Cyber Security Analyst II
Apply Here!
Information Technology (IT) seeks an IT Cybersecurity Analyst II that will be accountable for the process and procedures to strengthen the security of the City of Colorado Springs IT assets from unauthorized or malicious modification, disclosure or destruction. This position will provide Cybersecurity operations, analytics, and support by planning, coordinating, integrating, and synchronizing cyber defense and prevention activities throughout IT. The Cybersecurity Analyst will monitor and report on IT’s and the City’s compliance with applicable cyber governance, policy, and controls with a goal of ensuring information availability, protection, and delivery.
Essential Job Functions- the basic job duties an employee must be able to perform:
- Exercise and display exceptional Cybersecurity leadership and hygiene
- Ensure proper IT system and data security process and procedure is practiced at all times
- Provide subject matter expert input to the overall City’s Cybersecurity strategy
- Participate in cybersecurity operations, support IT Change Management and IT Service Management processes.
- Manage the Cybersecurity Awareness Training program
- Actively apply governance management and compliance
- Operate and maintain City Enterprise Detection and Response (EDR) and participate/support threat intelligence/hunting efforts
- Ensure certificate authority operations and consistency
- Support, monitor and analyze security events from Security Information and Event Management (SIEM)
- Engage City IT, customers, and vendors in ensuring Cloud security best practices
- Support and maintain the Privileged Account Management program
- Participate in and support threat intelligence/hunting efforts
- Produce, socialize, and support Cybersecurity standards
- Support the overall ports, protocols, and services (PPSM) program
- Participate in and support Incident Response (IR) program planning
- Support external risk and vulnerability assessments and audits
- Directly support the overall vulnerability management program
- Underpin the Cybersecurity metrics and measures
- Actively exercise and promote knowledge sharing within Cybersecurity Team and IT Department.
- Maintain situational awareness of cyber activity and compliance in the IT industry by reviewing open source reporting for new vulnerabilities, exploits, and malware
- Proactively protect the confidentiality, integrity, and availability of City data and information systems
- Develop and promote standard operating procedures and use of the Knowledge Management System (KMS)
Examples of Job Competencies
Knowledge of:
- Security environments including: operational knowledge of malware detection and response methodologies, operating system hardening, incident response, policy writing, regulatory compliance, data classification, vulnerability management, best practices
- Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, ports protocols and service management (PPSM), and application security)
- Working experience with the National Institute of Science and Technology (NIST) Cybersecurity Framework and/or Risk Management Framework (RMF)
- Security solutions, policies, and technologies
- Scripting tools
- Strong understanding of Microsoft Desktop Operating Systems, Microsoft Active Directory Users and Computers (ADUC), Web browser operations, E-Mail protocols, computer networking and TCP/IP, third party vulnerability vectors, network monitoring tools and sensors, cyber-terrorism protection
- Microsoft’s Azure and M365
- Federal, State, Local government
- Multi-vendor environments
Ability to:
- Understand the lifecycle of the network threats, attack vectors, and network vulnerability exploitation
- Demonstrate competency in strategic thinking with strong abilities in relationship management
- Work independently using all available resources to resolve tickets and ensure service delivery
- Provide accurate, professional, and timely documented updates to all assigned tickets
- Follow and execute documented and approved policy, processes, and procedures
- At times, return on-site to office or connect remotely, after normal business hours, to respond to active Cyber Incidents and/or support City network resource availability.
- Communicate clearly and concisely, verbally and in writing, with users and technical support
- Show initiative and act independently to resolve tickets, manage multiple priorities, and follow through on customer engagement.
Apply Here!
Senior Cyber Security Analyst
The Information Technology (IT) Department seeks a Senior Cybersecurity Analyst/Boundary Engineer that will be accountable for the operation, process and procedures to harden City of Colorado Springs IT assets and boundary from unauthorized or malicious modification, disclosure or destruction. The Senior Cybersecurity Analyst/Boundary Engineer shall design, configure, manage and troubleshoot a variety of network firewall and boundary technologies. Maintain support of the network and security infrastructure, monitor and report on IT’s and the City’s compliance with applicable cyber governance, policy, and controls with a goal of ensuring information availability, protection, and delivery. This position will also provide Cybersecurity operations, analytics, and support by planning, coordinating, integrating, and synchronizing cyber defense and prevention activities throughout IT.
Apply Here!
Essential Job Functions- the basic job duties an employee must be able to perform:
- Ensure proper IT system and data security is practiced at all times. Identify and escalate issues affecting the enterprise operations and defense per process and procedure.
- Cyber requirements analysis, strategic support to operations, event/incident analysis, day to day operations of the City’s Firewalls and Virtual Private Networks (VPN)
- Device hardening/patching of Firewalls and Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS).
- Triage cyber events, incident response, network analysis, threat detection, trend analysis, vulnerability and exploit information and resolve advanced vector attacks such as botnets and advanced persistent threat (APT) malware. Provide incident investigation, handling and documentation; ensure remediation steps / timelines are understood.
- Consume and analyze data from cyber organizations; prepare and deliver situational awareness to IT leadership
- Provide metrics and measures relating to security threats and vulnerability events/incidents.
- Collaborate with multiple IT teams on through the framework of Identify, Protect, Detect, Respond, Recover.
- Actively exercise and promote knowledge sharing within Cybersecurity Team and IT Department.
- Analyze network security requirements and implement perimeter security changes
- Utilizing industry best practices for security, disaster recovery, business continuity, and change control
- Conduct risk and vulnerability assessments
- Diagnose and resolve complex network problems and improve network performance and reliability
- Maintain situational awareness of cyber activity and compliance in the IT industry by reviewing open source reporting for new vulnerabilities and malware
- Monitor security events received through the Security Incident and Event Management (SIEM) or other security tools and perform analysis of log files
- Provide tuning recommendations of policy in security control tools to leadership and tool administrators based on findings during investigations or threat information reviews
- Support development, maintenance, and publishing of City information security policy, process and procedure
- Proactively protect the confidentiality, integrity, and availability of City data and information systems
- Report to supervisor regarding the effectiveness of current Cybersecurity measures
- Provide support for required industry Cybersecurity audits
- Log all customer contact (calls, E-Mails, web forms, chat sessions, or voicemails) into the correct ITSM tool
- Develop and promote standard operating procedures and use of the Knowledge Management System (KMS)
- Provide subject matter expert input to the overall City’s Cybersecurity strategy
Examples of Job Competencies
Knowledge of:
- Security environments including firewalls, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification
- Configuring and troubleshooting routing and switched infrastructure
- Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security)
- Working experience with the National Institute of Science and Technology (NIST) Cybersecurity Framework and/or Risk Management Framework (RMF)
- Security solutions, policies, and technologies
- Strong understanding of Microsoft Operating Systems, Microsoft Active Directory Users and Computers (ADUC), Web browser operations, E-Mail protocols, Domain Naming Service (DNS), computer networking and TCP/IP, third party vulnerability vectors, network monitoring tools and sensors, and cyber-terrorism protection
- Federal, State, Local government
- Multi-vendor environments
Ability to:
- Understand the lifecycle of the network threats, attack vectors, and network vulnerability exploitation
- Demonstrate competency in strategic thinking with strong abilities in relationship management
- Work independently using all available resources to resolve tickets and ensure service delivery
- Provide accurate, professional, and timely documented updates to all assigned tickets
- Follow and execute documented and approved policy, processes, and procedures
- Lift and move IT equipment up to 35 pounds between rooms, facilities, and vehicles
- Communicate clearly and concisely, verbally and in writing, with users and technical support
- Show initiative and act independently to resolve tickets, manage multiple priorities, and follow through on customer engagement.
Apply Here!
