City of Durham, NC
Receive alerts when this company posts new jobs.
Senior Cyber Security Analyst
at City of Durham, NC
- Position Description
Work. Serve. Thrive. With the City of Durham
Advance in your career while making a real difference in the community you serve.
Hiring Range: $64,915 - 100,620
Hours: 8:00 - 4:30
The City of Durham's nationally recognized, award-winning Technology Solutions Department builds and aligns the City's information technology infrastructure so that departments can deliver a superior level of public service. Our team is recognized nationally by the Public Technology Institute, ICMA Center for Performance Measurement and Digital Cities Survey. If you can offer the skills to innovate and the passion to serve, bring your talent to Durham.
The purpose of this position is to be responsible for the daily management of the City's cyber security program. The Senior Cyber Security Analyst will also actively participate in conducting security assessments of systems to identify vulnerabilities, providing recommendations for their remediation, and assisting system owners in implementing effective safeguards. Validating that controls are risk rated and risk statements are clearly stated and capture the specific business impact to the judiciary in the event that a deficiency is exploited.
- Develops security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments; develops cloud service provider testing approach from security perspective;
- Provides validation of security control tests for cloud service provides; coordinating access to systems and approvals for scanning activities;
- Conducts ad hoc testing on an as-needed basis to assist with development activities or vulnerability remediation;
- Reviews/tests system security controls (managerial, operational, and technical) to determine adequacy against federal requirements (e.g., NIST SP 800-53) and mission context;
- Documents plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities;
- Drafts security policies and procedures including the system security plan, and agency specific policies in accordance with NIST requirement;
- Routinely conducts risk assessments to quantify impacts of vulnerabilities;
- Recommends an appropriate security training program for employees.
- Minimum Qualifications & Experience
- Bachelor's degree in computer science or a directly related field or Equivalent
- Five years of professional information technology experience monitoring, analysis of, and the administration of security tools such as Tenable, ForeScout, Netwrix, CISCO Umbrella, and Barracuda.
- Information Security Certification(s) such as CISSP, Security+, CISM, or CCSP or a degree in cyber security.