Posting Details

Position Information

Position Title Information Security Analyst Requisition Number SCA00315 General Description

Reporting to the Manager, Network Support Services and serving as the subject matter expert, the Information Security Analyst provides expertise in all areas of cyber security. Primary responsibilities include performing advanced analytics and device manipulation and control in support of network security operations; as well as vulnerability and risk analyses in support of standard cyber security frameworks. The Information Security Analyst is also responsible for daily management and coordination related to network intrusion prevention, monitoring of security controls, reviewing of device and security logs for anomalies, and trends for forensic analysis correlation.

Specific Responsibilities

• Monitor the College’s network operations and provide effective incident response to vulnerability scans and security events as they occur, and provide recommendations for improvements to processes and procedures as necessary.

• Assist in the development and implementation of monitoring and correlation procedures for all network devices, including traffic analysis, availability, downtime, number of service calls to the network, and average time to resolve.

• In collaboration with the Director and the IT work teams, conduct cyber intelligence analysis to develop an understanding of the potential intent, objectives and activities of cyber threat entities for the development of vulnerability assessments and remediation plans.

• Provide ongoing research and evaluation of the technical and cyber intelligence landscape to develop in-depth assessments and analysis of threats to the network infrastructure.

• Review, analyze, correlate and resolve network security threats from multiple systems and security tools (i.e. Fortinet, Nexus, IPS, Solarwinds, Web Inspect and SIEM) to identify vulnerabilities that may impact the security of the College’s network.

• Based on priorities identified by the CIO and Director, provide specific vulnerability remediation support for all College devices, including laptops, workstations, printers, and network devices (including mobile devices) to maintain a 98 percent remediation of vulnerabilities.

• Identify and evaluate business and technology risks; audit internal controls and develop recommendations for procedures to mitigate risks and related opportunities for internal control improvement.

• Collaborate with third party vendors and providers; assist in the selection and evaluation of products and vendors.

• Collaborate with external vendors in the determination of vulnerabilities; gathering remediation requirements, and recommending appropriate solutions and communications.

• Conduct cybersecurity analysis and utilize automated scanning tools and various security-related, web-based applications, to report, identify and track assets’ vulnerabilities throughout the systems lifecycle.

• Collaborate with IT management, other internal constituents, and law enforcement agencies to manage security vulnerabilities and investigations as needed.

• Conduct remediation, vulnerability and compliance scans, and resolve connection and access issues to ensure accurate scan data.

• Analyze vulnerability assessment data and create reports in support of the College’s security assessment efforts.

• Provide oversight of incident data flow and response, content, and remediation; and partner with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks and assets.

• Assist in the development and tracking of key performance indicators, balanced scorecards and other metrics for measuring operational outcomes in response to security threats, vulnerabilities, events and incidents.

• Support the day-to-day network security operations and administration of the College’s network, including all malware and forensic analysis efforts.

• Maintain proper recordkeeping for all cybersecurity activities.

• Provide training to IT staff and other departments as needed.

• Deliver quality customer services to both internal and external constituents in a professional, helpful and courteous manner.

• Provide coordination for all IT security events requiring focused response, containment, investigation, and remediation.

• Provide daily summary reports of network events and activities and deliver metric reports as required.

• Maintain sensitivity, understanding and respect for a diverse academic environment, inclusive of students, faculty and staff of varying social, economic, cultural, ideological and ethnic backgrounds.

• Perform all other duties as assigned.

Minimum Qualifications

• Bachelor’s degree in Computer Science or related field is required. Any and all degrees must be from a regionally credited institution of higher learning.

• At least four (4) years of work experience in computer networking and information security required.

• Thorough understanding of the latest security principles, techniques, and protocols in cyber security required.

• Previous experience in troubleshooting, maintaining and performing computer related repairs and desktop application support using Microsoft Windows and MS Office suite applications required.

• GIAC, GSEC CISM, CEH, or ECSA certification required.

• Effective verbal and written communication skills required.

• Demonstrated proficiency using Microsoft Word and Excel.

• Strong problem solving and troubleshooting skills required.

• Ability to lift up to 60 pounds from floor to desktop height required.

• Demonstrated understanding of network and desktop operating systems required.

• Excellent customer service and interpersonal skills required.

• Ability to work evenings and weekends, as needed, is required.

• Ability to maintain sensitivity, understanding and respect for a diverse academic environment, inclusive of students, faculty, and staff of varying social, economic, cultural, ideological, and ethnic backgrounds required.

Preferred Qualifications

• Previous information security experience in a large Microsoft enterprise network environment preferred.

• Previous information security experience within higher education preferred.

• SSCP, CISSP, CISA, MCSE, CCNA, PMP, Security +, and/or ITIL certifications are preferred.

• Knowledge of HIPAA, FERPA. GDPR and other compliance regulations preferred.

Work Location Main Campus Benefits Special Instructions to Applicants

*Interested persons should complete an online application.

*Cover letter of interest and resume REQUIRED.

*Names and contact information of 3 professional references OPTIONAL.

Review of applications will commence on January 2, 2019 and will continue until the position is filled.

Applicants must be legally eligible to work in the U.S.

Community College of Philadelphia is an Affirmative Action, Equal Opportunity and Equal Access Employer. The College encourages applications from individuals from traditionally underrepresented groups.

Salary Grade or Rank III Salary Range Salary commensurate with relevant work experience Job Posting Open Date 12/11/2018 Job Posting Close Date Type of Position Administrator Job Category Employment Status Full-Time Supplemental Questions

Required fields are indicated with an asterisk (*).

1. * How did you hear about Community College of Philadelphia?
   • CareerBuilder.com
   • Higheredjobs.com
   • LinkedIn
   • The Chronicle
   • Veterans Job Fair
   • Professional & Technology Diversity Career Fair
   • AL DIA - Diversity Career Fair
   • Community College of Philadelphia Website
   • Indeed.com
   • Other
2. * If your answer to the above question is Other, please note the source below. If this question does not apply to you, enter N/A.

   (Open Ended Question)

3. * What is the highest level of education you have completed?
   • No Response
   • High School/GED
   • Associates Degree
   • Bachelor's Degree
   • Master's Degree
   • Doctorate
   • Other
4. * Do you have at least four (4) years of work experience in computer networking and information security?
   • Yes
   • No
5. * Do you have a thorough understanding of the latest security principles, techniques, and protocols in cyber security?
   • Yes
   • No
6. * Are you GIAC, GSEC, CISM, CEH, or ECSA certified?
   • Yes
   • No
7. * Do you have previous information security experience in a large Microsoft enterprise network environment?
   • Yes
   • No
8. * Do you have previous information security experience within higher education?
   • Yes
   • No
9. * Are you certified in SSCP, CISSP, CISA, MCSE, CCNA, PMP, Security+, and/or ITIL?
   • Yes
   • No
10. * Do you have previous experience in troubleshooting, maintaining and performing computer related repairs and desktop application support using Microsoft Windows and MS Office suite applications?
    • Yes
    • No
11. * Do you have knowledge of HIPAA, FERPA, GDPR and other compliance regulations?
    • Yes
    • No

Documents Needed to Apply Required Documents

1. Resume
2. Cover Letter/Letter of Application

Optional Documents

1. References