Senior Product Security Assurance Analyst (term-limited)

Salary range is $81k to $180k with a midpoint of $129k. New hires typically receive between minimum and midpoint however we may go slightly higher based on experience internal equity and market.

Sound Transit also offers a competitivebenefits packagewith a wide range of offerings including:

• Health Benefits: We offer two choices of medical plans a dental plan and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents including a spouse or domestic partner.
• Long-Term Disability and Life Insurance.
• Employee Assistance Program.
• Retirement Plans: 401a 10% of employee contribution with a 12% match by Sound Transit; 457b up to IRS maximum (employee only contribution).
• Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
• Parental Leave: 12 weeks of parental leave for new parents.
• Pet Insurance.
• ORCA Card: All full-time employees will receive an ORCA card at no cost.
• Tuition Reimbursement: Sound Transit will pay up to $5000 annually for approved tuition expenses.
• Inclusive Reproductive Health Support Services.
• Compensation Practices: We offer competitive salaries based on market rates and internal addition to compensation and benefits youll find that we provide work-life balance opportunities for professional development and recognition from your colleagues.

This is a term limited position of 5 years.

GENERAL PURPOSE:

Under general direction the Security Assurance Analyst assists with the operations of the Agencys Information Security program for its technology assets. The Security Assurance Analyst plays a critical role in safeguarding the agencys digital assets by conducting individual system audits assisting in vulnerability management tasks security control configuration management and other security assurance efforts required to ensure major systems and applications comply with internal security controls and industry requirements. This position requires technical expertise critical thinking and the ability to collaborate across teams to ensure a resilient security posture.

ESSENTIAL FUNCTIONS:

The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional position-specific duties.

• Conduct security reviews of systems and applications to ensure they follow internal requirements and industry standards (ISO 27001 NIST etc.).
• Support internal and external audits of agency-wide applications through ongoing collection validation and organization of compliance evidence.
• Lead/Manage focused penetration testing code analysis segmentation testing etc.
• Conduct system-specific vulnerability assessments.
• Translate agency security policy into actionable product-level requirements.
• Support security incident response activities.
• Advise on security control requirements for ongoing technology implementations.
• Manage vulnerability remediation efforts.
• Participate in the creation and management of information security governance documents (policies standards baselines guidelines and procedures).
• Review system architecture and design documents for principles of security by design.
• Ensure adherence to secure coding encryption and data handling standards for new applications.
• Track relevant assurance program metrics.
• Prepare regular reports on relevant metrics for different stakeholders.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions improved security processes and the development of new attacks and threat vectors.
• Assist with ensuring that agency technology assets systems services and facilities are compliant with information security procedures.
• Champions and models Sound Transits core values and demonstrates values-based behaviors in everyday interactions across the agency.
• Contributes to a culture of diversity equity and inclusion in alignment with Sound Transits Equity & Inclusion Policy.
• It is the responsibility of all employees to follow the Agency safety rules regulations and procedures pertaining to their assigned duties and responsibilities which could include systems operations and/or other employees.
• It is the responsibility of all employees to integrate sustainability into everyday business practices.
• Other duties as assigned.

MINIMUM QUALIFICATIONS:

Education and Experience: Bachelors Degree in Computer Science Information Technology Engineering or closely-related field. Five years of general information technology experience with a focus on IT Security Risk Management Data Protection or Compliance; Or an equivalent combination of education and experience.

Required Licenses or Certifications:

One or more of the following certifications (valid and current):

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security
• Any relevant GIAC
• Certified Cybersecurity Operations Analyst (CCOA)
• Associate of (ISC)2

Preferred Licenses or Certifications:

• ITIL
• Project Management

Required Skills & Knowledge:

• Strong command of and familiarity with modern security technologies including (but not limited to) SIEM SOAR EDR Vulnerability Scanning PIM PAM certificate management DLP.
• Strong understanding of information security assurance.
• Understanding and functional command of relevant security controls for financial and business critical systems.
• Familiarity with Microsofts security technologies and products.
• Experience with cybersecurity auditing and consulting.
• Understanding of Zero Trust architecture and modern security frameworks.
• Strongly preferred: Knowledge of scripting or automation (Python PowerShell).
• General knowledge of the NIST 800 series standards and the ISO 27001/2 frameworks.
• Working technical knowledge of general IT system architectures software hardware protocols and standards.
• Proven competency in the use of MS Office applications (Microsoft Project Word Excel PowerPoint and SharePoint) as well as general proficiency with software applications in general
• Ability to work independently and manage multiple priorities.
• Effective workload prioritization and self-organization
• Effective project management skills.

Physical Demands/Work Environment:

• Work is performed in a standard hybrid office environment.
• Position is required to speak about and perform complex graphical interfaces and software that are not suitable for accommodations. May be subject to talking and seeing.
• The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required.

Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race color religion national origin sex (including gender identity sexual orientation and pregnancy) age genetic information disability veteran status or other protected class.

Required Experience:

Senior IC