Information Security Analyst

Job Description

The Information Security Analyst will specialize in identifying, tracking and managing risks and vulnerabilities affecting the City of Philadelphia’s IT environment.

The analyst will also contribute to the development of the OIT’s information security program and provide analytical support for the ISG.

The preferred candidate will be able to work effectively in a collaborative environment and will have a strong interest in the current security landscape, resources and threats affecting large municipal government networks.

Essential Functions

• Perform continuous monitoring and analyst of data using various tools
• Test effectiveness of IT and business process controls and provide remediation recommendations
• Perform application, vulnerability and penetration testing and communicate findings to business unit leaders and technical subject matter experts
• Document, track, and report on, and effectively communicate risks to the City of Philadelphia
• Create controls, standards, and guidance documentation
• Track and report on the effectiveness of information security technology, processes and polices
• Support and participate in Information Security projects and initiatives as needed, including development of security monitoring procedures, incident response planning, etc.
• Other duties as assigned

Competencies, Knowledge, Skills and Abilities

An Information Security Analyst plays a critical role in protecting the City’s information systems and data from security breaches, cyber threats, and other vulnerabilities.

Some core competencies required for this position include, but not limited to :

1. Technical Skills

• Knowledge of Security Tools : Proficiency in using security tools, processes such as SIEM, EDR, GRC, email security, firewalls, intrusion detection / prevention systems (IDS / IPS), and encryption tools.
• Network Security : Understanding of network protocols, architecture, and security best practices.
• Operating Systems : Familiarity with different operating systems, especially Windows, Linux, and Unix, and their security features.
• Vulnerability Management : Ability to identify, assess, and mitigate vulnerabilities in software, systems, and networks.

2. Cybersecurity Knowledge

• Threat Intelligence : Knowledge of current cyber threats, attack vectors, and techniques used by malicious actors.
• Incident Response : Skills in detecting, analyzing, and responding to security incidents and breaches.
• Risk Management : Understanding of risk assessment, management strategies, and the ability to prioritize security efforts based on risk levels.

3. Analytical and Problem-Solving Skills

• Critical Thinking : Ability to analyze complex security issues and develop effective solutions.
• Attention to Detail : Precision in identifying potential security flaws and ensuring comprehensive security measures.
• Forensic Analysis : Skills in investigating and understanding the root cause of security incidents.

4. Communication Skills

• Reporting : Ability to create detailed reports on security incidents, assessments, and recommendations.
• Stakeholder Communication : Skills in communicating technical security issues to non-technical stakeholders, including management and other departments.
• Collaboration : Ability to work effectively with other IT teams, City Departments, Legal, and compliance departments to ensure a cohesive security strategy.

5. Knowledge of Regulatory Compliance

• Regulatory Frameworks : Understanding of relevant regulatory requirements and standards such as NIST, HIPAA, PCI-DSS, CJIS, IRS 1075, and ISO 27001.
• Compliance Monitoring : Ability to ensure that the City’s security practices comply with industry regulations and standards.

6. Ethical Hacking Skills

• Penetration Testing : Skills in ethical hacking to test and identify vulnerabilities within systems.
• Security Audits : Conducting regular security audits to ensure the integrity and security of systems.

7. Continuous Learning and Adaptability

• Staying Updated : Commitment to staying informed about the latest developments in cybersecurity, including emerging threats and new technologies.
• Adaptability : Ability to quickly adapt to new tools, technologies, and security challenges.

8. Project Management Skills

• Planning and Execution : Ability to plan, manage, and execute security projects, including implementing new security measures or responding to incidents.
• Resource Management : Efficient use of resources to achieve security objectives within the given constraints.

9. Ethical Judgment and Integrity

• Confidentiality : Strong sense of responsibility in handling sensitive information and maintaining confidentiality.
• Ethical Decision-Making : Making decisions that are in the best interest of the City’s security and ethical standards.

Qualifications

• Three or more years’ experience in Information Security with experience working in government, large campus and / or large enterprise environments preferred.
• Completion of a Bachelor’s or Master’s Degree program at an accredited college or university, which has included major course work in computer science, information science or information security, preferred but not required.
• Maintain or are working towards relevant industry certifications such as CompTIA, ISACA, SANS, EC-Council, and / or vendor specific certifications, as appropriate.

Or a partial combination of the above acceptable to OIT.

Ability to pass a CJIS background check

Additional Information

Salary Range : $85,000 - $95,000

Important : To apply, candidates must provide a cover letter and resume.

Work Setting : in-person (onsite)

Discover the Perks of Being a City of Philadelphia Employee :

• We offer Comprehensive health coverage for employees and their eligible dependents
• Our wellness program offers eligibility into the discounted medical plan
• Employees receive paid vacation, sick leave, and holidays
• Generous retirement savings options are available
• Pay off your student loans faster - As a qualifying employer, City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program.

Join the ranks of hundreds of employees who have already benefited from this program and achieved student loan forgiveness.

Enjoy a Free Commute on SEPTA - Starting September 1, 2023, eligible City employees will no longer have to worry about paying for SEPTA public transportation.

Whether you're a full-time, part-time, or provisional employee, you can seize the opportunity to sign up for the SEPTA Key Advantage Program and receive free Key cards for free rides on SEPTA buses, trains, trolleys, and regional rails.

Unlock Tuition Discounts and Scholarships - The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area, ensuring that our employees have access to a wide range of tuition discounts and scholarships.

Experience savings of 10% to 40% on your educational expenses, extending not only to City employees but in some cases, spouse and dependents too!

Join the City of Philadelphia team today and seize these incredible benefits designed to enhance your financial well-being and personal growth!

The successful candidate must be a city of Philadelphia resident within six months of hire

Effective May 22, 2023, vaccinations are no longer required for new employees that work in non-medical, non-emergency or patient facing positions with the City of Philadelphia.

As a result, only employees in positions providing services that are patient-facing medical care (ex : Nurses, doctors, emergency medical personnel), must be fully vaccinated.

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, source of income, familial status, genetic information or domestic or sexual violence victim status.

If you believe you were discriminated against, call the Philadelphia Commission on Human Relations at 215-686-4670 or send an email to [email protected].