|
Reference Number:
SENSEC
Job Description:
Certification as Certified Information Systems Security Professional (CISSP) or Systems Security Certified Practitioner (SSCP) is mandatory.
The Security Analyst has two primary roles:
1) Working with business units and system developers to conduct administrative, procedural, operational and technical studies and analysis in support of investigating and assessing the current and proposed security controls protecting application systems developed and maintained. This person will also recommend new administrative and technical controls to address any security shortfalls uncovered.
2) Evaluating and assessing current and proposed security controls used in support of internal agency operations. Recommending new administrative and technical controls to improve the security of agency operations. This requires meeting with outside but internal entities and coordinating activities with them, including the development and application standards.
Three or more years experience serving as a Security Analyst in a large environment. Experience addressing security requirements of large, complex business applications utilizing web application technology (e.g., IBM WebSphere), reporting systems (e.g., Cognos) and identity management systems (e.g., Tivoli). Solid understanding of information technology and information security including firewalls, VPNs, penetration testing and related security skills. Ability to exercise independent initiative and judgment while planning and coordinating work with others. Able to serve as an effective member of the technical and business teams and to communicate security concepts to a broad range of technical and non-technical staff. Certification as Certified Information Systems Security Professional (CISSP) or Systems Security Certified Practitioner (SSCP) is mandatory.
Experience Level:
5+ Years
Requirements:
Three or more years experience serving as a Security Analyst in a large environment. Experience addressing security requirements of large, complex business applications utilizing web application technology (e.g., IBM WebSphere), reporting systems (e.g., Cognos) and identity management systems (e.g., Tivoli). Solid understanding of information technology and information security including firewalls, VPNs, penetration testing and related security skills. Ability to exercise independent initiative and judgment while planning and coordinating work with others. Able to serve as an effective member of the technical and business teams and to communicate security concepts to a broad range of technical and non-technical staff. Certification as Certified Information Systems Security Professional (CISSP) or Systems Security Certified Practitioner (SSCP) is mandatory.
|
