Security Analyst III

Full Job Description

Under limited supervision, Security Analyst III position is responsible for technical aspects of information security within the South Carolina Judicial Branch (SCJB), as well as for implementation of industry standard security controls that are applied consistently throughout our organization. Reports to and works closely with the Chief Information Security Office in the implementation of technical controls to safeguard the electronic data, communications, and physical and intangible assets within SCJB.

ESSENTIAL DUTIES AND RESPONSIBILITIES OF THE POSITION
Physical, virtual, & web application Firewall management. Applies technical analysis of data security information and uses critical thinking and troubleshooting skills to resolve security incidents, as reported either by end users, other IT teams, or as evident from routine log analysis. Modifies firewall security rules to accommodate changing network environment while maintaining best practices in security. Manage VPN technology used by IT department and vendors. Performs hardware & software upgrades to existing firewall devices and installs new firewall devices as needed for growth.

Endpoint Security management. Uses SCJB-approved software on all SCJB workstations (local & remote) and Servers to analyze suspicious data traffic, such as, but not limited to, browsing malicious websites or downloading malicious files. Acts on automatically generated reports to follow up on suspicious activity, running security scans or collaborating with the IT Help Desk for additional scans and user assistance as needed. Assist in running internet usage reports as requested by management to monitor appropriate usage of SCJB resources.

Email Security monitoring. Receives, investigates, and sends alerts upon reports of suspicious email by end users or email filtering system. Updates email filtering system as needed to prevent ingress of malicious email.

Two Factor Authentication management. Monitors and maintains health of the two factor authentication system for SCJB user accounts, to prevent unauthorized remote access to SCJB systems. Responds to escalations from IT Help Desk concerning any issues with system, such as access failures.

Physical Security system monitoring. Collaborates with Security Coordinator in HR, BPS officers, and General Services to troubleshoot technical issues with building access control and video system, utilizing contracted vendor for hands-on support. Coordinate changes, maintenance, and installation of new systems with affected personnel.

Logging & Security Monitoring. Uses internal enterprise logging system to investigate security issues and anomalies. Integrate new log sources, both on-prem and cloud, and maintain health of logging system. Responds to alerts provided by external security monitoring vendor, creating security incidents as needed to remediate any issues.

Security Awareness coordination. Assists with the setup and maintenance of our security awareness training portal. Assists with periodic security training assigned to staff, and works closely with IT Help Desk to investigate and resolve issues. Designs and distributes Phishing Assessments on periodic basis to test employees security awareness.

Data Encryption. Supports best practices of encrypting sensitive data over Email by management of Email DLP system. Works in advisory capacity to Networking to ensure endpoint device encryption adheres to security best practice.

Research, Test, and Implement new security systems. Will work with the Chief Information Security Officer in the design, creation, and testing of new security systems as approved by SCJB. Works closely with other teams as needed to coordinate testing, installation, and communication. Produces documentation on newly-developed security systems that is useful for the average computer user, where such systems require interaction with the user. Conducts vulnerability scans for existing and new systems introduced by IT Development teams or contracted vendors. Works closely with vendors related to all supported security systems.

Performs other duties as assigned by management in order to meet the needs of the organization.

Requirements

Bachelor's in Computer Science, Information Systems, Cybersecurity, or a related field.
Seven (7) or more years of combined documented experience in progressively sophisticated roles in networking, information security engineering (including firewall management, endpoint security, email security, identity and access control, security threat analysis); OR an associate degree and 10+ of combined document experience in progressively sophisticated roles in networking, information security engineering (including firewall management, endpoint security, email security, identity and access control, security threat analysis).
Strong, diverse technical background in networking and troubleshooting.
Must hold two (2) or more industry standard security certifications, such as: CompTIA Security +, SANS/GIAC GISF, GSEC, CISSP.

Qualifications

Vendor specific certifications such as Cisco CCNA, Checkpoint CCSA, etc. Experience with Cisco Firepower, Check Point version R80 or higher, Linux or UNIX based platforms, Tenable vulnerability scanning, web application firewalls & bot prevention.
Experience working in Hybrid environment, and with multiple physical or virtual site locations is a plus.
Experience with Microsoft Cloud security controls, logging, and identity management desired.
Experience with Zero Trust Network Access technology a plus.

Knowledge, Skills, Abilities and Other Characteristics
Security operations experience with firewalls, IDS/IPS, log monitoring, SIEM platforms, and related operating systems.
Fluent in understanding and working with TCP/IP protocol and networking principles such as switching and routing, as well as web technologies.
Experience with Cisco and Checkpoint networking and security technology.
Hands-on experience with a vulnerability scanner such as Tenable, Nmap, and Qualys. Hands-on experience with network packet analyzers such as Wireshark.
Experience with Active Directory, NTFS permissions, LDAP, and RADIUS solutions. Familiarity with Linux-based operating systems. Experience with system hardening procedures for Windows, Linux and Unix OS.
Experience with advising on patch management best practice to mitigate vulnerabilities.
Ability to work in a team environment and establish effective working relationships with vendors, management, staff and users. Ability to handle multiple engagements with overlapping deadlines. Ability to stay current on security issues through research, training, and industry conferences.

Additional Information

The South Carolina Judicial Branch offers an exceptional benefits package for FTE positions that include:

• Health, Dental, Vision, Long Term Disability, and Life Insurance for Employee, Spouse, and Children;
• State Retirement Plan and Deferred Compensation Programs (Temporary positions have option to enroll);
• 15 days paid annual (vacation) leave per year;
• 15 days paid sick leave per year;
• Option to designate 10 days of earned paid sick leave per year as family sick leave;
• 13 paid state holidays;
• Workers’ Compensation Benefits.