Cybersecurity Analyst

The City of Savannah seeks an experienced cybersecurity analyst in the Innovation and Technology Services Department to monitor, detect, and respond to security incidents, support regulatory compliance initiatives, and strengthen the city's overall cybersecurity posture.

Responsibilities

• Monitor and analyze IT assets with security tooling, including SIEM platforms, to identify and mitigate incidents.
• Investigate suspicious activities to determine their origin and potential impact.
• Serve on the incident response team whenever potential security incidents are detected.
• Act as a first responder, investigating, containing, and mitigating threats in real time while escalating to lead team members as appropriate.
• Employ threat hunting tools and resources to implement proactive security measures.
• Assist in managing and sustaining a robust vulnerability management program across organizational assets.
• Support senior colleagues in tuning, managing, and engineering resources needed to implement countermeasures and effectively manage incidents.
• Conduct intrusion detection and prevention by proactively seeking out threats.
• Analyze security logs to identify events, trends, and indicators of compromise.
• Support data security through access management, transmission controls, and adherence to the CIA triad.
• Assist in enforcing the Cybersecurity Program Plan and related initiatives.

Requirements

• Knowledge of information technology standards, trends, management, and security principles.
• Knowledge of network security across operating systems, networks, and databases, including on premise and cloud environments.
• Knowledge of Linux, Windows, and macOS operating systems.
• Knowledge of web application firewalls.
• Knowledge, skill, and ability to implement security policies for compliance standards such as PCI, CJIS, HIPAA, and NIST.
• Knowledge of cloud-based security, including policy, roles, network and systems administration and controls, virtual services, and cloud controls.
• Knowledge of incident management and the ability to assist in managing an active event.
• Strong oral and written communication skills.
• Ability to research new technologies and evaluate new systems.
• Proficiency with coding languages.
• Skill in architecting, installing, and maintaining security infrastructure.
• Skill in disaster recovery planning, preparedness, and restoration.
• Ability to follow a project management methodology.
• Ability to stay current with industry trends and best practices and apply them to the environment.
• Ability to follow a change control program.
• Ability to collaborate with the Manager of Cybersecurity and Data to identify risk and provide remediation recommendations for current technologies.

Technologies

• SIEM
• Linux
• Windows
• macOS
• Web application firewalls
• Cloud-based security

Benefits

• Medical, dental, and vision plans
• Life insurance
• Employee/spouse/child supplemental life insurance
• Short-term disability
• Tuition reimbursement
• Wellness programs
• Deferred compensation plan (457 B)
• Pension plan
• Flexible spending account
• Home purchase assistance
• 12 paid holidays

Example of Duties

• Monitor and analyze IT resources using security tools such as SIEM to identify and mitigate incidents.
• Investigate suspicious activities to determine their source and potential impact.
• Serve on the incident response team when potential security incidents are detected.
• Act as a first responder to security incidents by investigating, containing, and mitigating threats in real time, escalating to lead team members as needed.
• Use threat hunting tools and resources to implement proactive security measures.
• Assist in managing and maintaining a robust vulnerability management program for organizational assets.
• Support senior team members with tuning, managing, and engineering resources required to counter incidents effectively.
• Perform intrusion detection and prevention by proactively searching for threats.
• Analyze logs to identify security events and trends.
• Contribute to data security through access management, transmission controls, and adherence to the CIA triad.
• Assist with enforcing the Cybersecurity Program Plan and its initiatives.

Supplemental Information

• Knowledge of information technology standards, trends, management, and security principles.
• Knowledge in network security related to operating systems, networks and databases both on premise and hosted/cloud based.
• Knowledge of Linux, Windows, and macOS Operating Systems.
• Knowledge in Web application firewalls.
• Knowledge, skill, and ability to understand and implement security policies for compliance standards such as PCI, CJIS, HIPAA, and NIST.
• Knowledge in cloud-based security including policy, roles, network and systems administration and controls, virtual services and cloud controls.
• Knowledge with Incident Management and the ability to assist in managing an active event.
• Skill in oral and written communication.
• Skill in researching new technologies and evaluating new systems.
• Skill with coding languages.
• Skill in architecting, installing and maintaining security infrastructure.
• Skill in disaster recovery planning, preparedness and restoration.
• Ability to follow a project management methodology.
• Ability to stay up to date and apply current industry trends and best practices to the current environment.
• Ability to follow a change control program.
• Ability to work with the Manager of Cybersecurity and Data to identify risk and provide recommendations for path forward and remediations for current technologies.