Computer & Information Security Analyst 2

APPOINTMENT TYPE: Full-Time Regular

LOCATION: Cincinnati, OH (Hybrid)

SALARY RANGE: $36.07 - $49.22 per hour

PURPOSE:

This position supports the cyber and information security program for the ORAU Cincinnati Operations Center (COC) network. This position will primarily be responsible for monitoring and analyzing security alerts using our Security Information and Event Management (SIEM) platform, conducting regular vulnerability assessments and configuration compliance scans, managing email security measures, and providing technical support for various cybersecurity tools as needed.

Monitor and analyze security alerts using the SIEM system and other specialized monitoring tools.
• Triage and investigate potential cybersecurity incidents, prioritizing threats based on severity and potential impact on the system.
• Conduct a thorough investigation of security violations and incidents, collaborating with other team members and/or escalating to manager as necessary.
• Conduct regular vulnerability assessments and configuration compliance scans across internal and external networks.
• Collaborate with cross-functional IT teams on vulnerability remediation efforts and address configuration baseline deviations, ensuring timely resolution and improved security posture.
• Monitor and analyze email security systems, including user-reported phishing attempts. Perform appropriate investigation and remediation actions as necessary.
• Identify and develop ways to improve the efficiency of security, network, and application log monitoring.
• Provide technical and end-user support for cybersecurity tools as needed.

Bachelor's degree in technology-related field and 2-4 years of job-related experience. An equivalent combination of education and experience requiring similar knowledge, skills, abilities, and performing duties as described may be substituted for the minimum requirements.

• Experience conducting vulnerability scanning and assessments using tools like Nessus Professional and Qualys.
• Familiarity with cybersecurity frameworks and standards, such as National Institute of Standards and Technology (NIST) SP 800-53, NIST SP 800-171, and NIST cybersecurity framework is preferred.
• Experience with configuration baselines such as Center for Internet Security (CIS) Benchmarks and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGS) is preferred.
• Fundamental networking knowledge, such as TCP/IP and common protocols (HTTP, HTTPS, FTP, SSH, DNS, etc.).
• Fundamental understanding of firewalls, intrusion detection/prevention systems (IDS/IPS), data loss prevention (DLP), endpoint antivirus, and email security.
• Ability to read and interpret various system and security logs, such as Windows Event Logs, firewall logs, antivirus logs, email security/filtering logs, and IDS/IPS logs is required.
• Basic knowledge of SIEM systems such as LogRhythm, QRadar, Splunk, ELK stack, etc.
• Must have good verbal and written communication skills.
• Must be able to clearly document findings, incidents, and procedures.
• Must be able to pass a National Agency Check with Inquiries (NACI/Tier 1) background check.

*The candidate's starting salary will be determined upon hire and ORAU will use salary survey data, internal comparators, and the candidate's qualifications to determine salary.

TOTAL REWARDS

ORAU has a strategic approach to providing total rewards to employees through a fair, equitable, and competitive total compensation package. The goal of our total rewards system is to integrate compensation, benefits, work-life balance, performance, recognition, development, and career opportunities to attract, engage, and retain the talent required to achieve ORAU's business objectives. The benefit component of our total rewards program supports business goals by offering the following benefits based on employee eligibility:

• Legally required benefits
• Group Health insurance including: Medical, Prescription, Dental, and Vision
• Retirement plan contribution matching
• Disability insurance
• Group life insurance
• Travel Accident Insurance
• Section 125 reimbursement accounts
• Other voluntary employee paid benefit and insurance offerings

The ORAU total reward package also promotes work-life balance. Mindful of the need for employees to care for themselves and their families, ORAU offers the following additional work-life benefits based on employee eligibility:

• Telework
• Paid Time Off (PTO)
• Paid Holidays
• Flexible work schedules or compressed work weeks
• Occupational Health and Wellness Programs
• Employee Assistance Program