Cybersecurity Analyst

SUMMARY OF POSITION:

The Cybersecurity Analyst is responsible for the overall cybersecurity program for ADCOM911. This position is primarily responsible for monitoring intrusions and malicious activity, analyzing business processes, and assessing/identifying risks. They also facilitate the adoption of risk tolerance levels, conduct internal audits, identify security shortfalls and gaps, make recommendations on remediation and prevention, and conduct needed mitigation tasks. The ideal candidate for this position serves as the primary subject matter expert in cybersecurity, and parameter security. They will facilitate training for all end users and will install, configure, and monitor security systems and alerts. The position requires scheduled ‘On Call’ time and the ability to provide twenty-four (24) hour, seven (7) day a week remote availability for the emergency diagnosis of critical cybersecurity related problems.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

(The following statements are illustrative of the duties and responsibilities of the position and do not list every duty that may be required of the employee for this position. ADCOM911 retains the right to change the duties and responsibilities of the position at any time without notice)

• Monitor systems and networks for malicious activity. Perform regular vulnerability scans and participate in remediation efforts.
• Participate in internal and external security & compliance audits. 
• Design, install, configure, coordinate implementation, and monitor security systems; Respond to operational alerts, which include ADCOM911’s monitoring intrusion detection and prevention system, firewalls, data encryption and other cyber security systems, technologies, and platforms.
• Detect, investigate, and resolve security incidents and threats using ADCOM’s SIEM solution. Utilize reports and respond to real-time alerts.
• Promote activities to create information security awareness throughout the organization and function as SME, providing cybersecurity training to all end-users.
• Assist with day-to-day operations within the ADCOM IT team. 
• Attend conferences and training as required to maintain proficiency. 
• Research and stay up to date on latest threats, vulnerabilities, tools, techniques, compliance, laws, regulations, and cybersecurity best-practices. 
• Assist in the preparation of bid specifications and requests for proposals and function as the project manager and/or technical lead for implementing new security systems monitoring, and policy enforcement platforms.
• Assist with any external auditing functions, including CJIS and other system audits.
• Coordinate regular penetration testing with external vendors & partners.
• Oversee ADCOM911’s physical security projects, including card access, personnel access permissions, security camera projects, and camera footage maintenance.
• Assist with leading security investigations; Identify, contain, and remediate end-user-related security incidents (viruses, credential compromises, etc.)
• Develop and implement an ADCOM System Cybersecurity Plan, including policies, procedures, guidelines, and standards. Review annually and coordinate any changes to the Incident Response Plan and the overall IT Cybersecurity Policies/Standards.
• Work closely with the Network Engineer and Systems Administrators to address security requirements for all systems, whether on-premises or cloud-hosted.
• Document all work products and progress.
• Ensure commitments are met to internal and external customers/member agencies.
• Must be able to work a flexible schedule when required to operate during maintenance windows.
• Respond to critical system outages outside of normal business hours on a 24/7 basis.
• Participate and attend all North Central Region Cybersecurity Committee meetings.
• Perform other related duties and responsibilities as required. 

POSSESSION OF OR ABILITY TO OBTAIN THE FOLLOWING LICENSES AND CERTIFICATIONS:

• CompTIA Security+ and/or CompTIA CySA+ required.
• GIAC, OSCP, CISSP, CCSP, or other equivalent certifications strongly preferred but not required. 
• CJIS certified or ability to obtain certification within 30 days of employment.

KNOWLEDGE, SKILLS, AND ABILITIES:

• Ability to utilize information from a variety of sources including frameworks, guidelines, threat-intelligence, and industry best-practices to inform decision making.
• Familiarity and prior experience with Managed Detection and Response (MDR) solutions such as Crowdstrike and/or Arctic Wolf.
• Knowledge of security technologies, including firewalls, proxies, SIEM, antivirus software, and IDPs.
• Knowledge of network and cabling theory and applications. Knowledge of network protocols, architecture, datacenter environments, and system design.
• Strong knowledge of vulnerability scanning, penetration testing, network security, and the techniques used to expose and correct security flaws.
• Knowledge of current Microsoft Server operating systems and server hardware.
• Knowledge of enterprise server virtualization.
• Knowledge of enterprise storage and backup technology.
• Knowledge of Disaster Recovery methods.
• Knowledge of Cisco switch, routing, and firewalls.
• Knowledge of Security Awareness Training and Phishing Campaign applications.
• Strong skills in documentation and standard/policy development.
• Ability to think critically and innovatively about security solutions.
• Technical aptitude to adapt and learn in a rapidly changing environment and solve complex problems. 
• Technical competency to assess and propose security controls to address security gaps. 
• Working knowledge of industry best practices and common compliance frameworks such as HIPAA, PCI, NIST. 
• Skilled in log and packet analysis. 
• Ability to take initiative with minimal supervision.
• Ability to perform well under pressure and in disruptive environments.
• Strong interpersonal skills and demonstrated ability to work effectively with internal/external customers and colleagues. 
• Knowledge of TCP-IP networks. 
• Ability to work non-traditional hours. 
• Proficient with Microsoft Windows operating systems. 
• Communicate clearly and concisely, both orally and in writing. 
• Knowledge of CJIS is preferred.
• Working knowledge and training in Microsoft Azure, Active Directory and O365 system and security administration preferred. 
• Up-to-date knowledge of security threats and exploitation techniques. 

EDUCATION AND EXPERIENCE:

• A bachelor’s degree in Cybersecurity, Information Security, Computer Information Systems, Technology Management, or closely related field; OR at least three (3) years’ experience working in a technology or information security role. 
• Experience and training in Windows Servers, Networking, Firewalls, and Vulnerability scanning are required.

• Experience administering information security systems to include the following: information security architecture, information security procedures and controls, physical security, attack & penetration testing, application testing, information assurance gap analysis, and incident response.
• Any equivalent combination of education, training, and experience which provides the required knowledge, skills, and abilities may be considered.

CONDITIONS OF EMPLOYMENT:

• Must pass a pre-employment criminal record background check.
• Successful candidates must submit to post-offer, pre-employment physical examination, and medical history check, if required.

WORKING CONDITIONS AND PHYSICAL Requirements

• Physical Demands: Regular standing and sitting; the ability to lift a maximum of forty pounds; occasional lifting, carrying, walking, and standing; hand/eye coordination for operation of computer keyboard; vision for review and analysis of data and reports; frequent speech communication, hearing, and listening to maintain communication with employees and agencies. This job requires normal hearing and color vision.
• Office environment with frequent interruptions; will interact with employees and member agencies daily; some computer system user contact; exposure to computer screens; potential exposure to inclement weather; travels from site to site. Provide twenty-four (24) hour, seven (7) day a week remote availability for the emergency diagnosis of critical IT related problems.

• Equipment Used: Personal computer, PSAP console equipment, telephone, printers, and other job-related equipment and tools.