IT Senior Information Security Analyst - City of Eugene, OR
General Statement of Duties
Are you motivated to be a part of an organization with extensive opportunities to learn, grow, and make a difference in a community that cares about you? Do you appreciate emotional intelligence and speak ITIL? Are you forward looking with process improvement in mind? As a true techie, do you love the thrill of new and interesting challenges and working with people who share a love of working with technology to solve problems? Is it important for you to have fun at work? Have you imagined yourself living in the richness of the Pacific Northwest?
If you answered yes to these questions this position and team might be right for you! The City of Eugene Information Services Division (ISD) builds and maintains the City of Eugene's technologies to meet the evolving needs of the community. We are a team committed to innovation and excellence built on a solid foundation of providing excellent customer service.
The scope of operations includes:
- Customers who are appreciative, collaborative, and engaging
- Professional development and training opportunities
- 51 City facilities throughout the community connected by a high-speed fiber optic network
- A VMWare/HyperV based virtualization environment running over 200 Windows servers
- Hybred on Prem and Cloud based infrastructure in the Microsoft Azure
- Government Tenant : More than 200 business software systems
- More than 2 million visits to the City website annually
- State of the art security and network intrusion systems, including Rapid 7 IDS/SIEM, and Checkpoint Firewalls
As part of our dynamic information services team, you will play an integral role in our nationally and internationally recognized city organization, which delivers quality services to the unique City of Eugene.
THIS POSITION IS OPEN UNTIL FILLED
The first review of applications will take place:
Friday, October 22, 2021 at 5:00 pm PDT
Please submit your application on or before this date and time to be considered with this first round.
ONLINE APPLICATIONS ONLY
For complete job description or to apply online, click here.
The City of Eugene is seeking a qualified Senior Information Security Analyst to continuously improve the city's security posture, as well as respond to emergent threats. This key position is responsible for securing our IT environment and providing expert advice on security best practices. The successful candidate will have an exemplary technical background in a variety of security tools and technologies, as well as a mastery of relevant security and regulatory frameworks. The successful candidate will have a passion for managing security along with a desire to relentlessly champion best practices.
This is a technical position, responsible for the data protection solutions that support the mission of the city. This position is responsible for protecting the confidentiality, integrity, and availability of information assets owned or entrusted to the City of Eugene. This position also requires superior communication and people skills like empathy, tact, flexibility and collaboration.
The Senior Security Analyst will have a proven track record in evaluating, assessing and recommending new security products and technologies, as well as designing and implementing them in an enterprise technology environment. In addition, the Senior Security Analyst will evaluate, assess and perform risk analysis on existing vulnerabilities and provide actionable advice to key decision makers.
The Senior Security Analyst will work with members of the ISD team to investigate, perform forensics, compile relevant technical/background information, and perform post-mortem analysis of security incidents. This position will also be responsible for learning, overseeing and conducting routine security audits, including CJIS, HIPAA and PCI audits.
The Senior Security Analyst will assist with education and outreach by providing advice to departments on current best practices related to security, developing security documentation, and teaching workshops on security related topics. They must stay abreast of evolving city needs, technology capabilities, and threat intelligence from a variety of sources to ensure our systems are secured.
The successful candidate for this position must demonstrate a solid working knowledge of security and firewall appliances, Intrusion Detection Systems (IDS), Security Information Event Management Systems (SIEM), Windows server and client technologies, and networking best practices. Strong project management skills are essential.
The Senior Security Analyst will draw on their experience and strong ability to learn diverse technologies to maintain a heterogeneous technical environment, while providing expert advice as it pertains to a suite of regulatory best practices including CJIS, HIPAA, and PCI.
Salary Range: Depending upon knowledge, skills, and abilities, this position may be filled at a Systems Programmer 1 or Systems Programmer 2 level.
- Systems Programmer 1 : $69,971.20 - $90,521.60, annually; $33.64- $43.52 hourly
- Systems Programmer 2: $76,128.00 - $100,505.60, annually; $36.60 - $48.32 hourly,
Department/Division: Central Services Department/Information Services Division
Work Location: Eugene Public Library Building, 100 W 10th Ave, Suite 450, Eugene OR 97401
Must reside in the state of Oregon and be able to report onsite for work as needed in Eugene, OR to meet business needs.
Schedule: Currently 40 hours/week, Monday-Friday; other work schedule may be required. Must be available for after-hours on-call rotation, projects or emergency support work as needed.
Calling Eugene Home
Eugene is located at the southern end of the agriculturally rich Willamette Valley. From here, it is a short jaunt east to the Cascade Mountains, west to the stunning Pacific Ocean coastline, or north to Portland. We're a small city with unlimited things to do: Downtown Eugene is revitalizing; the Oregon Bach Festival and Eugene Symphony call the Hult Center for the Performing Arts home; you can float the Willamette River and hook a salmon after work in the shadow of downtown; a booming food and beverage economy, including topnotch local craft breweries and wineries in the surrounding countryside, is the foundation of a local restaurant scene; the University of Oregon brings arts, culture, and educational opportunities, as well as championship athletics (Go Ducks!); a nationally-recognized transit system helps you move around the city; and our Gold rating as a Walk- and Bicycle-Friendly Community ensures that safe travel options abound! Known as Track Town USA, the community annually plays host to numerous track and field events at historic Hayward Field, including the IAAF World Championships in 2022! The impact of track and field can be seen beyond the track, with abundant trails coursing through the south hills, along the Willamette River, and through hundreds of acres of city parks. To learn more about Eugene, visit Eugene Cascades and Coast.
The City of Eugene has a Council-Manager form of government. In this form of government, the city council develops legislation and policies to direct the City. The city manager, hired by the city council, provides administrative direction to the organization, oversees City of Eugene personnel and operations, and carries out the city council's direction. The City of Eugene has over 1,500 employees and a $724 million total budget. The City of Eugene is a service-oriented and welcoming organization that provides services through six departments: Central Services, Fire and Emergency Medical Services, Police, Public Works, Planning and Development, and Library, Recreation and Cultural Services. The State of the City video shows how the city is meeting new challenges, learning from one another, building connections, and celebrating our city. The City of Eugene encourages our employees to bring their true selves to work with the knowledge that they are valued and protected. We embrace all of the identities and cultural legacies that our employees represent and strive to be an inclusionary and safe place to work. At the City, we learn and grow best as a team of individuals unafraid to use their unique voices to propel us to meet our goals as we serve our community today and into the future.
As an organization we are focusing on six Core Competencies for employees:
The City of Eugene offers a great benefit package including holidays, vacation, sick leave, retirement benefits and a range of insurance benefits as well as training and advancement opportunities. To view more information about the benefits and current insurance premium rates, click the respective links. While these positions operate in a challenging and fast-paced environment, they are part of a supportive, collaborative team that is flexible and values work-life balance.
Examples of Duties Performed - Duties may include but are not limited to the following
- Develop and implement IT security standards, policies, and best practices
- Manages and/or participates in technology projects using project management best practices.
- Develop, implement and maintain internal procedures for incident response and data security
- Lead routine procedures to identify security vulnerabilities and provide technical advice and support for vulnerability remediation
- Create and maintain comprehensive documentation for all implemented security systems and networks at a standard in line with current regulatory best practices
- Learn, monitor and maintain centralized logging server aggregating tools such as Rapid 7, and respond to output of logs accordingly
- Be responsible for critical auditing functions including CJIS, HIPAA, and PCI
- Support the development of Business Continuity planning and Disaster Recovery for IT systems
- Work with HR to develop and implement security training for City employees
- Be responsible for selecting, deploying and maintaining all security related tools, including new tools and enhancements to existing tools
- Facilitate periodic risk assessments, penetration tests, and vulnerability assessments. Make security enhancement recommendations as a result of this testing.
- Research, evaluate and recommend information security related enhancements as a result of current security best practices
- Maintains and implements network and security policies consistent with industry best practices, FBI Criminal Justice Information Systems (CJIS) security policies, HIPPA and other regulatory standards.
- Reviews output from SIEM and IDS tools to assess and respond to potential security incidents
Any equivalent combination of education and experience which provides the applicant with the knowledge, skills, and abilities required to perform the job. Studies have shown that women and people of color are less likely to apply for jobs unless they believe they are able to perform every task in the job description. We are most interested in finding the best candidate for the job, and that candidate may be one who comes with relevant transferrable skills from a variety of sources and experiences. The City will consider any equivalent combination of knowledge, skills, education, and experience to meet minimum qualifications. If you are interested in applying, we encourage you to think broadly about your background and skill set for the role.
To view more detailed information on the duties, knowledge, and abilities that may be expected of this position, please see the links: Systems Programmer 1 and Systems Programmer 2 classifications
- Current best practices of network and data center security.
- Knowledge of SIEM and IDS tools, including log and monitoring management systems, security event monitoring, network-based and host-based intrusion detection systems,
- Principles of network, system, and service design
- Best practices related to IT service delivery, including ITIL
- Principles of project management in a highly complex IT environment
- The laws, regulations, and standards affecting information technology security in a government environment including, but not limited to: PCI-DSS, HIPAA, and CJIS or the ability to learn these.
- Demonstrated expertise in three or more of the following IT security domains: data security, digital forensics, incident response and analysis, IT systems and operations, network security, Systems
- and application security, or vulnerability management firewall technologies, malware detection, and encryption standards
- Windows Server, IIS, SCCM and other Microsoft technologies. Malware, anti-virus and endpoint management tools
- Ability to learn of Cisco based networking environments, and underlying network protocols, including TCP/IP and encryption
- Solid understanding of security/firewall appliances, including Checkpoint
- Solid understanding of Microsoft Office 365 and cloud technologies, with a particular emphasis on securing cloud hosted resources
- General understanding and knowledge of VMware and other virtual platforms.
- Acquire expert-level technical expertise in CJIS, PCI, HIPAA and other security standards, and be able to lead routine security audits that comply with these frameworks.
- Develop and implement process and procedure improvements, especially as it pertains to security best practices.
- Perform vulnerability scans in an windows-based enterprise environment. Communicate effectively to technical and non-technical staff.
- Create and conduct security training for a diverse audience. Perform data forensics and post-incident analysis.
- Demonstrate familiarity working with SIEM and IDS products.
- Learn a variety of diverse network, server, software, workstation and interface technologies deployed in a complex and critical environment.
- Communicate clearly and concisely, both orally and in writing; make presentations as needed.
- Understand complex technical issues and apply technical knowledge in development of solutions.
- Apply logic, knowledge, and experience in recognizing patterns and trends to solve problems.
- Manage security related vendor and service contracts as needed.
- Be available for flexible shifts, including rotating after-hours on-call.
Other combinations of experience and education which meet the minimum qualifications will be considered. Depending upon knowledge, skills, and abilities, this position may be filled at a Systems Programmer 1 or Systems Programmer 2 level.
Systems Programmer 1: Four years of increasingly responsible experience in a secure network environment including project management, analysis, procurement, installation and maintenance of network hardware, servers, software.
Systems Programmer 2: Six years of progressively responsible experience in a secure network environment including project management, analysis, procurement, installation and maintenance of network hardware, servers, software.
Systems Programmer 1 & 2: Bachelor's degree from an accredited college or university with major course work in Computer Science, Telecommunications, or a closely related field. A combination of education and experience may be substituted to meet the education requirements.
License or Certificate:
- Preferred certification in or progress towards at least one designation an information security risk, or compliance related discipline (E.g. CISSP, SSCP, CSA+, CASP, GESC, GCIA, CEH)
- Valid Oregon driver’s license, or ability to obtain by date of hire; must pass driving records check and, if hired, maintain a driving record that meets the City’s standard. Oregon law requires that an out-of-state license holder must obtain a valid Oregon license (with appropriate endorsements) within 30 days of becoming domiciled in the state (ORS 803.355).
MUST PASS A CRIMINAL RECORDS CHECK.
Selection Process - Applicants are screened based upon their relevant knowledge, abilities, skills, experience, and training. The selection process varies according to the position and can include such things as screening of supplemental questionnaires, written or skill tests, ability or fitness tests, interviews, and assessment processes. In addition, background investigations and records checks may be required. Applicants selected to continue in the process will be notified within two-three weeks after the posting deadline.
Eligibility List - This posting may also be used to establish an eligibility list of applicants for future vacancies. Candidates that are placed on the eligibility list will be notified via email which will include the duration of the list and how notification of call up will occur.
Retirement Program - Upon eligibility, the City will contribute an employee contribution of 6%, as well as the employer contribution, to a retirement program administered by the Oregon Public Employees’ Retirement System (PERS). In addition, the City will pay a 3% contribution to a deferred compensation program if the employee contributes at least 1%.
Assessments - Some positions also require applicants to have a psychological evaluation and/or physical examination and a drug test prior to employment. Marijuana use is evaluated consistent with current state law regulations.
Current information about the status of a job posting is available by going to www.eugene-or.gov/jobs and selecting “Job Posting Status.”
The City of Eugene complies with the Americans with Disabilities Act of 1990. Any applicant with a qualified disability under the Americans with Disabilities Act may request accommodation by contacting an employment coordinator at (541) 682-5061.
In compliance with the Immigration Reform and Control Act of 1986, the City of Eugene will request all eligible candidates who accept employment with the City to provide documentation to prove they are eligible for employment in the United States.
The City of Eugene is committed to a Respectful Work Environment, we value the cultural, educational, and life experiences of each employee. We believe that a diverse workforce enables us to deliver culturally responsive services to all members of our community. As part of our commitment to diversity, equity, and inclusion we desire to welcome, respect, and create a sense of belonging for a wide range of identities and experiences in our workforce. Women, people with disabilities, and persons of color are strongly encouraged to apply.