Cybersecurity Analyst - Rancho Santa Margarita, United States - Santa Margarita Water District

Description

Salary : $107, $147,784.00 Annually

Location : Rancho Santa Margarita, CA

Job Type: Full-Time Non Represented

Job Number:

Department: Administration

Division: Information Technology

Opening Date: 04/30/2024

Closing Date: 5/14/2024 11:59 PM Pacific

Job Description

Class specifications are intended to present a descriptive list of the range of duties performed by employees in the class. Specifications are not intended to reflect all duties performed by individual positions.

JOB SUMMARY

Under general supervision, the Cybersecurity Analyst will be responsible for cybersecurity processes and procedures, assist with cybersecurity architecture, design, requirement validation and verification, and handle the day-to-day cybersecurity duties of the District's system infrastructure.

This position will also support System Analyst activities as they relate to the District's enterprise systems. This includes secured implementation and support of host systems, communications, business systems and network infrastructure; also performs technical tasks related to evaluating, introducing, and maintaining information technology systems. A business system in this role includes Geographical Information (GIS) systems, Financial Information (FIS) systems, Customer Service Information (CIS) systems, Maintenance Management (CMMS) system, Utility Billing (UB) systems, and Capital Program Management (CPM) systems (among others).

DISTINGUISHING CHARACTERISTICS

The Cybersecurity Analyst job class is distinguished from the Systems Analyst job class in that the former has a primary focus on all cybersecurity activities for the District's business systems. Activities include design, implementation, maintenance and continuous improvement to the security posture of all District business systems.

Positions in this class typically have intermediate work experience in the given subject area and past experience in a system analyst capacity. This classification will support and coordinate cybersecurity tasks under general direction. A Cybersecurity Analyst typically works under general supervision while learning job tasks, progressing to direction as procedures and processes of assigned area of responsibility are learned. This classification will work on strategic or project level tasks when directed and interface with vendors on an semi-regular basis.

This position reports directly to the Information Technology Manager.
Essential Functions

ESSENTIAL FUNCTION STATEMENTS

The duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or a logical assignment to this class.

• Identify weaknesses or misconfigurations in current system designs and recommend and implement solutions.
• Acts as front-line incident responder; Gathers and analyzes cybersecurity incident-related data and supports the appropriate response.
• Assist in performing technical project support duties on assigned systems projects in coordination with System Analysts; may be assigned full responsibility for specific systems. implementations relevant to security.
• Actively monitor threat lists; This includes federal, local, third party, and internal security reports/lists in order to assist staff in proactively applying security patches.
• Regularly identifies updates to and reviews security policies, standards, guidelines and procedures to ensure ongoing maintenance of security. This includes careful consideration of business, best practices, and security requirements.
• Actively supports and schedules after hours patching and remediation activities.
• Supports disaster recovery and business continuity activities. This includes supporting initiatives that reduce system downtime, identify & resolve misconfigurations, or restore a system. In addition, will initiate and monitor vendor performance and activities during critical software or hardware incidents.
• Perform analysis and provide recommendation for procurement of secure software and hardware solutions. This includes gather pricing information, reviewing vendor privacy, data ownership, vulnerability response, and software lifecycle policies. This also includes reviewing vendor code and gathering vendor quotes to assist in budget preparation.
• Provide metrics and reporting on system security health: this includes active updates on weekly, monthly, quarterly, and annual cybersecurity tasks.
• Coordinating quarterly disaster and recovery analysis, planning, testing and system administration of systems.
• Provides security impact analysis on activities that impact the security of a District system or process; These activities may involve selection, implementation, reconfiguration, or upgrade activities of systems or processes.
• Provides after hours availability to support a continuous operation, as required by District systems. This may include working an alternative work schedule to support after hours security activities.
• Provide continuous research in support of identifying best practices across cybersecurity, information systems, and water utilities to provide updates and integrate new methods and tools as appropriate.
• Implements internal control, network security methodologies and other security systems for data, systems, and hardware protection and recovery procedures; ensures timely and accurate back-up of data; maintains appropriate confidentiality of sensitive information.
• Performs a variety of specialized, highly technical and complex security-oriented activities related to database system or network system duties in support of specialized functions or programs.
• Provides operational support to the District's network and systems infrastructure. This includes but is not limited to programming, building, analyzing, diagnosing, maintaining, securing and operating various network devices and systems.
• Maintain effective relationships with third party providers and support personnel.
• Perform other related duties as assigned.

Requisite Abilities

Ability to:

• Perform a variety of professional level duties related to technical and operational support. This includes providing internal customer service for District departments.
• Perform a variety of professional cybersecurity level duties related to the design, maintenance, remediation, and recovery of systems and processes. This includes supporting the continuous scanning, remediation, and testing of devices.
• Work efficiently and effectively with various software, hardware, operating systems, databases, network systems, business functional systems, cloud platforms, and telecommunications systems.
  
• This includes the installation, upgrade, maintenance and troubleshooting of these systems.
  
• Incumbent can write clearly and effectively to support the update and development of policies and procedures.
  
• Monitor computer information system utilization and recommend appropriate revisions to processes.
  
• Develop and test programs; prepare test data, and test and debug application programs.
  
• Establish and maintain effective working relationships with those contacted in the course of work. This includes the ability to exhibit a positive customer service attitude at all times.
  
• Communicate clearly and concisely, both orally and in writing. This includes a strong understanding or proper business communications.
  
• Play a lead role in being a proponent of cybersecurity awareness and training for end users. This includes actively supporting the safeguarding of confidential and private information in the course of business. This includes understanding the proper and improper ways to distribute information in the course of business.
  
• Play a significant role in incident response, business continuity, and disaster recovery processes.
  
• Exhibits appropriate business professionalism.
  
• Know and understand all aspects of the job.
  
• Intermittently analyze work papers, reports and special projects.
  
• Identify and interpret technical and numerical information.
  
• Observe and follow operational and technical policy and procedures.

Knowledge of:

Intermediate to advanced knowledge of secure system analysis. This includes knowledge of best practices in system design, programming, configuration, and security planning. This includes intermediate to advanced level knowledge of networks, database systems, business functional systems, cloud providers, and other hardware and software technology.

Qualifications Guidelines

QUALIFICATIONSAny combination of experience and training that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be:

A bachelor's degree from an accredited college or university in computer science, information systems, engineering, or a related field is preferred (a degree with a focus on information security is a plus) and three years of professional level information technology technical and operational support with an emphasis in cybersecurity is desirable with prior experience or education in information security, disaster recovery, and incident response.

Licenses; Certificates; Special Requirements:
Possession of or the ability to obtain a valid California Class C driver's license and the ability to maintain insurability under the District's vehicle insurance program.

One or more of the following certifications is desirable:

• Certified Penetration Tester (CPT) and Certified Ethical Hacker (CEH)
• Certified Expert Penetration Tester (CEPT)
• Cisco CCNP (Cisco Certified Network Professional) Security
• Microsoft MSCE (Microsoft System Certified Engineer) Server Infrastructure
• CompTIA Security+ (PLUS)
• Certified Information Systems Security Professional (CISSP)
• GIAC Industrial Cyber Security Professional (GICSP)
• GIAC Critical Infrastructure Protection (GCIP)
• GIAC Response and Industrial Defense (GRID)

Software and Hardware Experience
Experience with the following technologies is preferred:

• Microsoft Windows Server and Workstation OS
• Microsoft Active Directory
• Microsoft System Center
• Powershell & Python Scripting
• Data Encryption (both in transit & at rest) - TLS, TDE etc.
• Vulnerability Scanning & Remediation (Nessus, OpenVAS, InsightVM or other)
• SANS Sift, DEFT Zero, Kali Linux or other similar
• Application Layer Management
• Certificate Authority / Public Key Infrastructure
• Network Mapping (NMAP)
• Encrypted DNS Security
• SNORT
• Wireshark
• Intrusion Detection and Prevention Systems (IDS/IPS)
• Security Information and Event Management (SIEM)
• Network Switches, Router, and Firewall Configuration
• Microsoft SQL Server

Physical DemandsEmployees must meet the following requirements, which are necessary to successfully perform the essential functions of this class: sit at a desk on a continuous basis for long periods of time; intermittently twist, reach, bend, and stoop; lift or carry weight up to 25 pounds, and have hearing and vision within normal ranges. The employee is regularly required to sit, walk and stand; talk and hear; use hands to finger, handle, feel or operate objects, tools or controls; reach with hands and arms; perform repetitive movements of hands or wrists; stoop, kneel, bend at the waist. Specific vision abilities required for this job include close vision, color vision and the ability to adjust focus.Mental DemandsWhile performing the duties of this class, an employee uses written and oral communication skills; reads and interprets data, information and documents; analyzes and solves problems; uses math and mathematical reasoning; observes and interprets people and situations; learns and applies new information and skills; performs highly detailed work; deals with changing deadlines, constant interruptions and multiple concurrent tasks; and interacts with others encountered in the course of work.WORK ENVIRONMENTThe employee works in an office environment around other equipment where the noise level is usually quiet.

Santa Margarita Water District offers a comprehensive benefit package for eligible employees and their eligible dependents. These benefits include the following: retirement benefits; medical, dental, vision and life insurance; and a variety of other benefits. Benefits may vary based on employment status.

HEALTH INSURANCE. The District contracts with the Association of California Water Agencies (ACWA) for medical insurance coverage. Employees may elect coverage from PPO or HMO plans. Medical premiums for plans in an amount up to or equal to the highest HMO are paid for by the District for all full-time employees. The District shares the cost of medical insurance for dependents with the employee. Coverage is effective the first of the month following one month of employment with full-time status.

DENTAL INSURANCE. The District provides dental insurance for all full-time regular employees. Optional dependent dental coverage is available at the District's rates.

PUBLIC EMPLOYEES RETIREMENT SYSTEM. As a public agency, the Santa Margarita Water District has enrolled in the California Public Employees Retirement System (CalPERS) for retirement benefits. The retirement formula and required employee contribution may vary based on employment status.

LIFE INSURANCE AND ACCIDENTAL DEATH AND DISMEMBERMENT. The District provides term-life insurance for all full-time employees through Lincoln Financial with Employee benefits equaling 2 1/2 times the employee's annual salary to a maximum of $200,000. Adjustments are made based on the employee's salary.

VISION INSURANCE. The District provides each full-time employee and their eligible dependents with vision insurance through Vision Service Plan (VSP).

EMPLOYEE ASSISTANCE PROGRAM (EAP). The District provides all employees and their dependents with an EAP that provides confidential, professional assistance with a variety of services such as legal/financial concerns, ID recovery, mental health, and more.

GENERAL LEAVE ACCRUAL. General leave is a multi-purpose leave providing for vacations, personal affairs, and non-job related illness/injuries.

• First year through five-year anniversary date of continuous employment: 11.67 hours per calendar month (140 hours per year) with an accumulated maximum of 304 hours.
• Sixth through ten-year anniversary date of continuous employment: 16 hours per calendar month (192 hours per year) with an accumulated maximum of 350 hours.
• Eleventh through fifteen-year anniversary date of continuous employment: 19.33 hours per calendar month (232 hours per year) with an accumulated maximum of 350 hours.
• Sixteenth year and beyond of continuous employment: 22.67 hours per calendar month (272 hours per year) with an accumulated maximum of 380 hours.

While accrual begins from the date of hire, for the most part, general leave may not be taken until completion of the employee's six-month probationary period.

HOLIDAYS. The District provides 101⁄2 holidays (84 hours) per year for full-time employees.

FLEX SPENDING ACCOUNT. Through the District's Flexible Spending Account (FSA), employees may set aside pre-tax dollars to pay for eligible "out-of-pocket" (unreimbursed) medical expenses, child or dependent care.

EDUCATION REIMBURSEMENT. All full-time employees are eligible for reimbursement for educational training or certification training taken from any college, university, or accredited institution, up to $5,250 per year with Department Head approval.

DIRECT DEPOSIT. All employees have the option to have their paycheck automatically deposited into different accounts with their bank and/or credit union.

The aforementioned information is only a summary of the District's benefits. Detailed information may be found in the Personnel Rules and Regulations and/or the Memorandum of Understanding between the SMWDEA and the Santa Margarita Water District.

01

Describe your experience with cybersecurity tools or frameworks. What tools do you have experience using for monitoring, risk assessment (or remediation), or incident response?

02

In your estimation, what is the biggest cybersecurity risk to an organization? How do you prevent or reduce that risk?

Required Question