Information Technology Security Analyst
INTERNAL/EXTERNAL JOB POSTING
Information Technology Security Analyst
Information Technology Security Supervisor
330 South US 301 Sumterville, FL 33585
Based on qualifications and experience
Friday, August 9th, 2019
# of Vacancies:
SECO Energy is a not-for-profit electric distribution cooperative serving nearly 200,000 families and businesses across seven counties in Central Florida, making SECO Energy the third largest electric co-op in Florida and the sixth largest in the nation.
*This posting will be closed and no longer available to receive applications upon the discretion of SECO Energy.
Qualified employees will be considered on an equal basis with external applicants.
General Purpose of Job
This position is responsible for implementing and supporting security of electronic data and compliance by instituting measures to safeguard cooperative information on networks; maintain security baselines for existing and new technology. Implement and audit cyber security policies and standards that protect the electronic security posture of the cooperative.
The following includes the minimum job requirements and essential duties for this position. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. Some job requirements may exclude individuals that cannot be reasonably accommodated or who pose a direct threat or significant risk to the health and safety of themselves or other employees.
Education and Experience:
- Bachelor’s Degree in Computer Science or closely related field. Four years of experience may be substituted for education.
- Minimum 3 years of professional work experience in Information Security
- Experience System or Network Administration (Windows, Linux, Cisco, etc.).
- Earned at least one IT Security certification (e.g. Security +, GCIA, GCIH, CISSP, CEH, etc.),
- Network Administration Windows, Linux, or Cisco environments
- Network Security Analyst experience
Knowledge, Skills and Abilities:
• Knowledge and understanding of Federal, State and local regulatory rules pertaining to security of electronic data; backup and disaster recovery systems; applicable data privacy practices and laws; and knowledge of risk mitigation best practices; developing metrics for electronic security initiatives to demonstrate effectiveness of security initiatives.
• Proficiency in the following areas to include, but not limited to:
- Training cooperative network users in electronic security measures.
- Implementing, testing and reviewing information security protocols, policies and procedures.
- Network penetration testing and vulnerability assessments.
• Proficiency in security tools that include: Port scanners, web scanners, vulnerability scanners, exploitation kits, network flow, IDS signatures, password crackers, OSINT, phishing techniques, sniffers, and PowerShell.
• Proficiency in configuration tools that include: SIEM, MDM, syslog, and patching.
• Proficiency in the operation of personal computers; computer networking, internet/web security; disaster recovery, MS Exchange; virtualization, active directory/group policy and computer software applications including MS Office products, customer information systems, etc.
- Excellent customer service orientation skills; ability to use tact and judgment for interaction with employees, managers, vendors, consultants and others; ability to work independently and productively and results oriented in order to complete assignments and meet deadlines.
• Prioritization and project management skills; analytical and process management skills; demonstrated change management aptitude and ability.
• Effective communications skills including written, verbal, and listening for interaction with employees, management, vendors, consultants and others; ability to analyze and interpret job related business periodicals and technical manuals; prepare reports, business correspondence, procedures and training manuals; prepare and conduct presentations to employees, management and others.
• Ability to keep confidential information confidential; ability to multi-task and effectively manage stress and pressure through changing priorities; ability to remain calm in high stress situations.
SKILLS VERIFICATION: The skills required for this position may be verified through a combination of education, experience, interview questions and technical skills exercise(s).
- Successful completion of SECO Energy’s employment entrance examination and drug screen.
Essential Duties and Responsibilities
This description is intended to indicate the kinds of tasks and levels of work difficulty required of the position given this title and shall not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of management to assign, direct and control the work of employees under supervision. The listing of essential duties and responsibilities shall not be held to exclude other duties that may be assigned based on the needs of the Cooperative.
• Monitor and address security incidents identified via SIEM, Firewall, IPS, IDS, Antivirus, MSM, Web filter, and other security appliances.
• Contribute as needed on endpoint protection (AV, vulnerability scanning, patch management, disk encryption, and MDM systems), and network protection (firewall, VPN, IDS/IPS)
• Respond to alerts and participates in incident response activities
• Participate in Information Security help desk activities by addressing and responding to Information Security and Cyber Security alerts and requests
• Implement and maintain security policies, procedures for electronic security.
• Maintain cooperative training program on electronic security and be able to train employees annually.
• Audit technical controls and mitigate risks to the cooperative
• Conduct research on network security products, services, protocols and standards in support of network procurement and development efforts.
• Actively monitor cooperative networks and devices for security vulnerabilities.
• Maintain metrics for security initiatives for incremental reporting to management and board of trustees.
• Work with the data center and networking team, application programming team and IT support team to ensure all SECO Energy systems are compliant with applicable policies and regulatory requirements.
• Perform penetration testing and vulnerability assessments on corporate networks and work with the different groups to resolve vulnerabilities.
• Audit security permissions on electronic systems and report policy violations and change recommendations to manager of Information Technology.
• Participate in planning and managing expenditures for network security hardware and software procurement.
• Interact with vendors and contractors to secure network security products and services, as directed.
• Maintain an active role in SECO Energy’s “Emergency Preparedness Plan” and “Incident Response Plan” to include review of the department’s roles and responsibilities and assist in preparing all documentation following an actual emergency as needed.
Physical Requisites and Working Environment:
The physical demands and work environment described here are representative of those an employee encounters or must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Some requirements may exclude individuals that cannot be reasonably accommodated or who pose a direct threat or significant risk to the health and safety of themselves or other employees.
• General office environment. Normal work hours will be eight (8) hours between 7:00 am and 5:00 pm, Monday through Friday. Occasional business travel may be required.
• Ability to work irregular hours for assignment completion and flexibility to change scheduling and report to work on short notice during emergency situations.
• Physical ability in sitting, stooping, pushing, crouching, crawling, reaching, standing, walking, pulling, lifting, using fingers, grasping, talking, hearing, extended repetitive motions, defined light level work. Visual acuity required as machine operator.
• Ability to lift and / or move objects weighing up to 10 lbs. on a regular basis and occasionally lift and / or move objects weighing up to 25 lbs.
• Operates a variety of office equipment, including personal computer, printers and telephone.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee is occasionally required to walk; stand; use hands to finger, handle, or feel; reach with hands and arms; climb and work from ladders or balance; stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds and occasionally life and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, and the ability to adjust focus.
This position has general office environment with some business travel. The noise level in the work environment is usually quiet to moderate.
- Attend and actively participate in all Job Briefings and Safety Meetings as required.
- Promotes safe work practices
- Demonstrate a thorough knowledge and comply with all applicable SECO Energy safety rules, policies, practices, and procedures.
- Use all required safety protective equipment and utilize all SECO Energy equipment in a safe and efficient manner.
- Be alert to any safety hazards involving SECO Energy equipment and notify the appropriate personnel immediately.
- Attend and actively participate in training as scheduled.
- Maintain regular attendance and punctuality during the established working hours.
- Maintain a commitment to excellence and to the Corporate Vision.
- Maintain and encourage open, honest communication with superiors and co-workers.
- Exhibit a commitment to customer focused service.
- Exhibit integrity and honesty in all actions.
- Exhibit a firm commitment to safety.
- Maintain a team player focused cooperative style.
- Exhibit a strong work ethic.
All Internal and External applicants must apply On-Line only as follows:
INTERNAL (Employees Only)
From SECONet (employee Intranet)
click Employee Bulletin Board, Jobs/Career.
Then, click the link: “EMPLOYEES may apply online here”.
EXTERNAL applicants apply On-Line Only: At a Career Source office or from any computer with Internet access on SECO’s Careers Web Site: http://www.secoenergy.com
SECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.