Lead Security Analyst
About the Department:
The Information Technology Services Department is responsible for enterprise technology operations for the City of Alexandria. ITS provides technology services and solutions to City departments to enhance service delivery. ITS aligns its work with City needs by providing leadership, resources, expertise, and products that enable departments to better serve the City’s residents, businesses, and visitors. ITS resources support initiatives funded through the multi-year Information Technology Capital Improvement Plan (IT/CIP) to improve the overall technology landscape. The City of Alexandria’s ITS Department has been a Top Ten National Finalist in the Digital Cities Award program for over the past 19 years.
An Overview
The Department of Information Technology Services (ITS) is seeking a Lead Security Analyst who will have responsibility for overseeing the City of Alexandria government’s Cybersecurity Program. This position reports directly to the Chief Information Security Officer (CISO) and uses industry best practices to oversee the implementation of all security policies as directed by the CISO, and enforces the City’s enterprise cybersecurity through policy, architecture, technical and functional administration, and training. The Lead Security Analyst will also lead in selecting, configuring, communicating, and implementing cybersecurity solutions and security controls to identify and reduce IT risk. The Lead Security Analyst performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation, and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The Lead Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.
What You Should Bring
You should have a demonstrated ability of being able to work independently, as well as a history of establishing and maintaining effective working relationships with coworkers, representatives of other departments and agencies, and the public. You must be able to communicate clearly and effectively, both verbally and in writing, as well as being able to mentor junior staff. You should be able to show proactivity in continuously improving your job knowledge and technical and functional skills through training opportunities and self-study. Our ideal candidate will have considerable hands-on experience in all aspects of cybersecurity, and an ability to lead, manage, and communicate.
The Opportunity
As the Lead Security Analyst your effort will be focused on all aspects of City-wide IT cybersecurity, from developing cybersecurity plans and strategies to preventing and mitigating cyber-attacks. Examples of duties include:
- Develop, maintain, and matures risk and compliance reporting and alerting as well as SOC (security operations center) best practices and standard operating procedure documentation.
- Improve threat awareness through continuous development and improvement of processes including network vulnerability scanning, security information event management (SIEM) system, Threat detection and response, IT governance risk and control management and assessment, IPS/IDS systems, and other applications.
- Working service tickets within defined response time to completion.
- Help design, build, process prove and support workflows to the success of defined business goals.
- Participate as a respectful, thoughtful, listening and contributing member of committees and projects and working groups.
- Provides operational oversight, including project management, for all threat and vulnerability management functions.
- Supports the CISO and fellow ITS Security team members in responsibilities including project performance, incident response management, and other functions as needed. Shares in assuming CISO role and responsibility in the absence of the CISO.
- Ensuring compliance to City, industry and government regulations, policies, standards and procedures.
- Responding to internal and external audits.
- Work as an ITS Security team member with various cross-functional and technical teams to ensure effectiveness in measuring and managing risk appropriate for the City of Alexandria risk tolerance.
- Provide clear and timely analysis and reporting.
- Participate in the planning and design of an enterprise business continuity plan and disaster recovery plan, under the direction of the CISO, where appropriate
- Maintain up-to-date detailed knowledge of the cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
- Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Assist in the review, selection, deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).
- Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
- Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
- Participates in incident response work.
- Performing other duties as assigned.
Minimum & Additional Requirements
Four-Year College Degree with completion of college courses in computer science or related field; five years of experience as a Computer Programmer Analyst III or Network Engineer II including one year as an Information Security Analyst or Engineer, also to include three years of experience in project and contract management; or any equivalent combination of experience and training which provides the required knowledge, skills and abilities.
Preferred Qualifications
Recent technical experience within the past five years demonstrating a comprehensive knowledge of information security and risk management and technology (audit compliance, regulatory compliance, business continuity and disaster recovery, vulnerability management, configuration management, web application security, intrusion detection and prevention systems, firewalls, and endpoint security). Recent technical experience within the past five years demonstrating a comprehensive knowledge of security administration in a Windows-based network environment. Recent experience within the past five years demonstrating a comprehensive knowledge of information protection standards, guidelines, and applied procedures (i.e., industry "best practices"). Technical experience within the past 10 years demonstrating a comprehensive knowledge of server administration as applied to network and internet security. Good working knowledge of industry standard security controls, NIST 800-53, SANS 20 controls, CIS 18 Critical Controls, NIST Cybersecurity Framework, ISO 27002 Standard, and PCI-DSS. Experience within the past 10 years demonstrating a comprehensive knowledge of business needs coupled with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers.
Notes
This position requires the successful completion of pre-employment checks including but not limited to a criminal background and drug screening. This position may be occasionally required to be available after normal working hours to support applications and to respond to the City’s Emergency Operations Center (EOC) when it is activated.