Talent.com
serp_jobs.error_messages.no_longer_accepting
IT Security Analyst

IT Security Analyst

Government JobsSalem, OR, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Job Posting

Marion County requires on-site work. Remote work is not available.

Information Technology (IT) provides technical services, manages the countys technical resources, and provides consulting services for technology improvements through three programs : Administration, Operations, and Technology Solutions. These programs provide a complete range of technology services, which include strategic planning, new service design, systems analysis, project management, security risk management, data security, applications delivery and support networks, servers and storage, desktop and mobile management, database administration, and end-user support.

General Statement of Duties : An IT Security Analyst assists the IT Security Administrator in managing information security operations and functions; implement and support the development of related policies, procedures, and business practices; adhere to administrative controls and improvements; and follow procedures for new and changing regulatory requirements. Facilitate and coordinate throughout the county to achieve the objectives of the service plan.

Supervision Received : Under general supervision of the IT Security Administrator, or designee who assigns work, establishes goals, and reviews the results obtained for overall effectiveness through analyzing work products, observations, and meetings.

Supervision Exercised : This classification acts as a lead worker to non-supervisory employees or in collaboration with other departments.

Typical Duties

Duties include, but are not limited to the following :

  • Works inter-departmentally to identify and correct flaws in the Countys security systems, solutions, and programs while recommending specific measures that can improve the Countys overall security posture.
  • Plans, organizes, manages, and administers information security programs, operations, and functions.
  • Assists in, develops, and maintains information security policies, procedures, and business practices.
  • Leads security risk assessment efforts and supports the employee security-awareness training program.
  • Evaluates security goals, objectives, priorities, and activities to improve performance and outcomes.
  • Recommends and establishes physical, technical, and administrative security controls and improvements; serves as an advisor to the management team.

Implement and Manage Security Tools :

  • Monitors and maintains security tools / systems, including :
  • Endpoint Threat Protection Monitoring (Devices with Antivirus)
  • Cloud Security Monitoring, alerts & reports
  • Advanced Threat Protection (ATP)
  • SIEM or other logging and correlation technologies
  • Vulnerability scans for security and compliance
  • Vulnerability remediation assessment and planning
  • Implements new security configurations :
  • Researches security configuration enhancements and make recommendations to management

    • Security Risk and Prevention :

  • Monitors data access : ensures the internal control systems are monitored and that appropriate access levels are maintained following the principle of least privilege.
  • Conducts security assessments through vulnerability testing and risk analysis using available vulnerability scanning tools.
  • Assists with internal and external security audits.
  • Ensures adopted security policies, procedures, and best practices are followed.
  • Contributes to weekly security status reports to IT leadership.

    • Security Incident and Authoritative Contact :

  • Analyzes security breaches to identify the root cause.
  • Responds to potential security policy violations or complaints from external parties.
  • Assists in oversight and activities for intrusion detection and response.
  • Investigates security incidents and develop after-action reports.
  • Serves as a point of contact for external security auditors, survey requests, and for department security / privacy matters.
  • Assists in facilitating and promoting activities to create information security awareness and training.

    • Miscellaneous :

  • Participates in meetings, in-service training, workshops, etc. for the purpose of gathering information required to perform job functions.
  • Performs other duties as assigned.

    • Requirements for the Position

    Experience and Training :

  • Bachelors degree with significant coursework in computer science, information technology, or a related field; AND
  • Three years of progressive experience in cybersecurity and information security, including experience with internet technology and security issues; OR
  • Any satisfactory combination of work, education, training, or experience relevant to the position, as determined by Marion County.

    • Special Requirements :

  • Must possess a current drivers license in the applicants state of residence and an acceptable driving history.
  • The finalist for this position will be required to pass a criminal history background check, including fingerprinting; however, conviction of a crime may not necessarily disqualify an individual for this position.
  • This is a full-time position, which is not eligible for overtime.
  • This assignment is not represented by a union.
  • Typical Work Schedule : Monday through Friday, 8 : 00 a.m. - 5 : 00 p.m., with flexibility depending upon the needs of the department and program.

    • Preferences :

  • Certified Information Systems Security Professional (CISSP), or formal security certifications from (ISC), GIAC, CompTIA, ISACA, CEH, PNPT, OSCP.
  • Information security principles and practices, including any of the following : security risk assessment standards, risk assessment methodologies, and vulnerability assessments.
  • Senior level knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security software.

    • Knowledge, Skills, and Abilities :

    Knowledge of technology hardware and software systems, application languages, server based systems, cloud computing, personal computers, local and wide area network configurations and management, information and data management software and state-of-the-art system development and maintenance technologies; local, state, and federal laws, rules, policies, and regulations affecting information security and related technology and systems; strategic planning, preparation, and projection; effective leadership and organizational communication principles and practices. Working knowledge of prevailing industry security standards and common body of knowledge gained by way of CISSP, SANS, and CISA certifications. Skills and abilities to manage comprehensive information security programs; lead diverse technologies, employees, and customer groups; communicate effectively in writing and orally, make public or staff presentations; establish and maintain effective working relationships with employees, systems users, outside consultants, and vendors, including customers in high-stress situations; and assist in confidential investigations; identify information security problem areas, formulate diagnoses, and propose practical solutions. Deep understanding of network infrastructure, routers, switches, firewalls, and associated network protocols and concepts.

    Physical Requirements :

    Drives a motor vehicle; sees using depth perception; stands; sits; moves about the work area; bends forward; stoops; climbs 1 floor of stairs; crawls; reaches overhead; lifts up to 40 lbs.; pushes and pulls up to 25 lbs.; carries up to 20 lbs.; moves carts weighing up to 100 lbs.; operates a keyboard; speaks clearly and audibly; reads a 12 pt font; distinguishes shades and colors; hears a normal speech level; works in areas that may be exposed to dust.

    Public Service Loan Forgiveness

    Marion County is a qualifying public employer for the Public Service Loan Forgiveness Program. Through the Public Service Loan Forgiveness Program, full-time employees working at the County may qualify for forgiveness of the remaining balance on Direct Student Loans after 120 qualifying monthly payments under a qualifying repayment plan. Questions about your student loan eligibility should be directed to your loan servicer or the US Department of Education.

    Visa Sponsorship

    Marion County does not offer VISA sponsorship. Within three days of hire, you will be required to complete the US Department of Homeland Security's I-9 form confirming authorization to work in the United States. Marion County is an E-Verify employer and will use E-Verify to confirm that hires are authorized to work in the United States.

    Veterans' Preference

    Applicants are eligible to use Veterans' Preference when applying with Marion County in accordance with ORS 408.225, 408.230, and 408.235 and OAR 105

    serp_jobs.job_alerts.create_a_job

    It Security Analyst • Salem, OR, US