Information Security Analyst (Reg FT)
Information Security Analyst (Reg FT)
Community College of Allegheny County
The Information Security Analyst will be primarily responsible for the daily activities surrounding information security monitoring and incident management processes. This includes vulnerability management, security information and incident management, threat mitigation and related processes that are identified in the college's information security policies and procedures. Its primary function is to focus on daily operational information security operations.
Work location and additional information:
This position will remain open until filled. However, in order to ensure consideration for an interview, please submit your completed application, cover letter and resume by no later than February 2, 2018. The College cannot guarantee that application materials received after this date will be considered or reviewed.
Campus: Office of College Services
Days and Hours (for hourly position):
Minimum of bachelor's degree in Information Science or related field and at least three years of full-time work experience or associate degree in in Information Science or related field and at least five years of full-time work experience in information security protection, detection and response processes. Hands-on experience with Windows platform is required, and Linux and open source security tools expertise is desired. Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues in a fast-paced environment. Excellent written and oral communication skills. Ethical hacker certification or willingness to get certified.
1. Provide ongoing protection, detection and response services for college information resources and digital assets as identified in the college's information security program and strategic plan.
2. Review, maintain, update, and recommend using a cloud computing checklist of all (SaaS, IaaS, PaaS) and other third party hosted CCAC resources.
3. Monitor, identify, and analyze security risks to determine their impact and relevance to the college's assets. Conduct research, analyze data, reach conclusions, and make recommendations.
4. Analyze potential information security events to determine if these events qualify as legitimate security incidents and follow through incident management protocol as necessary.
5. Initiate escalation procedures to counteract potential threats/vulnerabilities; appropriately inform related ITS staff and managers on potential incidents.
6. Document and conform to processes related to security monitoring and incident management.
7. Monitor the college's networks and digital assets for security breaches and investigate any violation when one occurs.
8. Conduct periodic penetration testing and vulnerability scans to assess the college's information security posture.
9. Co-manage and maintain information security tools such as SIEM, endpoint protection, vulnerability management systems, intrusion detection system and prevention systems (IDS/IPS) and other information security tools and cloud based management consoles.
10. Examine, appraise, and interpret information security related data and systems. Correlate metrics to assess the effectiveness of existing systems and information security measures.
11. Respond to security event escalations, and conduct detailed forensic analysis of potential incidents.
12. Assist in the installation and use of security hardware and software such as firewalls and data encryption programs to protect sensitive college information.
13. Respond to ServiceDesk tickets, as well as track outcomes of the issues and requests.
14. Conduct security and threat assessment audits of the college assets and business processes and make recommendations for improving security measures on-site and cloud.
15. Produce or update data flow diagrams required for security assessments.
16. Assist in information security related projects and initiatives.
17. Participate in review of the effectiveness of existing information security and risk management tools and provide recommendations.
18. Participate in information security risk assessments and controls selection activities.
19. Participate in information security awareness, training and educational activities.
20. Participate in the creation and maintenance of the information systems disaster recovery and business continuity plans and play an important role in testing of these plans and the actual disaster recovery process.
21. Closely examine information security event data and prepare periodic customized reports.
22. Document security breaches and the extent of the damage caused by such potential breaches and maintain an ITS risk and incidence log and record any third investigation updates.
23. Perform other duties as required or assigned.
Job Category: Administrator
Job Type: Full-time
Job Open Date: 01-19-2018
Job Close Date:
All applicants must apply online at: http://www.ccacjobs.com. The College's online application system will allow you to complete a college application, apply online, answer screening questions, and attach a resume, cover letter and other documents.