Assists with day-to-day operations of the in-place security solutions and performs identification, investigation and resolution of security events detected by relevant systems. Work includes but is not limited to the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability assessments and incident response. The Information Security Analyst is expected to be fully aware of security goals and established policies, procedures and guidelines and to actively work towards upholding those goals.
This position is distinguished from other information technology positions by the responsibility of providing technical leadership of security initiatives. As a technical leader, the position requires strong analytical and technical skills and a detailed working knowledge of current and emerging security technologies. The position is within the Information Technology Services (ITS) division with a focus on information security. Employees in this position report to the Information Security Manager.
Responsible for full knowledge of the Colorado Judicial Department’s security goals as established by its cyber security plan, stated policies, procedures and standards and actively works towards upholding those goals.
Lead the operation, maintenance and documentation of the Departments incident response plan and activities.
Perform and maintain continuous assessment of security posture against NIST Cyber Security Framework and execute remediation plans as needed.
Work collaboratively with the Information Security Manager (ISM) in designing and implementing all security related functions for the Judicial network.
Assists with troubleshooting and resolving network security events identified via SIEM.
Assists the information security team in maintaining and documenting operational configurations of all in-place security solutions.
Monitor all in-place security solutions for efficient and appropriate operations.
Review alerts, logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and lead investigations into problematic activity and/or cyber security events.
Analyze available data sources to identify trends and make recommendations to enhance network, system and data security
Responsible for maintaining a variety of recurring tasks such as: user access reviews, policy updates, and testing.
Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
Maintains up-to-date detailed knowledge of security operations including awareness of new or revised security solutions, as well as the development of new attacks and threat vectors.
Individual in this position must be independent and proficient in all aspects of troubleshooting process, incident response and security strategy.
Share on-call support for all in-place security solutions.
Acts as a resource to Judicial staff and when working with other state agencies and/or other organizational units.
Develops and maintains good working relationships with all Department employees and vendors.
Travel throughout the state of Colorado is required at times, not to exceed 10% of the time.
May perform other duties related to information security technology.
Attends meetings and training as required.
Performs other duties as assigned.
Responsible for one's own work product and may provide guidance, assistance, or mentorship to less knowledgeable or experienced coworkers, volunteers, or interns. This may include scheduling of work, instructing in work methods, and reviewing work products. May provide input into hiring, performance evaluation, and discipline/termination processes.
Graduation from an accredited college or university with a bachelor’s degree in computer science or related field and five years of related work experience required. SIEM and incident response experience is required. Experience with scripting languages (python, perl, php and ruby) is preferred. CISSP is preferred.
OR
Additional relevant experience may substitute for the required education on a year-for-year basis as follows: graduation from high school or equivalent and four years working in computer related areas; four years of direct security related experience is required. SIEM and incident response experience is required. CISSP is preferred.
While performing the duties of this job, the employee is regularly required to talk and hear. The employee is frequently required to sit and reach with hands and arms and perform repetitive motions with wrists, hands, and fingers. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 50 pounds or more. Specific vision abilities required by this position include close vision, color vision, depth perception, ability to adjust and focus, and the ability to see clearly at 20 feet or more.
While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts, work in high precarious places and the risk of electrical shock. Frequently handles emergency or crisis situations and may be subject to varying and unpredictable situations and work hours. The employee is subject to frequent interruptions, multiple calls and inquiries, and may occasionally handle absentee replacement on short notice. The noise level in the work environment is usually moderate.