Information Security Analyst
About the position
As an Information Security Analyst, you will be responsible for the proactive protection of the confidentiality, integrity, and availability of information in the custody of, accessed by, transmitted, or processed by the County. You will interact with stakeholders across all technical teams, external entities, and management, and will monitor, analyze, improve, and coordinate activities to maintain secure system access. Additionally, you will:
- Identify security requirements using security, cloud, and vendor risk assessments, business impact assessments, vulnerability scanning tools, and other security frameworks and standards
- Assist in the remediation of vulnerabilities by identifying patches, configurations, and compensating controls
- Support third-party audit/assessment requests for documentation on processes, policies, procedures, and configurations
- Continually improve incident response processes by serving as a member of the Security Incident Response Team, assisting with the testing and execution of the Security Incident Response Plan, and creating and maintaining documentation related to incident handling and investigation procedures
- Deliver security awareness training, tech talks, and other awareness campaigns to spread security knowledge
- Assist with processing and gathering information related to litigation holds
- Prepare security assessment reports and other technical documentation as needed
- Stay up to date with trends in the information security community including new tools, vulnerabilities, methodologies, and products
What you bring
Ideal candidates will possess:
- A thorough understanding of computer and network security, including areas such as firewalls, IPS, SIEM, encryption technologies, and network protocols
- Demonstrated knowledge of common cyberattack vectors and defenses
- Experience with tools and techniques for penetration testing and vulnerability scanning
- Applied knowledge of common security standards, controls, and frameworks
- Experience supporting security monitoring systems
- Effective written and oral communication
- Complex analysis and problem solving skills
Please Note: This position will be required to have access to Sheriff's Office or Probation Department facilities or view data or work with information systems for these departments. This requires that a more extensive "Security Clearance" be performed, after hire, by the Sonoma County Sheriff’s Office. Successful completion of the probationary period will be contingent upon passing the security clearance, which includes a Live Scan fingerprint based check of California Department of Justice (DOJ) and Federal Bureau of Investigations (FBI) criminal records. If you are offered a position which requires a security clearance, the job offer letter will clearly specify this as a condition of the probationary period.
This recruitment is being conducted to fill an Information Security Analyst position in ISD. This employment list may also be used to fill future full-time, part-time, or extra-help (temporary) vacancies as they occur during the active status of the list. Qualified County employees who wish to be considered for future positions should consider applying to this recruitment. The Civil Service title for this position is Systems Software Analyst.
Education: Any combination of education and training which would provide the opportunity to acquire the knowledge and abilities listed. Normally, graduation from a four year college or university with major coursework in computer science, information systems, or a closely related field would provide this opportunity.
Experience: Any combination of training and experience which would provide an opportunity to acquire the knowledge and abilities listed. Normally, three years of technical professional experience involving systems analysis, programming, systems engineering, or similar field in a multi-platform information systems environment including experience installing and maintaining systems software and working with database structures. Additional, highly relevant professional level experience may be substituted for the required education.
License: Possession of a valid driver's license at the appropriate level including special endorsements, as required by the State of California, may be required depending upon assignment to perform the essential job functions of the position.
Knowledge, Skills, and Abilities
Considerable knowledge and understanding of: operating systems and software products; database principles and design; data collection and classification procedures; database and systems problem identification, tracking, resolution, and vendor support; structured coding and analysis; application development products; specific programming techniques and languages; mainframe, mid-size, and client-server network systems capabilities and operations; methods and techniques of troubleshooting hardware, software and inter-connectivity problems; principles of data security; methods and techniques of providing support to staff and end users.
Working knowledge and understanding of: local and wide area network design, management, and operation; the inter-relationship of mainframe, PC, LAN, Network and telecommunications systems including hardware components, software applications, operating systems, and documentation; principles, methods, and techniques of systems analysis.
Ability to: plan, design, upgrade, install, and tune systems software; create systems specifications; provide technical support related to systems software; write and modify instructions, procedures, manuals, documentation; analyze systems problems, develop effective solutions, and prepare cost estimates; work cooperatively and effectively with staff, customers, and vendors; perform a variety of tasks in a consistent and accurate manner; analyze and evaluate information, problems, and situations and develop an effective course of action; prepare clear, concise and accurate oral and written reports.
Selection Procedure & Some Helpful Tips When Applying
- Your application information and your responses to the supplemental questions are evaluated and taken into consideration throughout the entire selection process.
- You should list all employers and positions held within the last ten years in the work history section of your application. Be as thorough as possible when responding to the supplemental questions.
- You may include history beyond ten years if related to the position for which you are applying. If you held multiple positions with one employer, list out each position separately.
- Failure to follow these instructions may impact your competitiveness in this process or may result in disqualification.