Career Opportunity Number

23-019

Position Title:

Information Security Analyst I

Location

Administrative Center

Position Type:

Full-Time

Class Category

Classified Staff

Job Open Date

05/15/2023

Job Close Date

05/28/2023

Open Until Filled

No

Initial Screen Date:

05/31/2023

Minimal Qualifications:

• Associates of Science/Arts Degree in Information Security or related field;

• 2+ years of experience in Information Security or a related IT discipline with an emphasis in information security consultation, risk assessment, and security compliance-related activities.

Preferred qualifications:

• Bachelors Degree in Information Security preferred.
• Preferred industry recognized certification(s) in Information Security such as Systems Security Certified Practitioner (SSCP), CompTIA Network+, Security+, PenTest+, Certified Information Systems Auditor (CISA)
• Experience with common vulnerability publications and resources such as Common Vulnerability Scoring System (CVSS), National Vulnerability Database (NVD), Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE), and Common Platform Enumeration (CPE).
• CompTIA Security+, PenTest+, ISC Systems Security Certified Practitioner (SSCP)
• Vulnerability Assessment: 2 years (Preferred)
• Security Analysis: 2 years (Preferred)
• Compliance/Testing: 2 years (Preferred)
• NIST Standards: 2 years (Preferred)
• Risk Assessment: 2 years (Preferred)
• Security Engineering: 2 years (Preferred)

Work Hours

Normally scheduled Monday through Friday; however, may be required to work other shifts to include evenings and/or weekends. Schedule subject to change based upon department needs.

Compensation

A competitive benefit package included.

Special Instructions to Applicants

Class Summary

Typical Essential Duties

• Contribute to the development, implementation, and maintenance of MCC’s information security program
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Contribute to the development, implementation, and maintenance of MCC’s information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide support to the enterprise’s information security organization
• Supports the development and implementation with an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
• Develops, implements, and monitors appropriate administrative, technical, and physical safeguards to ensure the delivery of critical services according to security best practices.
• Provide support in the preparation, detection and analysis, containment, eradication, and recovery processes as part of the NIST Incident Response Lifecycle.
• Develops, implements, and monitors appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
• Uses continuous improvement best practices to maintain the institutions security posture.
• Provide support in the maintaining, editing and deployment of the company’s security awareness training platform.
• Plan and execute phishing simulations
• Manage, review and triage security threats using various security tools.
• Troubleshoot, diagnose, and solve security related issues as they are assigned.

Knowledge

• Technical and operational proficiency with or working knowledge of a wide array of computer hardware, operating systems, and software.
• Knowledge of Critical Security Controls (SANS, CSIS).
• Ability to conduct independent research and analyze complex requirements, including CSF, FRS, NIST, and FISMA security standards, determining impact and implementation.
• Ability to analyze and assess complex technical plans regarding security compliance standards.

Skills

• Ability to understand, develop, and propose changes to internal procedures in response to environmental changes.
• Solid written and oral communication skills; communicate effectively with all levels of management, peers, organizations within the client system, customers, and outside vendors.
• Proven ability to meet deadlines and deliver quality work in a fast-paced environment.
• Ability to work in a collaborative and team-oriented environment.

Positions Supervised

• IT Engineer (s)

• Telecommunications Specialist (s)

Physical Requirements

Positions in this class typically require: climbing, crouching, reaching, standing, walking, pushing, pulling, lifting, fingering, grasping, feeling, talking, hearing, seeing and repetitive motions.

Medium Work: Exerting up to 50 pounds of force occasionally, and/or up to 20 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects.

Licensing Requirements

None.