The Birmingham Water Works Board - Birmingham, AL
posted 1 day ago
About the position
The Information Security Analyst is responsible for constantly detecting and preventing cyber threats to the company computing environment. This role involves identifying weaknesses in the company's computing infrastructure, including software, hardware, and networks, and finding creative ways to protect it. The analyst will plan, implement, upgrade, or monitor security measures to safeguard computer networks and information, ensuring appropriate security controls are in place to protect digital files and vital electronic infrastructure. The position serves as an internal company lead for responding to business-impacting computer security breaches and viruses, with night and weekend hours as needed.
Responsibilities
- Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
- Plan, implement and upgrade security measures and controls.
- Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and destruction.
- Maintain data and monitor security access.
- Perform vulnerability testing, risk analyses and security assessments.
- Perform risk assessments and execute tests of the data processing system to ensure the functioning of data processing activities and security measures.
- Conduct internal security audits.
- Anticipate security alerts, incidents, and disasters and reduce their likelihood.
- Collaborate technically with the infrastructure team to manage the network, intrusion detection, prevention systems and encryption measures.
- Analyze security breaches to determine the root cause.
- Recommend and install appropriate tools and countermeasures.
- Define, implement, and maintain corporate security policies.
- Collaborate with the appropriate BWW areas to train fellow employees in security awareness and procedures.
- Coordinate security plans with outside vendors.
- Respond to eDiscovery, data collection queries, and digital forensics requests.
- Work an on-call rotating schedule outside the regular schedule on a rotating basis.
- Maintain and protect sensitive and private information by keeping employee records confidential in accordance with HIPAA, local, state and federal laws and regulations.
- Ensure that PHI/ePHI of employees, plan participants, patients, and other assigned individuals are maintained and transmitted securely and legally.
- Perform all work safely in accordance with established safety policies and procedures.
- Comply with all safety and health standards and guidelines issued by management.
- Perform other duties as assigned.
Requirements
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field required.
- Five (5) years of experience, specifically in a security analyst job required.
- Experience with penetration testing and vulnerability testing & remediation.
- Knowledge of anti-virus and anti-malware solutions.
- Familiarity with TCP/IP, computer networking, routing and switching.
- Experience with firewalls, proxies, IDS, IPS, and security appliances.
- Proficiency in Windows and Linux operating systems.
- Understanding of network protocols and packet analysis tools.
- Comprehension of development & scripting languages (C#, VB, Python, C, .NET).
- Experience with cloud computing.
Nice-to-haves
- Valid driver's license required.
- CEH Certified Ethical Hacker certification preferred.
- ECSA EC-Council Certified Security Analyst certification preferred.
