|Job Title*:||Security Analyst II ||Pay Grade*:||T09 / Salary commensurate with|
experience and education
|Section*:||Information & Network Security ||Job Code:||7598B |
|Division*:||I/T ||FLSA/EEO:||Exempt/Professionals |
|Department*:||Technology || || |
Responsible for ensuring the security of applications, information, and network hardware across the enterprise. This role will interact closely with customers both internal and external, software developers, IT administrators and technicians, compliance officers, and other key stakeholders to build and advance the information and network security strategies and programs, develop and implement enterprise-level information security policies and standards, lead information security awareness activities, and identify and remediate information security issues. The Security Analyst II will serve as an essential information security interface and subject matter expert to all the Agency's functional groups and project teams. Analyze IT risks and controls testing and validation activities in support of the Change Advisory Board process or Internal and External Audits. Supporting Technology compliance requirements set by the business, internal and external audit. This role will work to improve the ability of the organization to protect the confidentiality, availability, and integrity of the Agency's information assets. Administers the enterprise network security and provides security technical expertise to internal/external contacts in a 24-hour 7 day a week operation
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Performs security operations, administers security tools, analyzes trends, methodologies, and best practices for securing platforms and operating systems at the network, server, and endpoint level.
- Assists with multiple technology/information security projects simultaneously.
- Maintains hardware and software tools used to support Information and Network Security Operations functions.
- Perform tasks for incident response efforts and investigations of suspected information security events, misuse, or compliance reviews.
- Assist in responses to internal and external compliance audits, data collection, penetration tests, and vulnerability assessments.
- Conduct detailed research to analyze security weaknesses and recommend appropriate remediation strategies.
- Identify current and emerging technology security issues including security trends, vulnerabilities, and threats.
- Coordinate maintenance of security related systems (anti-virus, intrusion detection and prevention, logging, content filtering, etc.)
- Review system design and architectures and make security-related recommendations.
- Determines threats, identifies risks and vulnerabilities to the organization, researches security breaches and recommends corrective actions.
- Assist in the development and implementation of information security policy, standards, guidelines and procedures to ensure ongoing maintenance of security and define any changes that are required.
- Enhances existing information security policy and facilitates the training for all associates identified in the policy as well as provides guidance to DART staff.
- Define requirements to create IT controls policies, procedures and documentation and review, update and publish on a quarterly basis.
- Participates in change management and incident review as needed. Document changes and actions in change management system and ticketing system.
- Provides remote support as necessary.
- Performs other duties as assigned.
MINIMUM KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED:
Note: An equivalent combination of related education and experience may be substituted for the below stated minimums excluding High School Diploma, GED, Licenses, or Certifications.
- Bachelors degree from an accredited college or university in Computer Science, Information Systems, or related field.
- Four (4) years of functional experience supporting enterprise networks and IT security field Industry frameworks related to information security, such as NIST 800-53, ITIL Foundation, ISO 27000 to include two (2+) years of experience in complex IT development environments and two (2) years of Project management techniques, coordination, and vendor management.
- Security certifications required and ITIL Foundation certification preferred.
- Knowledgeable across a variety of security products including, including but not limited to, firewalls, network-and-host-based intrusion detection (IDS) and intrusion prevention systems (IPS), security information event monitoring (SIEM) software, URL filtering, SPAM filtering, anti-filtering, anti-malware software, anti-virus software, CASB, and file encryption.
- In-depth knowledge of the regulatory compliance requirements for PCI-DSS, HIPPA, PII, etc.
- In-depth knowledge of information security risks and countermeasures for Windows and Linux platforms.
- In-depth knowledge of security hardware and software applications related to information systems security.
- A collaborative style with the ability to build partnerships both internally and externally.
- Well-rounded understanding of technology, operations and business processes.
- Ability to be dedicated to meeting the expectations and requirements of internal and external customers. Gets first-hand customer information and uses it for improvements in products and services. Acts with customers in mind. Establishes and maintains effective relationships with customers and gains their trust and respect.
- Ability to make good decisions (without considering how much time it takes) based upon a mixture of analysis, wisdom, experience, and judgment). Most of his/her solutions and suggestions turn out to be correct and accurate when judged over time. Sought out by others for advice and solutions.
- Ability to pick up on technical issues and knowledge quickly. Can quickly learn new skills and knowledge. Is good at learning new industry, company, product, or technical knowledge. Performs well in technical courses and seminars.
- Ability to write clearly and succinctly in a variety of communication settings and styles. Conveys messages that have the desired effect.
- Ability to quickly find common ground and solve problems for the good of all. Can represent his/her own interests and yet be fair to other groups. Can solve problems with peers with a minimum of noise. Is seen as a team player and is cooperative. Easily gains trust and support of peers. Encourages collaboration. Can be candid with peers.
- Ability to use rigorous logic and methods to solve difficult problems with effective solutions. Uncovers hidden problems. Conducts excellent analysis. Looks beyond the initial answer and seeks multiple solutions.
Reports to VP/Chief Information Officer *
Works in an environment where there is minimum exposure to dust, noise, or temperature. May be moderately exposed to unpleasant working conditions to include dust, noise, temperature, weather, petroleum products, and chemicals while visiting DART's operating facilities, assuming incumbent is observing all policies and procedures, safety precautions and regulations, and using all protective clothing and devices provided.
Note: The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. The statements are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All employees may perform other duties as assigned.
DART is proud to be an Equal Employment Opportunity Employer, supporting diversity in the workplace. M/F/D/V