Security Analyst

Resources in these positions may also be assigned other deliverables, tasks, and projects as needed in support of cybersecurity operations. The resource will report directly to the Department’s Information Security Officer and shall perform, at a minimum, the tasks and/or activities described below:

1. Work with the Department’s Contract Manager to serve as the primary point of contact to ensure that start-up activities are completed within fourteen (14) days prior to the performance of services. Start-up activities include Department’s fingerprint background check and online information security training security requirements;
2. Assist with implementing, tuning, and planning regarding the Department’s Managed Security Service Provider (MSS), Security Information and Event Management (SIEM) and vulnerability management;
3. Assist in support of NextGen firewall security tools and maintain the site block list;
4. Assist in the support of Distributed Denial of Services (DDoS) protection services utilized by the Department;
5. Support and maintain endpoint detection and response (MDR/XDR) tools;
6. Analyze, troubleshoot and resolve issues with the NextGen Antivirus solutions on servers and client systems;
7. Monitor, identity, and classify vulnerabilities according to the Department’s vulnerability management plan for remediation;
8. Monitoring of Data Loss Prevention solutions, tuning, and response actions;
9. Monitoring of Network Access Control solution, tuning and response actions;
10. Monitoring and configuring Email Security solutions, tuning, and response actions;
11. Implementation of multi-factor authentication solution and zero-trust initiatives;
12. Support and perform as a technical member of the Computer Security Incident Response Team (CSIRT);
13. Develop and maintain technical specifications, standards, procedures, and systems documentation, including Systems Security Plans (SSPs);
14. Research and recommend appropriate technical solutions to meet Department requirements;
15. Provide recommendations for potential process improvements for the Office of Enterprise Security Management’s security team;

At a minimum, the Department is seeking:

Candidates with (5) years of combined IT and security / cybersecurity work experience with a broad range of exposure to system analysis, operational experience with cybersecurity infrastructure, with (3) years or more of direct experience with information security. This position requires knowledge of cybersecurity operations, vulnerability management, identity and zero-trust implementations and configurations, email security, Office 365 security, networking, firewall management and cloud-based security tools across a variety of computing platforms. The candidate will be able to work independently and as a team member on multiple security projects, and occasionally as a cybersecurity lead on large complex security initiatives and projects that require increased skill in multiple IT functional areas.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or related field, or equivalent work experience.
• Information Security related certifications (ex. CISSP, CISM, CISA, CompTIA Advanced Security Practitioner etc.) are desirable.

Preferred KSA’s

• 5+ years of combined IT and security cybersecurity work experience
• 3+ years or more of direct information security / cybersecurity experience
• 3+ years experience with vulnerability management systems
• Experience maintaining and supporting 3rd party anti-virus, EDR/MDR.XDR systems
• Experience implementing or managing zero-trust identity and advanced authentication (MFA) solutions.
• Experience with SIEM products and systems
• Experience with cloud-based email security solutions
• Experience with Incident Response
• Experience with managing Office 365 security and similar solutions.