Information Technology Cybersecurity Analyst

Under general supervision perform a variety of professional level work including the design, implementation, maintenance, evaluation, and daily management of security systems and solutions; and perform duties related to threat detection and prevention, education, risk assessment, compliance, governance, business recovery, forensics, incident response and perform related duties as required.

CLASS CHARACTERISTICS

Reporting to the Deputy Director of Technology, the Information Technology Cybersecurity Analyst maintains and administers the operational and technical aspects of the City's security information event and vulnerability management systems. This advanced level classification conducts risk assessments, evaluates security vulnerabilities, and monitors and analyzes City systems to identify priority mitigations. The incumbent provides assistance and training to City staff to correct identified security vulnerabilities and implement priority security protocols; assists in developing programs to ensure City compliance with regulatory, security, and privacy standards adopted by the City. Instructions given by the supervisor generally do not provide all of the information needed to complete an assignment. Incumbents are expected to resolve most problems confronted through the application of industry best practices, technical knowledge, judgment, and precedent; referring to the supervisor only those problems which involve the establishment of new procedures or which involve solutions which are inconsistent with departmental procedures and policies. The incumbent has some independence in selecting work methods or procedures.

Implement, monitor, maintain, and troubleshoot various security systems that protect the City's networks, systems, applications and critical infrastructure. Implement timely solutions to security issues adversely affecting confidentiality, integrity and/or availability of City systems and data. Analyze security alerts and event data to identify potential security incidents, threats, mitigations, and vulnerabilities. Facilitate cyber security training and security awareness programs. Perform risk assessments and execute tests of network and information systems to ensure technology processes are secure; stay up to date on evolving security threats and trends; regularly review security alerts and reports from Federal, State and commercial security sources. Establish protocols to protect digital files and information systems against unauthorized access, modification, and/or destruction. Plan and conduct internal and external cyber security audits, interpret and document audit results and recommend corrective actions. Incumbents in this class may provide lead direction to other team members but do not possess supervisory responsibilities. Perform related work as required.

LICENSE REQUIRED

EDUCATION AND EXPERIENCE

Education:

AND

Experience:

Certifications Desirable:

• CISSP
• GSEC
• Security+
• CISM

QUALIFICATIONS

Knowledge of:

• NIST 800-series cyber security standards, CIS Top-20 Critical Security Controls, Payment Card Industry Data Security Standards (PCI-DSS), and Criminal Justice Information Security (CJIS) requirements;
• Principles and practices of securing cloud-hosted systems and applications;
• Principles and practices of complex operating system design, analysis, and documentation;
• Current hacker techniques, exploits, active defense detection and prevention measures, penetration testing tools, tactics, techniques, and procedures;
• Information security frameworks, incident response and management, application security best practices and operations;
• Unified threat management (UTM) firewalls and associated components including, but not limited to, URL/Content filtering, file scanning and blocking, and data leakage prevention;
• SSL Certificates and Encryption Key Lifecycle Management;
• Endpoint detection and response (EDR) platform deployment, monitoring and management;
• Business continuity planning, documentation, and testing best practices;
• Computer and network forensic tools, techniques and analysis including root cause and comprehensive cause and effect analysis of cyber attacks and breaches;
• One or more scripting languages, e.g. PowerShell, Python, BASH, etc.

Ability to:

• Analyze data communications, networks, hardware and software problems and determine feasible solutions;
• Manage security-related projects, investigations, operations and incident response;
• Identify and document observed risks, threats and vulnerabilities and propose practical steps to minimize or mitigate them.
• Perform and/or work with service providers to conduct risk assessments ethical hacking/penetration testing against city systems
• Conduct cyber-security awareness training, campaigns, and testing
• Communicate effectively orally and in writing;
• Develop and implement operational policies and procedures;
• Establish and maintain effective working relationships with co-workers, representatives of user departments, outside agencies, and the public;
• Maintain the confidentiality of privileged information;
• Operate a vehicle observing legal and defensive driving practices;
• Prepare clear, accurate, and concise reports and records.

PHYSICAL DEMANDS AND WORKING CONDITIONS

• Strength: Light work-lifting, caring and/pushing 25 pounds maximum with frequent lifting and/or carrying of objects weighing up to 25 pounds;
• Positions in this class may be designated as confidential under Meyers-Millas Brown Act.

Interested applicants must submit a completed City of Clovis employment application and supplemental questionnaire to the City of Clovis Personnel Office. The position will be opened until filled. Applications must be submitted online at . For additional questions, you may contact Personnel at (559) 324-2725. Brief resumes are welcome as a supplement to the City's standard application form; however, the application form and supplemental questionnaire must be filled out completely to be considered. You may attach your resume at the time of application submission to the attachment section of the application form. A resume only may not be submitted in lieu of a completed employment application to be considered. Applicants may not attach any additional documents that are not required to their application form or submit any other documents by email, mail, fax, or hand delivery. Veterans Preference Points may be provided if a DD Form 214 demonstrating qualifying service is submitted to the Personnel Office by the position deadline date and time. Applicants may attach, hand deliver, or fax the required documents to (559) 324-2865. Reasonable accommodation, when needed, for otherwise qualified candidates with disabilities, must be requested in writing and faxed to (559) 324-2865 at the time of application submission. Applicants will receive notification regarding the status of their application by email or phone once the applications have been processed and reviewed.

Applicants must meet each qualification for the position at the time of application submission. All applications will be reviewed based on the necessary employment standards for the position. Those applicants who submit a complete employment application, supplemental questionnaire, meet the position requirements, and a pass/fail application review may be invited to participate in an oral examination that will be weighted 100%. Candidates receiving a passing score may be placed on an eligibility list for a period of up to one (1) year. Examinations and department interviews for the position will be administered in the City of Clovis. As determined by the City and at the City's expense, successful candidates shall be required to complete and pass a Personal History Questionnaire, a polygraph or voice stress examination, an extensive background investigation, a medical examination, and a drug/alcohol screen. Possession of a valid California Driver's License and a good driving record will be required prior to hire. Proof of citizenship or eligibility to work in the U.S. will be required at the time of hire.

This job flyer does not constitute a contract and its
terms and conditions can change without notice.

THE CITY OF CLOVIS IS AN EQUAL OPPORTUNITY EMPLOYER