Security Analyst include the following; other duties may be assigned.

Ensures the stability and integrity of in-house electronic access control and monitoring systems which may include SEIM devices, IDS sensors, IPS, data diodes, firewalls, switches, routers, application white listing, network anomaly detection devices, log retention systems, log forwarding systems, network monitoring systems and analytics software used in the monitoring of critical cyber assets associated with the operation of multiple departments. Installs, troubleshoots and maintains hardware and software systems related to electronic access control and monitoring systems. Reviews logs, configurations, rule sets, user accounts, account groups and network traffic for adherence to policy/procedure.

Responds to anomalous events that will require analysis and synthesizes and correlates complex events to ensure operational security. Monitors cyber assets and critical infrastructure to ensure system up-time. Engages in change/configuration management activities for cyber assets.

Performs network traffic analysis when anomalous traffic needs to be investigated. Writes reports and briefings related to specific information security issues related to WFEC systems and critical cyber assets. Tickets and tracks operational issues related to the security posture of cyber assets which are in scope for this group.

Conducts research on network products, services, protocols and standards to remain abreast of developments in the information security industry. Participates in exercises that test policies, procedures and skills which are required by business and critical operations. Participates in in-house, regulatory and industry teams including working groups, committees, incident response teams and business continuity teams as required.

COMPETENCIES: To perform the job successfully, an individual should demonstrate the following competencies: Analysis/Design: Synthesizes complex or diverse information; collects and researches data; uses experience to complement data; designs workflows and procedures; generates creative solutions; translates concepts and information into images; uses feedback to modify designs; applies design principles; demonstrates attention to detail. Problem Solving: Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics. Professional Knowledge: Generates creative solutions; translates concepts and information into applications; uses feedback to modify recommendations; pursues training and development opportunities; strives to continuously build knowledge and skills; shares expertise with others.

Oral and Written Communication: Speaks clearly and persuasively in positive or negative situations; listens and gets clarification; responds well to questions; demonstrates group presentation skills; participates in meetings; writes clearly and informatively; varies writing style to meet needs; presents numerical data effectively; able to read and interpret written information. Teamwork: Balances team and individual responsibilities; exhibits objectivity and openness to others' views; gives and welcomes feedback; able to build morale and group commitments to goals and objectives; supports everyone's efforts to succeed. Planning/Organizing: Prioritizes and plans work activities; uses time efficiently; sets goals and objectives; develops realistic action plans.

Project Management: Develops project plans; coordinates projects effectively; communicates changes and progress; completes projects on time and budget; manages project team activities. Adaptability: Adapts to changes in the work environment; manages competing demands; changes approach or method to best fit the situation; able to deal with frequent change, delays or unexpected outcomes. Customer Service: Manages difficult or emotional customer situations; responds promptly to customer needs; solicits customer feedback to improve service; responds to requests for service and assistance; meets commitments to customers.

Cost Consciousness: Works within approved budget; develops and implements cost saving measures; conserves organizational resources. QUALIFICATIONS: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the education, experience, knowledge, skills, abilities, and behaviors required.

Education and Experience: Sr. Information Security Analyst - ($98,946 - $155,088): A Bachelor's degree in a related field and five (5) years of directly related experience in information security, digital networking, computing, telecommunications or SCADA/EMS operations is required. Extensive knowledge of TCP/IP and Cisco routing and switching, as well as proven experience with Cisco ASA firewall and VPN appliances, is preferred . click apply for full job details