SECO Energy - IT Security Analyst
General Purpose of Job
This position is responsible for implementing and supporting the security of electronic data and compliance by instituting measures to safeguard cooperative information on networks; maintain security baselines for existing and new technology. Implement and audit cyber security policies and standards that protect the electronic security posture of the cooperative.
Minimum Required Qualifications and Competencies
The following includes the minimum job requirements and essential duties for this position. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. Some job requirements may exclude individuals that cannot be reasonably accommodated or who pose a direct threat or significant risk to the health and safety of themselves or other employees.
Minimum: 4 Year / Bachelors Degree; Major: computer science or closely related field
Minimum: Earned at least one IT Security certification (e.g. Security +, GCIA, GCIH, CISSP, CEH, etc.)
Preferred: Comp TIA CASP certification
Minimum: Three (3) years of professional work experience in Information Security.
Minimum: Experience in System or Network Administration (Windows, Linux, Cisco, etc.).
Preferred: Network Security Analyst experience.
Education and/or Experience Notes: Four (4) years of job-related experience may be substituted for education.
- Ability to operate a variety of office equipment, including a personal computer, printers, copy machines, telephone, and fax machine.
- Ability to work irregular hours for assignment completion and flexibility to change scheduling and report to work on short notice during emergency situations.
- Normal work hours shall be eight (8) hours between 7:00 am and 5:00 pm, Monday through Friday.
- Occasional business travel may be required.
- Successful completion of pre-employment background check, physical and drug screen.
Knowledge, Skills and Abilities
- Ability to keep confidential information confidential; ability to multi-task and effectively manage stress and pressure through changing priorities; ability to remain calm in high stress situations.
- Effective communication skills including written, verbal and listening for interaction with employees, management, vendors, consultants, and others. Ability to analyze and interpret job related business periodicals and technical manuals; prepare reports, business correspondence procedures and training manuals; prepare and conduct presentations to employees, management and others.
- Excellent customer service orientation skills: ability to use tact and judgment for interaction with employees, managers, vendors, consultants, and others; ability to work independently and productively and results oriented in order to complete assignments and meet deadlines.
- Knowledge and understanding of Federal, State and local regulatory rules pertaining to security of electronic data; backup and disaster recovery systems; applicable data privacy practices and laws; and knowledge of risk mitigation best practices; developing metrics for electronic security initiatives to demonstrate effectiveness of security initiatives.
- Prioritization and project management skills; analytical and process management skills; demonstrated change management aptitude and ability.
- Proficiency in configuration tools that include: SIEM, MDM, syslog, and patching.
- Proficiency in security tools that include Port scanners, web scanners, vulnerability scanners, exploitation kits, network flow, IDS signatures, password crackers, OSINT, phishing techniques, sniffers, and PowerShell.
- Proficiency in the following areas to include, but not limited to:
- Implementing, testing, and reviewing information security protocols, policies and procedures.
- Network penetration testing and vulnerability assessments.
- Training cooperative network users in electronic security measures.
- Proficiency in the operation of personal computers; computer networking, internet/web security; disaster recovery, MS Exchange; virtualization, active directory/group policy and computer software applications including MS Office products, customer information systems, etc.
Verification: The above qualifications and competencies for this position may be verified through a combination of education, experience, interview questions and technical skills exercise(s).
Essential Duties and responsibilities
This description is intended to indicate the kinds of tasks and levels of work difficulty required of the position given this title and shall not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of management to assign, direct and control the work of employees under supervision. The listing of essential duties and responsibilities shall not be held to exclude other duties that may be assigned based on the needs of the Cooperative.
- Monitor Cooperative networks and devices for security vulnerabilities, address security incidents identified via SIEM, Firewall, IPS, IDS, Antivirus, MSM, Web filter, and other security appliances and participate in Information Security help desk activities by addressing and responding to Information Security and Cyber Security alerts, and requests and participates in incident response activities and contribute as needed on endpoint protection (AV, vulnerability scanning, patch management disk encryption, and MDM systems), and network protection (firewall, VPN, IDS/IPS)
- Implement and maintain security policies, procedures for electronic security, maintain cooperative training program on electronic security and be able to train employees annually and conduct incident response table top exercises
- Conduct research on network security products, services, protocols, and standards in support of network procurement and development efforts, participate in planning and managing expenditures for network security hardware and software procurement and interact with vendors and contractors to secure network security products and services, as directed.
- Maintain metrics for security initiatives for incremental reporting to management and board of trustees.
- Perform penetration testing and vulnerability assessments on corporate networks and work stakeholders, data center, network, application programming and IT support team to ensure all SECO Energy system vulnerabilities are mitigated are compliant with applicable policies and regulatory requirements.
- Audit technical controls and mitigate risks to the cooperative including security permissions on electronic systems and reporting policy violations and change recommendations to manager of Information Technology.
Physical Demands and Work Environment
The physical demands and work environment described here are representative of those that must be met by or those an employee encounters to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Some requirements may exclude individuals that cannot be reasonably accommodated or who pose a direct threat or significant risk to the health and safety of themselves or other employees.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee is occasionally required to walk; stand; use hands to finger, handle, or feel; reach with hands and arms; climb and work from ladders or balance; stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds and occasionally life and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, and the ability to adjust focus.
This position has general office environment with some business travel. The noise level in the work environment is usually quiet to moderate.