HomeMy WebLinkAboutInformation Security AnalystCITY OF IOWA CITY - Job Description
Job Class #26-15 FLSA Exempt
Civil Service
Identification
Position Title: Information Security Analyst
Department: Finance
Division: Information Technology Services
Supervisor: ITS Coordinator
Job Summary
Plan and carry out security measures to protect an organization’s computer networks and systems.
Job Scope
No direct supervision. No budget responsibilities.
Essential Job Duties and Responsibilities
Updates and maintains cybersecurity related plans and policy, such as the Incident Response Plan,
Continuity of Operations Plan and Interconnection Agreements.
Updates, maintains and audits backup and restoration plans and policies.
Updates, maintains and audits endpoint security solutions such as antivirus, antimalware, email pre-
scanning, firewalls and multi factor authentication.
Audits, coordinates and tests Windows and third-party updates.
Coordinates with external security companies for pen testing, vulnerability scanning and internal staff
for mitigation.
Coordinates the design, testing and implementing secure operating systems and applications.
Coordinates incident response, digital forensics, loss prevention and eDiscovery actions.
Conducts risk and vulnerability assessment in the network, system and application level.
Maintains documentation, program listings, layouts and other records in support of system, modification
and problem resolving efforts.
Coordinates change and configuration management plan and policy.
Works with staff from City offices to collect, organize, update and maintain data in a least privilege
environment.
Designs and maintains appropriate workflows.
Job Class #26-15 Information Technology Services
Page 2 Updated 10/26/2021
Coordinates the needs of various departments and government agencies in establishing and
enforcing security measures.
Conducts user needs assessments and implements effective procedures and applications.
Promotes security educational programs.
Assists governmental agency users with issues relating to the City’s security plans and polices.
Provides technical support on implemented security measures.
Estimates effort required for assigned tasks.
Refers major hardware and software problems to vendor and/or service personnel for correction.
Acquire and maintain security certification such as CySA+ or CASP+ every two years.
Maintains communication and follow-up on resolutions.
Reviews new technology and provides ideas and information on new technology and ways it can
enhance the security infrastructure.
Participates in on-call rotation or may be required to work extended hours.
Conducts self in a manner which promotes and supports diversity and inclusivity in the workplace and
community.
Performs other related duties as assigned.
Physical and Environmental Conditions
The physical demands described here are representative of those that must be met by an employee
to successfully perform the essential functions of this job. Reasonable accommodations may be made
to enable individuals with disabilities to perform the essential functions. Lift, push, pull, and/or carry up
to 50 pounds, Sit, stand, walk, climb, balance, stoop, kneel, crouch, crawl, squat, bend, twist and
reach. Have sufficient personal mobility to complete field work at various city facilities and other
locations. Specific vision abilities include close vision and ability to adjust focus. The work
environment characteristics described here are representative of those an employee encounters while
performing the essential functions of this job. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is occasionally exposed to outdoor weather
conditions, risk of electrical shock and vibration.
The noise level in the work environment is usually moderate.
Minimum Education, Experience and Certification
Associate degree in Computer Science with a focus on security from an educational institution
Job Class #26-15 Information Technology Services
Page 3 Updated 10/26/2021
accredited by a DOE recognized accreditation body required. System-specific technical certifications
such as SSCP, CCSP, CISSP, SANS and two years’ experience in an information security role may
be considered a substitution for an Associate degree. Candidate will be required to obtain Security+
certification during first six months of employment and CySA+ or CASP+ within 12 months of
employment. Must pass criminal background check.
Preferred Education, Experience and Certification
Bachelor's degree in Information Technology or Computer Science from an educational institution
accredited by a DOE recognized accreditation body and 4 years in an information security role
preferred. Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis preferred.
Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies preferred. Understanding
of networking and TCP/IP preferred. Experience with a wide variety of operating systems such as
Windows Server, Windows 10, Windows 7, Linux etc. preferred. Ability to troubleshoot technical and
security related issues preferred. Experience working in a rapidly changing, high intensity
environment preferred. Avid, proactive learner and ability to work well in a team based environment
preferred. Strong interpersonal and writing skills preferred.
Knowledge, Skills and Abilities
Capable of collaborating with other team members to ensure that security features meet business
needs and not cripple user access. Skilled in interpersonal communications, negotiation, and conflict
resolution. Proven experience working in a team environment within minimal supervision; team
oriented. Proven leadership skills and experience, influence effectively, ability to resolve impediments
in a timely manner. Eager to develop their own skills and those of others. Knowledge of analysis
practices for role specific security functions, processes, and procedures as well as a foundation in the
NIST Cyber Security Framework
The above statements are intended to describe the general nature and level of work being performed by
individuals assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties,
and skills required of personnel so classified in this position.