Security Analyst

A successful Principal Security Analyst will have a strong familiarity with IT security and be able to lead large-scale organizational and technical change. Working with all organizational levels and groups, as well as external vendors, the Principal Security Analyst manages information security centric projects, assesses and manages organizational risks, and identifies, investigates, analyzes, and remediates information security events. 

Qualifications:
Bachelor's degree in Computer Science, Information Assurance, Information Security, Digital Forensics, or related field; seven to 10 years  of full time, or equivalent part time, professional IT security experience including researching complex technical subject matter and documenting results/key findings for others to review; or an equivalent combination of education and experience.  Experience with SIEM systems such as Splunk a plus. 

Hands-on experience in the following technologies: SIEM, WAFs, IDS/IPS, Antivirus, CASB, DLP, IDM/IAM, Encryption; strongly preferred. Professional security certification strongly preferred, such as CISSP, CISM, CISA, CEH, applicable SANs programs or other industry certifications i.e. Cisco, Microsoft, VMware. PMP certification preferred. 

Principal Cybersecurity Analyst Job Description

Position Purpose:

A hands-on technical manager. Performs complex administrative, managerial and technical work in ensuring the confidentiality, integrity, availability and security of all Town and School information assets and IT resources; manages information security centric projects, assesses and manages organizational risks, and identifies, investigates, analyzes, and remediates information security events; all other related work as required.

Supervision:

Supervision Scope:  Performs highly technical and managerial duties that requiring a high level of initiative, creativity and independent judgment in the design, development, maintenance, integration and support of the town and school’s cyber security operations.

Supervision Received:  Works under the general supervision of the CIO, the Director of IT Operations and Manager of Networks. Once priorities are set, works with considerable latitude for independent judgment and action. 

Supervision Given: Has indirect supervisory responsibility for Town and School technical staff, training, directing and monitoring their actions relative to security. Provides feedback to the Manager of Networks, IT Operations Director and Chief Information Officer on the supervision of these employees.

Job Environment:
Work is performed under typical office conditions; the noise level is moderate.  Essential functions are regularly performed without exposure to adverse environmental conditions. Occasionally attends night meetings and technical conferences. Regularly attends meetings at various locations within the Town. Regularly required to respond to important situations, emergencies and items requiring immediate attention outside of office hours. Operates computers, printers and other peripherals, telephone, and other standard office equipment. Has frequent contact with all ITD staff and other departmental technical staff.  Have contact with other federal, state and local agencies that are our partners in cyber security.  Work with the Town’s vendors as well. Has access to municipal wide confidential information as an email administrator as well as administrative rights on the entire town/school systems network, which requires the application of appropriate judgment, discretion and professional office protocols. Errors could

result in considerable financial loss to the town, delay or loss of service, could cause significant adverse public relations and may have legal repercussions.

Essential Functions:

(The essential functions or duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or a logical assignment to the position.)

• Plans, evaluates, recommends, designs, implements and administer security solutions for complex projects, including preparation of cost justifications, use cases, alternative solutions, and technical recommendations.
• Executes, builds, and delivers high-performing security solutions, including installation, configuration, testing, organizational change management, procedures, and communication.
• Establishes sustainable, efficient ongoing processes to ensure security solutions are operated effectively.
• Presents security concepts, technologies and plans to broad audience groups.
• Designs, develops, deploys and acts as a point of escalation for a variety of platforms including, endpoint security solutions and controls, CASB solutions, encryption and certificate management solutions, network security platforms, SIEM solutions and more.
• Maintains up-to-date knowledge and understanding of information security threats, vulnerabilities, practices, principles, and solutions.
• Collaborates with business partners and works cross-functionally with departmental team members.
• Assists with implementation of counter-measures or mitigating controls.
• Provides guidance and leadership to less-experienced technical staff members.
• Assists in the development of ITD’ strategic vision on cyber security.
• Assists the virtual security team in providing education and awareness of information security policies, procedures, and best practices to employees throughout the organization.
• Keeps up to date of the Town’s incident response plan and other security policies.
• Conducts cyber security table top exercises
• Performs similar or related work as required, directed or as situation dictates.

• Recommended Minimum Qualifications:
• Education, Training and Experience:
  Bachelor's degree in Computer Science, Information Assurance, Information Security, Digital Forensics, or related field; seven to 10 years  of full time, or equivalent part time, professional IT security experience including researching complex technical subject matter and documenting results/key findings for others to review; or an equivalent combination of education and experience.  Experience with SIEM systems such as Splunk a plus.
• Hands-on experience in the following technologies: SIEM, WAFs, IDS/IPS, Antivirus, CASB, DLP, IDM/IAM, Encryption; strongly preferred. Professional security certification strongly preferred, such as CISSP, CISM, CISA, CEH, applicable SANs programs or other industry certifications i.e. Cisco, Microsoft, VMware. PMP certification preferred.
•  
• Knowledge, Ability and Skill:
• Knowledge:Knowledge of the NIST Cyber Security Framework, NIST 800-30 & 800-53, ISO 17799 & 27001 and PCI DSS.  Demonstrated knowledge of best practices in information security. Working knowledge of project management principles, and ability to coordinate delivery of high quality solutions on time and within budget. 
• Ability:Ability to manage multiple projects simultaneously. Ability to organize and express complex technical concepts. Demonstrated ability to work effectively in a team environment and foster team commitment.
• Skill:Proven analytical, problem solving and conceptual skills. Strong interpersonal skills and oral and written communication skills. Strong personal and team management skills.
•  
• Physical Requirements:
  The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Tasks may involve extended periods of time at a keyboard or workstation. Vision and hearing at, or correctable to normal ranges is necessary. Must be able to communicate verbally. Requires the ability to operate, maneuver and/or control the actions of equipment, machinery, tools, and/or materials used in performing essential functions.