IT Associate Cybersecurity Analyst

I.T. Associate Cybersecurity Analyst

Summary: This position supports the organization's efforts to protect its systems, networks, and data from cyber threats. It involves assisting in monitoring, analyzing, and responding to security incidents and vulnerabilities under the guidance of the IT Security and Compliance Analyst. The position is on call 24 hours daily, seven days a week. The employee assists the Supervisor and Director on any other ad hoc projects as required and needed.

Essential Functions: -- Essential duties and responsibilities may include, but are not limited to, the following:

• Assisting in monitoring security alerts and events from various sources, such as SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection platforms.
• Participating in investigating and analyzing security incidents, including conducting initial triage, gathering evidence, and documenting findings.
• Supporting vulnerability management activities, including scanning systems for vulnerabilities, analyzing scan results, and tracking remediation efforts.
• Assisting in managing security controls and technologies, such as firewalls, antivirus software, and security policies.
• Contributing to security awareness and training initiatives to educate employees about cybersecurity best practices and raise awareness of potential threats.
• Assisting in developing and maintaining security documentation, including policies, procedures, standards, and guidelines.
• Participating in security risk assessments and compliance audits, including gathering evidence, documenting findings, and assisting with remediation efforts.
• Staying informed about the latest cybersecurity threats, trends, and technologies through self-study, training, and professional development opportunities.
• Collaborating with other members of the cybersecurity team and cross-functional teams to address security concerns and implement security controls.

• Providing general support to the cybersecurity team, including administrative tasks, reporting, and project coordination.
• Must be dynamic and flexible to learn and cross-train in other system and networking disciplines for maintaining functional continuity.
• Supports the relationship between the City of Odessa and the general public by demonstrating courteous and cooperative behavior when interacting with visitors and City staff; maintains confidentiality of work-related issues and City information; performs other duties as required or assigned.
• Supports departmental operations with regular and timely attendance.
• Must have and maintain a cell phone for City use to hold this position.
• On-call 24 hours a day to resolve system failures.

Essential functions, as defined under the Americans with Disabilities Act, may include any of the following representative duties, knowledge, and skills. This is not a comprehensive listing of all functions and duties performed by incumbents of this class; employees may be assigned duties which are not listed below; reasonable accommodations will be made as required. The job description does not constitute an employment agreement and is subject to change at any time by the employer.

Minimum Qualifications:

Education, Training, and Experience Guidelines: A bachelor's degree in information technology, cybersecurity, computer science, or a related field is desired but not required. Education can be substituted based on 4+ years of work experience in cybersecurity, compliance, or a related field. A high school diploma or GED is required.

Knowledge, Skills, and Abilities:

• Excellent communication skills, both written and verbal.
• Basic understanding of cybersecurity principles, concepts, and best practices.
• Familiarity with networking concepts, operating systems, and common security tools and technologies.
• Strong analytical and problem-solving skills, with the ability to analyze security events and incidents.
• Ability to work collaboratively in a team environment and willingness to learn from more experienced professionals.

License and certification requirements: CompTIA Security+, CompTIA Network+ and Certified Ethical Hacker (CEH), and GIAC Security Essentials (GSEC) preferred but not required.

Special Requirements: Must have a cell phone for communications with IT management 24 hours a day and 7 days a week.