JOB TITLE: Analyst, IT Security SR
Department: IT Infrastructure Operations
Position Number: IT6S007
Division: Information Technology
FLSA Status: Exempt
Supervisor’s Title: Lead, IT Security
Location: North Fort Myers
Work hours: Varied Shifts - Due to the 24 hour, 7 days per week nature of power distribution, night, weekend, and holiday support via telephone or call-out, may be required.
This position is responsible for ensuring the confidentiality, integrity and availability of LCEC systems through the implementation of information security systems, policies and procedures based on industry best practices. The LCEC Information Security Management System (ISMS) is based on a continuous improvement methodology which will ensure that the organization adapts to new security threats as they arise and addresses all applicable cyber security related regulatory requirements. The IT Security Analyst is responsible for assisting in the implementation of ISMS elements as directed by the Lead, IT Security and the Information Security Officer (ISO).
Information Security Management System (ISMS) & Compliance:
Subject matter expert for the ISMS:
• Expert level knowledge of best practice guidelines and controls
o ISO 27001
o National Institute of Standards and Technology (NIST)
o Center for Internet Security (CIS) Critical Controls
• Policy, Procedure & Control development, implementation and documentation
• Continuous improvement using Plan, Do, Check, Act (PDCA) methodology
• Ensure compliance with the cyber security components of the following:
o Critical Infrastructure Protection (CIP) Standards
o Fair and Accurate Credit Transactions Act (FACTA)
o Florida Information Protection Act (FIPA)
o Payment Card Industry (PCI)
Security Infrastructure, Architecture & Systems:
• Defense in Depth Strategy:
o Assist in the development of a multi-year strategy for LCEC’s security architecture based on detailed risk assessments, priority and budget
o Plan, budget and implement the approved strategy components on an annual basis
• Security Infrastructure and Operations:
o Identify security issues and risks, and develop mitigation plans.
o Evaluate, design, implement, and support security-focused tools and services.
o Evaluate and recommend new and emerging security products and technologies.
o Develop and deliver training materials and perform general security awareness and specific security technology training.
o Security Operations Center (SOC)
o Senior member of the LCEC Computer Emergency Response Team (CERT)
o Incident Response Plan (IRP) & Forensics
o IRP Exercises
o Threat Hunt Exercises
o Administer network and computing devices/systems that enforce security policies and audit controls in a Windows/Linux environment.
o Assist in responses to external audits, penetration tests and vulnerability assessments.
o Conduct internal audits, penetration tests and vulnerability assessments
o Meet with clients and management to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications and systems to production.
Security System Configuration, Management, & Auditing:
• Intrusion Detection/Prevention (IDS/IPS)
• Traffic Monitoring and Control systems
• Encryption solutions
• Packet Sniffer
• Log Management Devices
• Security Information & Event Management (SIEM)
• Forensics Tools
• Vulnerability Scanners
• Penetration Testing
• External Security Assessment
• Incident Management & Response
• SPAM and Virus protection
• Data Loss Prevention (DLP)
• Information security metrics development and reporting.
Maintain effective working relationships with employees and customers at all levels within LCEC. Ensure smooth operations, productive communications, and effective understanding during all interpersonal contacts. Provide current and accurate information to all requesters, courteously and in a timely manner.
• BA/BS degree in Computer Science or related field.
• Eight (8) years of experience in the computer/security field and multiple security related certifications may be substituted for a BA/BS degree.
• Cisco Certified Network Associate/Professional (CCNA/CCNP).
• Industry recognized Information Security Certification (CISSP, GIAC).
• Microsoft Certified Systems Engineer (MCSE)
• Ten (10) years of experience in the computer industry, with at least three (3) years designing and planning computer systems and networks, plus 5 years of experience performing IT security duties.
• Ability to work in a dynamic environment with many competing priorities
• Professional approach to information security management and ability to implement changes while minimizing operational impact
• Team oriented approach to problem solving
• Experience managing projects and matching requirements to technical solutions.
Physical Demands and Work Environment:
The physical demands and work environment characteristics described here must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:
• Physical Demands: May be required to lift up to 50 pounds and sit for extended periods of time at a desk/computer terminal. Able to view computer monitor from a reasonable distance.
• Work Environment: Air Conditioned office, computer room
Please note that at the time a candidate is made a job offer, the candidate will be subject to a background check and a drug test which will include screening for tobacco.