IT Security Analyst

Job Title: IT Security Analyst

Location: San Jose CA (4 Days Onsite / 1 Day Remote)

Duration: 6 Months Contract-to-Hire

Required Skills:

• Need to have degree minimum of 2 years in cyber security minimum some kind of certification in cybersecurity
• Willingness to convert full time
• Were looking for someone who can quickly get up to speed and begin contributing right away. The ideal candidate should already be familiar with standard cybersecurity tools-specifically our SIEM solution within Microsoft 365 and the Microsoft Security Portal. During the initial period theyll need to demonstrate proficiency with these platforms and ensure they can effectively use all relevant tools.
• Our security vendors continuously monitor the environment but this role requires a proactive approach. When an alert arises the analyst must assess and determine the appropriate course of action whether that involves handling the issue internally or engaging external support based on the nature of the alert.
• This is a hands-on action-oriented position. The right candidate wont just react theyll act quickly and decisively escalating issues as needed and taking ownership of incident addition to learning our specific tools and vendor processes the analyst will communicate directly with support teams as well as coordinate with staff across all campuses. For example if a security incident affects a computer at one of our campuses the analyst will promptly inform the appropriate personnel and ensure effective resolution.
• Monitor and review security systems and logs. Identify troubleshoot diagnose resolve document and report security problems and incidents; help coordinate and conduct investigations of suspected breaches; respond to emergency information security situations.
• Work with vendors to conduct vulnerability assessments to identify existing or potential electronic data and assets compromises and their sources; participate in investigative matters with appropriate law enforcement agencies.
• Perform audits and periodic inspections of District information systems to ensure security measures are functioning and effectively utilized and recommend appropriate remedial measures to eliminate or mitigate future system compromises.

KEY DUTIES AND RESPONSIBILITIES:

1. Analyze evaluate and implement security applications policies standards and procedures intended to prevent the unauthorized use disclosure modification loss or destruction of data; work with the campus community and other staff to ensure the integrity and security of the information technology infrastructure.

2. Lead the development testing and implementation of information security products and control techniques in all locations throughout the District.

3. Work with campus and district technology teams to ensure the security of all applications and assets.

4. Monitor and review security systems and logs. Identify troubleshoot diagnose resolve document and report security problems and incidents; help coordinate and conduct investigations of suspected breaches; respond to emergency information security situations. 5. Collaborate with application programming team and other IT staff to ensure production applications meet established security policies and standards.

6. Assist with training and education on information security and privacy awareness topics for District administrators faculty and staff; assist in the development of appropriate security-incident notification procedures for District management.

7. Work with vendors to conduct vulnerability assessments to identify existing or potential electronic data and assets compromises and their sources; participate in investigative matters with appropriate law enforcement agencies.

8. Perform audits and periodic inspections of District information systems to ensure security measures are functioning and effectively utilized and recommend appropriate remedial measures to eliminate or mitigate future system compromises. SJECCD Human Resources Office Job Description: Information Security Analyst

9. Review evaluate and recommend software products related to IT systems security such as virus scanning and repair encryption firewalls internet filtering and monitoring intrusion detection etc.

10. Monitor and maintain the Districts security event information system (SEIM) and data loss prevention software.

11. Manage security systems and policies including but not limited to servers firewalls email security and Microsoft 365 environment.

12. Recommend and implement security policies protocols practices and lead in creation of security training and guidance to staff.

13. Assist in the secure management and maintenance of the Districts network authentication systems for wired and wireless network access.

14. Review security practices and controls of third-party service providers that handle District sensitive data and review security controls and features of third-party software systems.

15. Ensure that maintenance configuration repair and patching of systems occurs on a scheduled and timely basis utilizing best practices in change management and consistent with policies and procedures.

16. Keep current with latest emerging security issues and threats through list servers blogs newsletters conferences user groups and networking and collaboration with peers in other institutions.

17. Perform other duties reasonably related to the job classification.

EMPLOYMENT STANDARD Knowledge of:

1. Compliance and industry cybersecurity standards frameworks such as NIST 800 and ISO standards.

2. Emerging technologies and the possible impact on existing information systems instructional processes and business operations.

3. Incident response best practices and software license compliance laws.

4. Troubleshooting tools for computing hardware servers and network equipment including but not limited to switches routers and firewalls.

5. Enterprise resource planning systems Microsoft 365 and Active Directory and Azure Active Directory.

6. Principles of program design coding testing and implementation.

7. Advanced knowledge of desktop and server operating systems including Windows and Linux.

8. Disaster recovery and backup including business continuity planning.

9. Principles of training support and services to end-users.

10. General research techniques and data driven analytics.