HRTMS Job Description Management 
| IT Security Analyst J o b D e s c r i p t i o n | | |
Job Information | | | Title: | IT Security Analyst | | | Market Range: | IT14 | | | Approved Date: | 2/12/2021 1:48:23 PM | | | FLSA: | Exempt | | | EEO Code: | PROFESSIONALS | | | Career Level: | P2 | | | Career Level Description: | Professional Level 2 | | | Job Code: | 100476 | | | Job Family: | Information Technology | | | Sub Family: | IT Security | | | | | | Primary Purpose | Act as the initial point of contact for cyber security events, triages potential incidents, determine the nature and scope of the event/incident, and collaborate with the appropriate Security Team members to provide the response and remediation. Develop and maintain technical documentation and is instrumental in the development of training materials to promote a culture of security across the organization. | | | | | | | | |
Essential Functions | | | Priority | % Time | • | Monitor and triage security events daily, performing assessments and investigations and working with appropriate team members, business teams and technology teams to develop solutions that address critical security concerns. | 1 | 40% | • | Develop and maintain technical documentation for security platforms, including system security plans, policies, procedures, and standards. | 2 | 30% | • | Promote a culture of security throughout the County by working closely with Information Security Team members and relevant operational teams to gather data and insights to enhance the organization's security awareness program. Conduct information security awareness briefings, trainings, and simulations in order to influence positive security behaviors across the organization. | 3 | 20% | • | Support governance, risk, and compliance activities, including conducting technical assessments, application assessments, contract reviews, and audits. | 4 | 10% | | | | | | | |
Position(s) may perform other duties in addition to the above as assigned by management. | | *IMPORTANT* In the event of an emergency, as determined by the County Manager or designee, participation in preparedness and response operations should be expected. Employee may be required to fill a temporary assignment in a role different from standard duties, work hours and/or work location in preparation for, during and after the emergency. Employee may also be required to participate in relevant exercises and regular preparedness training. | | Career Level Dimensions | Career Level: | P2 | Career Level Description: | Professional Level 2 | | | |
County Impact | • | Works independently on projects/assignments that impact Work Group results. | • | Work is generally supervised and involves periodic process checks. | | | |
Innovation and Complexity | • | Responsible for making adjustments or recommended enhancements in systems and processes to solve problems or improve effectiveness of the Work Group. | | | |
Communication and Influence | • | Typically communicates within or outside the Work Group to provide information requiring some explanation or interpretation to reach agreement. | | | |
Leadership | • | May provide guidance and assistance to entry level professionals or support staff. | | | |
Knowledge and Experience | • | Requires practical knowledge of the Work Group typically obtained through advanced education combined with experience. | | | |
Required Education | • | Associates degree in Computer Science, Information Systems, Computer Engineering or a related field | | | |
Required Experience | • | Three years of experience in security incident and event management, incident response, endpoint protection, and email security; or | • | A minimum of two active security certifications from an industry recognized certification body (ISC2, CompTIA, EC-Council, etc.) | | | |
Qualification Equivalency | • | Equivalent education and experience are accepted | | | |
Preferred Licenses and Certifications | • | Security+ | Within 1 Year | | | | | | | | |
Knowledge, Skills and Abilities | • | Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as as team-player with a can-do attitude. | • | Detail oriented with excellent problem solving, analytical, communication, organization, task and time management skills. | • | Familiarity with common Information Security frameworks and standards and compliance and regulations such as ISO 27001/27002, NIST, PCI DSS, HITRUST, HIPAA, HITECH. | • | Knowledge and understanding of information security architecture, technologies, best practices, and controls. | • | Experience utilizing enterprise security platforms, including firewalls, intrusion detection/prevention, web filtering, vulnerability management, endpoint protection, email protection, and encryption. | • | Experience identifying, analyzing, responding to, and resolving security issues in a timely manner. | • | Demonstrated ability to document complex designs and implementation strategies. | • | Experience designing and implementing technical educational materials, as well as conducting technical training with diverse audiences. | • | Excellent communication skills and ability to clearly discuss and convey complex information technology security concepts and terminology with both technical and non-technical staff. | • | Desire to maintain up-to-date knowledge of developments in security technology, trends, and issues. Researches and recommends security enhancements to network and server systems, and assists in evaluation/selection of network and/or server equipment and/or software. | | | |
An individual must be able to perform each essential duty satisfactorily to perform this job successfully. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. | | Competencies |
Individual Contributor Competencies | Adaptability & Flexibility | Changes behavioral style or method of approach when necessary to achieve a goal; adjusts style as appropriate to the needs of the situation. Responds to change with a positive attitude and a willingness to learn new ways to accomplish work activities and objectives. | Attention to Detail | Thoroughness in accomplishing a task through concern for all the areas involved, no matter how small. Monitors and checks work or information and plans and organizes time and resources efficiently. | Initiative | Does more than is required or expected in the job; does things that no one has requested that will improve or enhance products and services, avoid problems, or develop entrepreneurial opportunities. Plans ahead for upcoming problems or opportunities and takes appropriate action. | Problem Solving | Builds a logical approach to address problems or opportunities or manage the situation at hand by drawing on one's knowledge and experience base, and calling on other references and resources as necessary. | Reliability | Demonstrates a high level of dependability in all aspects of the job. | Technical Expertise | Applies and improves extensive or in-depth specialized knowledge, skills, and judgment to accomplish a result or to accomplish one's job effectively. | | | |
Core Competencies | Integrity | Act with honesty, transparency and respect in our interactions with co-workers and those we serve. Adhere, without exception, to laws, policies, procedures and professional standards. | Accountability | Establish high-quality standards for work. Add value. Measure results and hold self and others accountable for making progress toward desired outcomes. Take a logical and data-driven approach to decision-making. | Diversity | Believe that different backgrounds and experiences strengthen the organization and produce better results. Value inclusion across race, gender, age, religion, identity and experience, and strive to reflect in our workforce the diversity of our community. | Collaboration | Foster a work culture in which different ideas and opinions are encouraged and expected. Listen carefully and speak thoughtfully. Work together toward shared goals with mutual respect and cooperation. | Continuous Improvement | Continuously improve work processes and products. Provide a safe environment to be innovative and creative and try new things. When things don't go as planned, use it as an opportunity to learn, regroup and begin again. Provide time and resources for individuals to grow and develop both personally and professionally. | Wellness | Take proactive steps to be physically fit and healthy, emotionally strong, financially secure and socially fulfilled, while inspiring and empowering others to do the same. | Service Orientation | Commit to making a difference within the community. Actively engage in and enjoy our work. Deliver services that exceed expectations, with courtesy, politeness and sensitivity to the experiences, concerns and feelings of all co-workers and customers. | | | |
ADA Checklist | | The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions | Standard ADA Selection: | Office Environment | | | | |
Physical Demands | | N/A | Rarely | Occasionally | Frequently | Constantly | Standing | | | X | | | Walking | | | X | | | Sitting | | | | X | | Lifting/Carrying 0-10 pounds | | | X | | | Lifting/Carrying 10-20 pounds | | | X | | | Lifting/Carrying 20-50 pounds | | X | | | | Lifting/Carrying 50-100 pounds | | X | | | | Pushing | | X | | | | Pulling | | X | | | | Climbing | | X | | | | Balancing | | X | | | | Stooping | | X | | | | Kneeling | | X | | | | Crouching | | X | | | | Crawling | | X | | | | Reaching | | X | | | | Handling | | X | | | | Grasping | | X | | | | Fingering | | X | | | | Feeling | | X | | | | Talking | | | | X | | Hearing | | | | X | | Visual Perception | | | | X | | Repetitive Motions | | | X | | | Eye/Hand/Foot Coordination | | X | | | | | | | | | | | | | | |
Mental Demands | | N/A | Rarely | Occasionally | Frequently | Constantly | Memorization/Concentration | | | | X | | Learning/Knowledge Retention | | | | X | | Preparing/Analyzing Numerical Figures | | | X | | | Use of Interfaced Commmunication Devices (Phone, Computer, Radio etc.) | | | | X | | Analyzing/Examining/Testing Data | | | | X | | Emotional/Behavioral Self-Regulation | | | X | | | Interacting with Others | | | | X | | Comprehension | | | | X | | Organization | | | | X | | Decision Making | | | X | | | | | | | | | | | | | |
Mental Capability/Cognitive Requirements | Comprehension | Understand complex problems and collaborate to explore alternative solutions | | | |
Organization | Organize and prioritize individual work schedule to manage multiple tasks and/or projects |
Decision Making | Make decisions that have significant impact on a department's credibility, operations and/or services |
Communication | Communicate and explain a variety of information |
Working Environment | | N/A | Yes | No | Extreme cold | | | X | Extreme heat | | | X | Humid | | | X | Wet | | | X | Noise | | | X | Hazards | | | X | Temperature Change | | | X | Atmospheric Conditions | | | X | Vibration | | | X | Computers/Monitors | | X | | | | | | | | |
|