Description
Cyber Security Analyst
Examples of Duties
Designs, develops, and implements security changes and enhancements to the Information Technology (IT) computing environments citywide. Is responsible for determining appropriate security measurees and creating policies and procedures that monitor and control access to system resources and data. Oversees the establishment, implementation, and adherence to policies and procedures that guide and support the provision of information security services. Conducts risk assessments and risk analyses to help the organization develop security standards and procedures that support strategic, tactical, and operation objectives on a cost-effective basis. Makes recommendations on appropriate personnel as well as physical and technical security controls. Manages the information security incident reporting program and participates in resolving problems with security violations. Is responsible for the content and delivery of information security seminars and training classes. Coordinates the communication of information security awareness to all members of the organization. Certifies that IT systems meet predetermined security requirements citywide. Conducts security audits. Assesses and reviews security plans, policies and procedures of all City departments/divisions and related entities. Develops and implements a year-round in-service training program. Performs other job related duties as required.
Minimum Qualifications
A High School Diploma or GED is required. A Bachelors Degree in Computer Science, Information Technology, Engineering, Accounting, or related field from an accredited four year college or university is required. Two years of full time paid experience with the configuration, monitoring, or security of network, internet, or email applications in a Windows, Netware, and/or Unix environment is required. (Substitution: One year of experience in Information Technology may substitute for each year of college education lacking.) A valid State of Ohio Drivers License is required. Must be able to lift and carry a minimum of 30 pounds. Must possess excellent interpersonal and written communication skills. The following areas of experience are highly desired: Encryption, firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Virtual Private Networks, Web filtering, IT forensic analysis, and the principles and use of identification, authentication, and authorization; Knowledge of security hardware and software products that comply with current industry standards; Hands-on experience with major security platforms for certification authority, security management products, and tools; Monitoring network and systems management processes and operational procedures; Web hosting; Microsoft Exchange Server. Certification as an Information Systems and Security Professional of Information Systems Auditor is highly desired.
Supplemental Information
Additional Duties:
- Plans and designs security solutions and capabilities that enable the organization to identify, protect, detect, respond and recover from cyber threats and vulnerabilities.
- Defines and develops security requirements using risk assessments, threat modeling, testing, and analysis of existing systems.
- Develops security integration plans to protect existing infrastructure and to incorporate future solutions. Designs action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cybersecurity threats.
- Utilizes a variety of security event and incident management (SEIM), data loss prevention (DLP), intrusion prevention systems (IPS), and other tools.
- Partners with stakeholders to encourage the adoption of security-compatible software designs and best practices.
- Keeps abreast of the latest intelligence from law enforcement and other sources of cyber threat information.
Preferred Qualifications:The following areas of experience are highly desired: Encryption, firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Virtual Private Networks, Web filtering, IT forensic analysis, and the principles and use of identification, authentication, and authorization; Knowledge of security hardware and software products that comply with current industry standards; Hands-on experience with major security platforms for certification authority, security management products, and tools; Monitoring network and systems management processes and operational procedures; Web hosting; Bachelor's degree in Cybersecurity, Information Technology, Computer Science or a related field (or equivalent experience).
The City's guiding principles are as follows: Placing Clevelanders at the Center, Empowering Employees to Do Purposeful Work, Defining Clear and Pragmatic Objectives, Leading with Trust and Transparency, Striving for Equity in All We Do, and Embracing Change. All City employees are responsible for embracing and carrying out these principles in all that they do.