Information Security Analyst - 165543

What Success Looks Like In This Job

The Information Security Analyst will primarily be responsible for monitoring for intrusions and malicious activity, assessing effectiveness of security controls protecting county information assets, identifying gaps, assessing risk, facilitating and participating in the execution the security lifecycle for IT projects, and overseeing compliance with laws and regulations pertaining to county information systems. The ideal candidate for this role will have a holistic approach to assessing security risks and uses abstract thinking to contextualize problems and formulate solutions. This job requires the ability to utilize information from many sources including: frameworks, guidelines, threat-intelligence, and industry best-practices to inform decision making.

Examples of Duties for Success

• Monitor systems and networks for malicious activity.
• Participate as a technical security role of the internal computer incident response team.
• Perform regular vulnerability scans and participate in remediation efforts.
• Assist with monitoring and operating other security solutions under the responsibility of the IT Security group.
• Monitor and Manage Data Loss Prevention (DLP) solution.
• Unplanned after-hours work is rare but should be expected occasionally.
• Promotes activities to create information security awareness throughout organization.
• Installation, configuration, and support of technical security controls and countermeasures.
• Participate in internal and external security & compliance audits.
• Attends conferences and training as required to maintain proficiency.
• Must be able to work a flexible schedule when required to operate during maintenance windows of various county departments.
• Perform other related duties and responsibilities as required.
• Work with subject matter experts to complete System Security Plan.
• Assist security and technical teams with monitoring and responding to operational alerts.
• Maintenance of security policies, procedures, guidelines, and standards.
• Participate as member of internal computer incident response team.
• Research and stay up-to-date on latest threats, vulnerabilities, tools, and techniques, compliance, laws, regulations, and best-practices.
• Assist with day-to-day operations within the IT Security group.

Qualifications for Success

• Experience with Microsoft Azure and Office 365 is a plus.
• Experience configuring, tuning, and troubleshooting Nexpose vulnerability scanner or similar product Experience with Metasploit and Kali Linux a plus
• Knowledge of industry best practices and frameworks.
• At least three (3) years experience working in technology or information security roles.
• Up-to-date knowledge of security threats and exploitation techniques.
• Prior experience in a technical support capacity.
• Skilled in log and packet analysis.
• Ability to perform well under pressure and in disruptive environments.
• Strong interpersonal skills, and demonstrated ability to work effectively with customers and colleagues.
• Excellent written and verbal communication skills.
• Knowledge of CJIS is a plus.
• Establish, maintain and foster positive and harmonious working relationships with those contacted in the course of work.
• Technical competency to assess and propose security controls to address security gaps.
• Ability to work after-hours when required.
• Strong technical background and understanding of enterprise networking and datacenter environments.
• Technical aptitude to adapt and learn in a rapidly changing environment and solve complex problems.
• Working knowledge of TCP-IP networks.
• Communicate clearly and concisely, both orally and in writing.
• Knowledge of SAML and Microsoft ADFS is a plus.
• Proficient with Microsoft Windows and Linux operating systems.
• Working knowledge of common compliance frameworks such as HIPAA, PCI, NIST.
• Firewall Administration a plus.
• Ability to take initiative with minimal supervision.
• Strong knowledge of HIPAA Security Rule and PCI compliance.

More Qualifications for Success

Education and Training: A BS in Information Security, Computer Science, Telecommunications, or closely related field, OR equivalent experience is required.

License or Certificate: Security+, GIAC, OSCP, CISSP, CCSP, or other equivalent certifications preferred but not required.

Background Check: Must pass a criminal (CBI) background check.

Adams County provides a comprehensive benefits package to employees that goes above and beyond what is offered at most organizations.

Click here to watch our video about why Adams County is an Employer of Choice!

Benefits You Expect:

• Deferred Compensation Plan
• Generous Vacation/Sick leave
• Basic Term Life & Optional Term Life Insurance
• Long-Term Disability
• Dental/Vision/Medical Plans
• AFLAC Supplemental Medical Insurance
• Retirement Plan
• Short-Term Disability

Plus some you might not expect:

• Employee Assistance Program
• Training & Tuition Reimbursement Programs
• Flexible Work Schedules
• Employee Health Clinics
• Wellness programs
• Recreation Center Discounts
• Employee Fitness Center