IT Security Analyst

OUC - The Reliable One, is presently seeking an IT Security Analyst to join the Technology division. At OUC, we don't just work - we're building a bright future of innovation and transformation for future generations.

We are seeking a detail oriented, technically curious analyst to help monitor, analyze, and respond to security events across OUC's technology environment as we continue building our Defensive Cyber Operations (DCO) / Security Operations Center (SOC). In this role, you will support day to day security operations-including SIEM monitoring, vulnerability review, malware investigation, incident response assistance, and access related troubleshooting-while contributing to ongoing improvements in OUC's security posture. This position follows a 3/2 hybrid 40 hour schedule, requiring on site work every Tuesday and Thursday, plus one additional on site day each week as needed to support project work and operational demands.

You will succeed in this role by being a creative problem solver who can clearly explain security concepts to non technical audiences, along with a collaborative, socially adept communicator who works well with IT teams, business units, and leadership. This role is ideal for someone who enjoys hands on security work, continuous learning, and contributing to a growing security operations function in a fast evolving environment.

As part of OUC's incident response team, the Analyst must maintain availability for urgent security events and will participate in an after hours on call rotation. You will collaborate closely with IT, business units, Legal, and Purchasing to ensure secure operations, compliance, and risk mitigation as OUC builds its DCO and SOC capabilities.

OUC is an industry leader and the second largest municipal utility in Florida committed to innovation, sustainability, and our community, OUC's mission is to provide exceptional value to our customers and community by delivering sustainable and reliable services and solutions.

Join a team of visionary Change Agents, Strategists, and Community Ambassadors who understand the vital role of diverse experiences in powering creativity and industry transformation. At OUC, each position contributes to the success and achievement of our goals. Click here to learn more about what we do.

The ideal candidate will have:

• Bachelor's degree in Computer Science, MIS, or a related field, or an equivalent combination of education and directly related experience
• 3+ years of hands on experience in information security analysis or security operations, including basic malware analysis and Windows server administration
• Practical experience with SIEM monitoring, vulnerability management, and familiarity with patching solutions
• Ability to identify and understand common threats, attacks, and vulnerabilities, including malware, social engineering, and application based attacks
• Knowledge of cloud identity and access management security
• Creative, "think outside the box" mindset with the ability to explain security concepts to non technical audiences
• Collaborative, socially adept communication skills with strong stakeholder engagement abilities, needed for effective partnerships with IT teams, business units, and leadership
• Preferred certifications or willingness to obtain: CISSP, GCIH, GREM, CCNP Security, CompTIA Security+, CompTIA CySA+, SecureX, or other relevant industry credentials
• Ability to work a hybrid schedule (40 hours/week) with on site presence every Tuesday and Thursday, plus additional on site support for projects as needed.
• Willingness and ability to participate in an after hours on call rotation.

OUC offers a very competitive compensation and benefits package. Our Total Rewards package includes, to cite a few:

• Competitive compensation
• Low-cost medical, dental, and vision benefits and paid life insurance premiums with no probationary period.
• OUC's Hybrid Retirement Program includes a fully-funded cash balance account, defined contribution with employer matching along with a health reimbursement account
• Generous paid vacation, holidays, and sick time
• Paid parental leave
• Educational Assistance Program, to include tuition reimbursement, paid memberships in professional associations, paid conference and training opportunities
• Wellness incentives and free access to all on-site OUC fitness facilities
• Access to family-oriented recreational areas
• Paid Conference and Training Opportunities
• Hybrid work schedule

Click here to view our Benefits Summary.

Salary Range: $79,200- $99,000 annually - commensurate with experience

Location: "The Greenest Building in Downtown"- Reliable Plaza, 100 W. Anderson Street, Orlando, FL 32801

Applicants must be legally authorized to work in the United States at the time of application. This organization does not offer or sponsor employment visas for internship or full-time positions.

Please see below a complete Job description for this position.

Job Purpose:

Responsible for monitoring, analyzing and remediate security of information assets to identify potential security threats that risk OUC of misuse, unauthorized access or disclosure. Assist with the design and maintenance of security posture, enable compliance and assess IT risk. The Analyst also interacts with business functions to maintain insight on business needs and potential impacts.

Primary Functions:

• Investigate malware issues, determine severity, and recommend mitigation; follow up to ensure resolution;
• Respond and assist with initial incident assessments, damages, recovering services; post incident information and analysis;
• Serve as a technical lead or Subject Matter Expert (SME) on IT sponsored projects;
• Provide active participation in information security architecture design;
• Monitor security events at the network, application, database and operating systems level to identify potential security incidents;
• Identify weaknesses in OUC's security posture that could result in unauthorized access to sensitive data; participate in building remediation plans that minimize risk to sensitive data and build a defensive security posture;
• Provide escalated security tool administration;
• Perform all provisioning and modifications of user access to all major OUC IT assets including network and major applications;
• Conduct Security Awareness training for other Business Units; train users on how to maintain OUC's security as well as their own;
• Train IT support technicians on first and second level response access related issues for supported applications, payment issues, personal and corporate device provisioning, and website issue management;
• Provide access control third level support to the ITSC on enterprise applications(i.e. EnterpriseOne);
• Serve as primary Security contact for all IT-related Request for Proposals (RFPs) and contracts across all business units, including Purchasing and Legal departments;
• Review and modify RFPs to include IT Security standards and policies; including the creation of additional attachments
• Work with Legal department attorneys to review RFP and contract wording; explain technical and security concepts;
• Complete IT Contract review document for Legal for all IT Security purchases;
• Review Hosted Vendor Solution Questionnaire required for any service that processes or host OUC data; works with responding vendors on any outstanding questions or concerns;
• Work on various projects to configure and implement and test security tools;
• Asses risk for new and existing technology. Researches, plans, and tests mitigations for risk management;
• Monitor security events at the network, server, application, and database;
• Perform other duties as assigned.

Technical Requirements:

• Working knowledge of all, but not limited to the following:
• IT security architecture and design such as Data Loss Prevention (DLP), Security Information & Event Management (SIEM), multi-factor authentication, cloud computing, mobile device security, etc.
• Enterprise applications, desktop security management and network management
• Structured Query Language (SQL)
• Related industry, organizational and departmental policies, practices, and procedures; legal guidelines, ordinances, and laws;
• Product documentation including technical requirements, product workflows and product instruction manuals;
• Statements of work for IT Security related projects/products;
• RFP, legal contracts for technology purchases; understand purchasing operational procedures;
• Technical Reference materials (i.e. Gartner)
• Real-time alerts including administrative changes, network lockouts, malware, and shared folder outbreaks;
• Preparing and maintain reports (ie. Daily network events, malware, administrative summary, foreign IP and lockout, Ad-hoc, and month-end)
• Build strong relationships both internally and externally;
• Strong communication skills, both verbal and written;
• Ability to handle confidential information with discretion;
• Ability to analyze large volumes of information from multiple sources in order to draw conclusions regarding suspicious patterns and create procedures needed for increased user productivity;
• Ability to use Microsoft Office Suite (Excel, Word, PowerPoint, etc.) and use standard office equipment (telephone, computer, copier, etc.)

Education/ Certification/ Years of Experience Requirements:

• Bachelor of Science degree in Computer Science, Management Information Systems or related area of study from an accredited college or university. In lieu of a degree, equivalent combination of education and directly related experience may be substitutable i.e. one year of directly related work experience/education for each year short of the four year degree requirement;
• Minimum of three (3) years of experience with Information Security Analysis and/or Operations performing basic malware analysis and Windows server administration
• Preferred list of Certifications or willingness to obtain the following certifications:
• Certified Information Systems Security Professional (CISSP),
• GIAC Certified Incident Handler (GCIH),
• GIAC Certified Security Professional (GREM),
• Cisco Certified Network Professional (CCNP),
• or other relevant industry certifications

Working Conditions:

This job may involve occasional exposure to some disagreeable elements (dust, heat, cold, noise, etc.) and accidents are improbable other than minor injuries.

Physical Requirements:

This job requires constant typing, speaking and hearing, detailed inspection/ reading/ editing, and writing. There is also the need to sit on a very frequent basis. Additionally, lifting up to 40 pounds, standing, bending/ stooping, reaching overhead, kneeling/ crawling, and climbing stairs/ ladders occurs on an occasional basis.

OUC-The Reliable One is an Equal Opportunity Employer who is committed through responsible management policies to recruit, hire, promote, train, transfer, compensate, and administer all other personnel actions without regard to race, color, ethnicity, national origin, age, religion, disability, marital status, sex, sexual orientation, gender identity or expression, genetic information and any other factor prohibited under applicable federal, state, and local civil rights laws, rules, and regulations.

EOE M/F/Vets/Disabled