Security Analyst III

Location

Olathe, KS | United States

Job description

A career with Johnson County Government is more than just a job, it is an opportunity to serve a diverse and expanding community in meaningful ways. We challenge ourselves to be a different kind of government because we care deeply about our community and each other. Committed to our shared values, we provide excellent public service, seeking always to improve ourselves and our organization. We offer wonderful benefits , retirement plans, wellness incentives, a great organizational culture, and much more! If you’re searching for something more than just a job, something akin to a calling, then consider the challenge and opportunity of being a member of Johnson County Government!

Johnson County Government is seeking a skilled and experienced Security Analyst III to join our team. As a Security Analyst III, you will play a critical role in maintaining and enhancing our security posture and ensuring compliance with legal and regulatory requirements. You will lead major security projects, drive continuous improvement in our security practices, and safeguard our valuable information assets by developing information security architecture, policies, and procedures.

This position is currently eligible to work in a hybrid work environment with both onsite and remote work. Residency within the Kansas City-Overland Park-Kansas City, MO-KS Combined Statistical Area, which generally includes the Kansas counties of Johnson, Wyandotte, Leavenworth, Miami, and Linn, and the Missouri counties of Jackson, Clay, Platte, Cass, and Ray, is required.

First review of applications will begin on March 11, 2024.

Responsibilities:

• Improve the security posture of the county through technology evaluation and process improvement.
• Foster collaborative partnerships with teams across DTI to improve and standardize security processes across all business units.
• Enhance security by conducting and analyzing penetration tests and vulnerability scans, taking corrective action as needed to address security weaknesses efficiently and effectively.
• Conduct reporting and auditing of Identity and Access Management.
• Identify and analyze current and evolving threats and vulnerabilities and work to mitigate security weaknesses.
• Ensure compliance of enterprise IT architecture with federal health, privacy, and financial regulations.
• Develop and document organization-wide information security policies and procedures, reflective of the latest security industry and technology trends.
• Research and lead security projects, deploying new technologies with initiative, and technical expertise.
• Analyze and evaluate security incidents, notices, and advisories, staying updated on secure architectures.
• Work with end users to address business functionality needs while ensuring secure methodologies.
• Train end users and promote security awareness for improved system security and efficiency.
• Monitor and track maintenance contract renewals to uphold digital information security.
• Utilize forensics software for data collection.
• Participate in on-call rotation.

Soft skills Needed:

• Human relations/interpersonal skills.
• Leadership traits, including motivation, delegation of duties, evaluation, strategic planning, goal setting, and complex decision-making skills.
• Curiosity.
• Written communication skills, including business writing, report writing, summarizing, and editing skills.
• Oral communication skills, including presentations to: individuals, small groups, and large groups.
• Facilitation skills, including curriculum/agenda development, ability to help groups focus, ability to use group decision making to gain commitment, and/or ability to encourage participation.

Special Knowledge and Skills Needed:

• Analytical skills, including the ability to research, interpret data, conceptualize data, analyze information, and write formal recommendations based on findings.
• Experience in performing basic and medium-level forensic analysis on Windows and UNIX systems.
• Comprehensive understanding and substantive experience in network systems engineering, computing systems and software applications.
• Penetration testing / Web application penetration testing.
• Experience working in a change-controlled environment.
• Experience working with:
  • Network and security management software
  • Network analysis tools
  • Scripting languages including UNIX command line utilities
  • Vulnerability Management tools
  • Layer7 firewalls (NGFW)
  • Vendor access systems
  • Active Directory
  • Log management tools
  • Network Security monitor tools

Required:

• Bachelor’s degree in Information Technology or relevant field*
• Eight (8) years of experience in information technology.
• Five (5) years of experience in information security principles, including risk analysis and management.

*Experience may be substituted for education. Education may be substituted for experience.

Preferred:

• Three (3) years of experience in project management.
• Three (3) years of experience with IT security standards (ISO, NIST) and regulatory standards (CJIS, HIPAA, PCI, etc.).
• Experience in the support and administration of Microsoft business applications such as: Active Directory, Exchange, Azure, Entra, Purview, and Defender for Office.
• Three (3) years of experience working with SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems).
• Experience using network analysis tools, scripting languages including UNIX command line utilities, software vulnerabilities, exploits and malware.
• CISSP certification

If you have the required experience and a passion for maintaining a secure environment, please submit your resume and cover letter highlighting your qualifications and relevant experience.

Job tags

Salary