IT Information Security Analyst

Birmingham Water Works Board
Job Description
Job Title:  IT Information Security Analyst            Department: Information Technology
Reporting Relationship:  IT Manager                      Exempt Status:  Exempt
Grade:  45

General Responsibilities:
Maintains a constant focus on detecting and preventing cyber threats to the company computing environment. Seeks to identify weaknesses of the company computing infrastructure (software, hardware, networks) and find creative ways to protect it. Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.  May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. Work closely with IT department staff, guidance from the Senior IT Information Security Analyst and the IT Department Manager. Serve as an internal company lead for responding to business impacting computer security breaches and viruses.
Essential Job Functions:
  1. Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
  2. Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
  3. Implement, assess and monitor security controls and conduct risk assessments to include: configuration change, security impact analysis, vulnerability audits and security configuration checks.
  4. Plan, implement, and upgrade security measures/controls
  5. Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
  6. Maintain data, monitor security access, perform diagnostics for security problems and identify/mitigate security risks
  7. Perform vulnerability testing, risk analyses and security assessments
  8. Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  9. Conduct internal security audits
  10. Anticipate security alerts, incidents, and disasters and reduce their likelihood
  11. Collaborate technically with infrastructure team to manage network, intrusion detection, prevention systems and encryption measures
  12. Analyze security breaches to determine root cause
  13. Recommend and install appropriate tools and countermeasures
  14. Define, implement and maintain corporate security policies and procedures
  15. Collaborate with the appropriate BWWB areas to train fellow employees in security awareness and procedures
  16. Maintain professional relationship with vendors
Bachelor’s degree in Information Technology, Computer Science, Cyber Security or a related technical field.  
Three to five years of experience specifically in a security analyst job for computing infrastructure environment for a medium to large size company.
Key areas of experience expected for this position:
  1. Penetration testing and vulnerability testing & remediation
  2. Anti-virus and anti-malware
  3. TCP/IP, computer networking, routing and switching
  4. Firewalls, proxies, IDS, IPS, and security appliances
  5. Windows, UNIX and Linux operating systems
  6. Network protocols and packet analysis tools
  7. Comprehension of development & scripting languages (C#, VB, Python, C, .NET)
  8. Cloud computing and Cloud Security
  9. Security Information and Event Management (SIEM), Log analysis, Event collection & correlation
  10. Incident response and handling
  11. Policy and Procedure writing
  12. Experience in regulations or compliance with HIPAA and PCI
  13. Knowledge in Information Security Framework (NIST, COBIT)
Certificates, Licenses, Registrations
In combination with required work experience, one or the following certifications are required, and others are highly preferred:
  • CCNA
  • Security Plus
  • CEH Certified Ethical Hacker
  • ECSA EC-Council Certified Security Analyst
  • GSEC / GCIH / GCIA GIAC Security Certifications
  • CISSP Certified Information Systems Security Professional
Contact Information