Security Analyst
Apply on
Scope Of Work: WSSC Water s requirements for two Cyber Security Analyst positions to partake as subject matter experts in areas of endpoint and network hardware and software of security technologies, operations within threat intel and Security Education and Training Awareness program, as described in this Task Order. WSSC Water depends on these staff resources to partake in various key roles in providing subject matter expertise. Offerors responding to this scope of work shall only submit resumes of resources that possess proven experience and knowledge of cyber security operations, and the required tasks, software and hardware described herein. WSSC Water Cyber Security Services Division focuses on responding to the business needs of WSSC Water in a consistent, effective, and productive manner. WSSC Water obligations to its rate payers and the inter-relationships of people, rocess, and technology increasingly puts a strong demand Cyber Security to provide continuous and reliable services and support to its end users. Failure to provide continuous service to the WSSC Water IT hardware and software environments could significantly and adversely impact the citizens of Prince George's and Montgomery Counties. WSSC Water views its InfoSec operations as vital services to its employees in support of rate payers and expects a high degree of cooperation with the WSSC Water staff to make this program successful.
Job Description:
Duties / Responsibilities Implement data security measures. Monitor networks and user access. Perform vulnerability and risk assessments. Respond to security breaches. Perform security updates. Mitigate the effects of security breaches. Assists in modifying existing Security Tools, Reports, KPIs. Ensure employee compliance with security measures. Assist with preventative and emergency maintenance. Create a risk management plan.
Preferred Experience/Qualification/
a. Education: Bachelor s degree in information systems, Computer Science, or related scientific or technical field and three (3) years minimum of relevant experience. CISSP, CEH, Risk Management Certification preferred
b. General Experience: Experience in security systems, technology, endpoint, and vulnerability tools. Knowledge of the principles, practices, and techniques of risk management, information security technology, OSI model and defense for each layer, threat vectors, analysis, and vulnerability management. Knowledge of current industry threats and security ecosystem. Experience with network administration. Analytical and technical skills. Skilled in complex problem[1]solving, critical thinking, and using a computer and applicable software.
c. Specialized Experience Hands-on experience in security tools such as Varonis, Mimecast, Sentinel One, Secret Server, Darktrace, and Absolute. At least four (4) years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to mid-level security problems. Hands-on experience in security tools such as Varonis, 4 Mimecast, Sentinel One, Secret Server, Darktrace, and Absolute.
d. Skillset Experience in the evaluation, monitoring, and assurance of compliance with information technology security policies and relevant legal and regulatory requirements. Experienced in Cloud-based knowledge management technologies and concepts related to security, Experienced in Personally Identifiable Information (PII) data security standards. Experienced in Payment Card Industry (PCI) data security standards. Experienced in Personal Health Information (PHI) data security standards. Experienced in use cases related to collaboration and content synchronization across platforms (e.g., endpoint, Wireless, Mobile, Servers, SaaS, Cloud). governance, procurement, and administration. Experience in report generation for detecting PII/sensitive information, develop PPT slides for communicating technology such as Sysmon64, Microsoft LAPS, IAM, and other security. Ability to multi-task and adopt new technology knowledge for running reports and monitoring risk. This includes submitting service request tickets for problem resolution, security tool health checks, etc.
