Senior Information Security Analyst
Company: City of Bellingham
Location: Bellingham
Posted on: March 17, 2023
|
|
Job Description:
JOB
Are you an experienced professional in Information Security,
including vulnerability management, SIEM administration, and/or
incident response responsibilities? TheCity of Bellinghamis hiring
for a Senior Security Information Analyst. Apply today!***This
position is open until filled with a first review of applications
on April 10,2023,at 8:30 am. The position may be closed at any time
following this review.*** The full salary range for this position
is $7,946/month - $9626/month.Placement within the range is based
on qualifications and professional experience in accordance with
City policy. Employees receive step increases annually in
accordance with theTeamsters (Supervisory and Professional Unit)
Collective Bargaining Agreementand City policy.City of Bellingham
employees receive medical, dental, and vision insurance as well as
life insurance and long-term disability. Additional benefits
include flexible spending accounts, a medical insurance opt-out
program, and access to our employee assistance program. All
eligible City employees are enrolled in aWashington State
Department of Retirement Systemspension plan. Additionally,
employees may elect to participate in the City's 457 deferred
compensation retirement savings plan. Employees will receive 12
paid holidays in addition to one paid floating holiday each year.
At the time of hire, employees will accrue 8 hours of sick leave
and 10 hours of vacation per month. Vacation accruals increase
based on years of service.Leave accruals are based on 1.0 FTE,
accruals are pro-rated if part-time and require employees to be in
paid status at least 120 hours/month.For additional information
regarding benefits and compensation Information please visit the
following:Labor Agreements, Pay Schedules and E-Team Employee
Handbook - City of Bellingham (cob.org)Employment Benefits - City
of Bellingham (cob.org)Flexibility and work/life balance are
important to the City of Bellingham. Remote work is allowed up to 3
days per week. We allow some "flexing" of hours during each pay
period to support work/life balance for employees.JOB
SUMMARY:Oversees and serves as primary resource for administrative,
operational, and technical aspects of the City's security
information event and vulnerability management systems. Prioritizes
the availability, operation, maintenance, and security of the
City's computer systems, networks and data. The City's networks are
a mission critical part of the City's operation and provide
services to over 30 staffed worksites and to numerous non-staffed
locations. Conducts risk assessments, evaluates security
vulnerabilities, and monitors and analyzes City systems to identify
priority mitigations. Provides direction, coordination, assistance
and training support to City staff to correct identified security
vulnerabilities and implement priority security controls. Prepares,
plans and leads tabletop exercises for City staff based on City
policies and procedures. Coordinates or supports ad-hoc information
security projects. Participates in the selection of consultants to
conduct outside risk assessments and/or pen tests. Reviews, drafts
and improves incident response plans and procedures. Maintains
detailed and accurate technical and administrative records. Serves
as a member of the IT Security Team. Leads and/or assists with
internal technical investigations.Assists the Director and Network
Operations Manager in developing programs to ensure City compliance
with regulatory, security, and privacy standards such as Criminal
Justice Information Services (CJIS), Health Insurance Portability
and Accountability Act (HIPAA) and Payment Card Industry Data
Security Standard (PCI DSS), along with security and privacy
standards adopted by the City.ESSENTIAL FUNCTIONS OF THE
JOB:Monitors the availability, operation, maintenance and security
of the City's computer systems, networks and data. Using a variety
of enterprise monitoring tools, reviews anomalies, bulletins, and
alerts as they may apply to the enterprise network. Advises other
staff and enterprise clients of steps to take to mitigate security
threats. If threat is imminent, determines risk of waiting to apply
known fixes/patches as opposed to immediate implementation.Oversees
and serves as primary resource responsible for administrative,
operational, and technical aspects of the City's Security
Information and Event Management (SIEM) and multiple vulnerability
management platforms. Provides leadership, direction, coordination
and training to technical staff to correct high priority
vulnerabilities. Resolves problems through internal resources or
through consultation with vendor technical support staff. Monitors
the security of the City's technology systems using best practices
and security standards. Develops dashboards or reports to provide
awareness, training and status information to other staff.
Researches and maintains knowledge of current network security and
network infrastructure technologies and best practices. Serves as a
member of the IT Security Team responsible for supporting security
initiatives in area of responsibility. Reviews and maintains
required security metrics and documentation on City systems,
ensuring compliance with security standards. Responds to incidents,
providing guidance to all levels of the organization; may serve as
technical lead on incidents consistent with City policies and
procedures.Plans, coordinates and conducts cybersecurity tabletop
exercises based on existing policies and procedures. Selects
appropriate exercises from partner agencies (i.e. Washington State
Office of Cybersecurity) and modifies to represent the City's
needs. Creates presentation material, schedules and leads
exercises.Plans and conducts internal risk assessments and audits.
Serves as project manager for risk assessments and pen tests.
Responsible for project development, planning, implementation,
communication and training. Develops requests for information
(RFIs) and requests for proposals (RFPs); reviews bids to ensure
vendors meet minimum requirements; participates in selection of
vendors. Works closely with department administrative staff to
maintain accurate billing, budget and related project records.
Supports external technical audits and assessments by collecting
and distributing relevant data and documentation.Serves as lead for
certificate management. Acquires, manages, inspects and applies
certificates to internal and external systems.Supports Department
Director and Network Operations Manager in the development and
monitoring of budgets for security systems and outside professional
services. Recommends products and services and provides budget
estimates to management.Maintains accurate and up-to-date technical
and administrative records including documentation of the
enterprise network and critical security configurations, risk
registers, vendor contacts, network diagrams and Knowledge Base
articles.Contributes to the development of City policies,
standards, and procedures related to technology and security.
Provides training and communications related to policies,
procedures, and standards to City staff and outside contractors.
Advises department leaders and managers of system vulnerabilities.
ADDITIONAL WORK PERFORMED:Performs other related work of a similar
nature and level.WORKING ENVIRONMENT:The work performed is in an
office setting at a computer workstation with long periods of
sitting or standing. Work environment incudes a normal range of
noise and other distractions with low everyday risks working around
standard office equipment. Work requires periodic visits to
customer worksites. Work requires providing on-call support which
may include evenings and weekends. The work involves occasionally
inspecting equipment in ceilings to identify and solve problems,
which can require ascending/descending ladders, entering tunnels,
using lifts, standing on roofs to access equipment and cabling.
Works with a variety of hand tools and computer diagnostic
equipment to identify, repair and solve problems. Some travel to
professional meetings is expected.Physical ability to perform the
essential functions of the job including:Frequently operate a
computer and other office machinery such as a keyboard, mouse,
phone, and fax machine;Frequently remain stationary for long
periods of time;Frequently communicate accurate information and
ideas with others;Occasionally transports components weighing up to
25 pounds.
EXAMPLE OF DUTIES
Bachelor's degree in information security/cybersecurity,
information technology, computer science or related field
required.Technical:Four (4) years of experience in Information
Security, including vulnerability management, SIEM administration,
and/or incident response responsibilities.Two (2) years of
experience in network administration and support in a complex
multi-site enterprise environment.One of the following
certifications strongly preferred: GSEC, Security+, CISM, CISSP.An
equivalent combination of education and experience sufficient to
provide the applicant with the knowledge, skill and ability to
successfully perform the essential functions of the job will be
considered.
MINIMUM QUALIFICATIONS
Agreement to and signature of a Privileged Access Confidentiality
Agreement is required.Employment contingent upon passing a criminal
convictions check, local background check and fingerprinting.
Subject to re-check every five years.Valid Washington State
driver's license and good driving record. Must provide a three-year
driving abstract prior to hire.Willingness and ability to work
extra hours or change hours as needed and to respond to evening and
weekend callouts for incidents, emergencies, or when special
circumstances require.
SUPPLEMENTAL INFORMATION
As part of the application process, a cover letter is
required.Within the cover letter, please answer the following
question:Please indicate why you are interested in this position
and why this position is the next right step for you in your
career. Include a brief summary of your education, experience, and
qualifications.Please ensure your application is complete and all
required information has been provided. Standard completeness means
all application fields (contact information, personal information,
education, work experience, references, and required supplemental
questions). The information provided in your application must
support your selected answers in the supplemental questionnaire.
Provide as much detail as you believe will fully describe your
experience and training.Supplemental Questionnaire responses not
supported in your application will disqualify you from
consideration for this position.Interviews for the most qualified
candidates are tentatively scheduled for the week of May 1, 2023.
Invitations to participate in the Interview process will be sent
via e-mail on or around April 19, 2023.Please Note: Candidates will
receive updates regarding application status via email. Please be
sure to check your email frequently.Equal Opportunity:Our
environment is characterized by respect for cultural backgrounds,
belief systems, and ethnic diversity. The City of Bellingham is an
Equal Opportunity Employer and values diversity in its work force.
We do not make decisions on the basis of an individual's race,
religion, creed, color, national origin, sex, marital status, age
(40+), disability, retaliation, sexual orientation or gender
identity, honorably discharged veteran or military status, status
as a victim of domestic violence, sexual assault, and stalking, use
of a trained dog guide or service animal by a person with a
disability, or any other basis prohibited by local, state, or
federal law. All are encouraged to apply for employment.Fair Hiring
PracticesThe City provides individuals who have been arrested or
convicted of a criminal offense an equal and fair opportunity to
obtain employment.The City will not inquire about an applicant's
criminal history until after a conditional job offer has been
made.The City will disregard the prior arrest and conviction record
of an otherwise qualified individual unless the offense is directly
related to the job position for which the individual has
applied.The City will notify an otherwise qualified applicant about
a potentially disqualifying conviction and give the applicant an
opportunity to submit information regarding the accuracy of the
criminal records as well as evidence of mitigation or
rehabilitation, as appropriate.
Keywords: City of Bellingham, Bellingham , Senior Information Security Analyst, Professions , Bellingham, Washington
Click
here to apply!
|