Cyber Security Analyst
455 N Garland Ave, Orlando, FL 32801, USA Req #8
The Cyber Security Analyst is responsible for actively monitoring internal and external cybersecurity threats and risks. Plans, analyzes, and implements data security measures and controls to protect LYNX’s information systems. Reviews and responds to security alerts, scans, and audits; investigates suspicious alerts and logs; tunes security log analysis and alert systems; coordinates security incident responses; tests and maintains the integrity of LYNX’s security monitoring systems; and reports on information systems security status, standards compliance, and deficiencies. The Cyber Security Analyst utilizes both proprietary and third party applications to perform analysis.
Leads the planning and design of enterprise security architecture for LYNX.
Oversees the creation of information security governance documents (policies, standards, baselines, guidelines and procedures).
Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. Researches and recommends additional security solutions or enhancements to improve LYNX’s overall security posture.
Performs the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best
operating procedures generically, and the enterprise's security documents specifically.
Oversees the planning and design of LYNX's Business Continuity Plan and Disaster Recovery Plan.
Maintains up-to-date baselines for the secure configuration and operations of all in-place devices, when under direct control (i.e., security tools) or support when not (i.e. workstations,
servers, network devices, etc.). Maintains operational configurations of all in-place security solutions as per the established baselines.
Monitors all in-place security solutions for efficient and appropriate operations. Monitors threat intelligence and other available information to proactively enhance LYNX’s security
Reviews logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (i.e. workstations, servers, network devices, etc.). Interprets the
implications of that activity and devises plans for appropriate resolution. Leads the investigations into problematic or suspicious activity.
Participates in the design and execution of vulnerability assessments, penetration tests, and security audits.
Provides on-call support for Information Security Incident Response activities.
Informs and trains staff members on their responsibilities concerning information security procedures.
Assists with ensuring that LYNX technology assets, systems, services, and facilities are compliant with information security procedures. Supports the administrative processes for
maintaining compliance with regulatory obligations (e.g. PCI DSS).
Participates in ongoing information security education, awareness, and outreach activities.
Performs other duties as may be required or assigned.
Bachelor’s degree from a regionally or nationally accredited institution in Computer Science, Computer Information Systems, Information System Technologies, Management Information Systems, or a closely related field, with a minimum of three years of related data security or cyber security experience; or a combination of related experience, education, and training.
Qualifying experience must include the following:
Experience with the PCI
Work experience in one or
more of the following areas: security engineering, security analysis, security
project management, security architecture, and/or implementing best practices,
tools, and technology.
Work experience conducting
system security assessments, control analysis, risk assessment, vulnerability
assessments or penetration tests.
Knowledge of information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect, Nikto, or similar.
Experience with assessing and documenting test or analysis data to show cybersecurity
Experience performing security compliance monitoring and security policy assessments/audits.
Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT or equivalent, highly desired.
Project management skills.
Knowledge, Skills, and Abilities (KSAs):
General knowledge of the NIST 800 series standards and the ISO 27001/2 frameworks.
knowledge of general IT system architectures, software, hardware, protocols, and standards.
Knowledge of: Principles and practices of cyber security, digital access control, and intrusion detection and prevention; cyber security vulnerability testing and risk analysis; methods and techniques for managing and mitigating cyber security risks; principles and practices of cyber security audits and audit documentation; laws and regulations pertaining to cyber security and confidential data.
Ability to establish plans and protocols to protect LYNX’s data against unauthorized access, modification, and/or destruction.
Ability to monitor technology infrastructure in real time; effectively identify and combat security intrusions.
Ability to research, recommend, and install cyber security software tools and
Ability to develop and implement agency-wide cyber security policies.
Ability to conduct internal and external cyber security audits; interpret and document audit
results; recommend and implement corrective actions.
Ability to evaluate the effectiveness of cyber security tools and counter measures and develop cost-effective solutions.
Ability to prepare reports and supporting recommendations; make effective verbal presentations; communicate technical information to non-technical audiences.
Ability to keep up-to-date on cyber security threats and stay current on intrusion detection and prevention hardware and software technologies.
Ability to exhibit a professional, courteous demeanor.
Ability to work in a diverse environment.
Excellent communication and interpersonal skills, including the ability to establish and maintain positive working relationships with those encountered in the course of work using principles of excellent customer service.
Work Environment and Special Considerations:
Works in an office environment.
Works within a 24x7x365 team to deliver monitoring services across multiple departments and locations.
Must work outside regular business hours depending upon the demands of the job, and in usual or emergency situations.
Must be willing to travel locally to any LYNX facility, and any location within the LYNX service
May be required to work nights, weekends, and holidays.
Must possess and maintain a valid Florida driver’s license and safe driving record.
LYNX provides the community with much needed public transportation, and it is important for the Agency to resume its services as quickly and as safely as possible in the event of any natural, technological, or human-caused emergency or disaster. This position is considered a mission critical member of LYNX’s emergency preparation and response efforts during an emergency or disaster and as such, requires 24-hour availability in the event of an emergency or disaster.
LYNX fully commits itself to providing equal opportunity to all persons without regard to race, color, national origin, sex, age, religion, or disability.
For further description and to apply, qualified candidates may proceed to apply directly with LYNX by visiting http://www.golynx.com/careers/how-apply.stml , mention cfec.org job posting.
To be able to apply for jobs on CFEC site, Register as a Job Seeker.