STATE CLASSIFICATION JOB DESCRIPTION


Salary Group B27

Class No. 0322

CYBERSECURITY ANALYST II

GENERAL DESCRIPTION

Performs advanced (senior-level) cybersecurity analysis work. Work involves protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. May assign and/or supervise the work of others. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment.

EXAMPLES OF WORK PERFORMED

Monitors and analyzes cybersecurity alerts from cybersecurity tools, network devices, and information systems.

Monitors and maintains cybersecurity infrastructure and/or policies and procedures to protect information systems from unauthorized use.  

Performs vulnerability scans of networks and applications to assess effectiveness and identify weaknesses.

Performs forensic analysis of information systems and portable devices and forensic recovery of data using assessment tools.

Evaluates network and system security configuration for best practices and risk-based access controls.

Reviews, develops, and delivers cybersecurity awareness training.

Researches and implements new security risk and mitigation strategies, tools, techniques, and solutions for the prevention, detection, containment, and correction of data security breaches.

Researches and analyzes cybersecurity and privacy legislation, regulations, advisories, alerts, and vulnerabilities.

Identifies and evaluates new cybersecurity technologies to remediate vulnerabilities.

Assists in advising management and users regarding security procedures.

Assists in recommending and managing implementation of corrective actions.

May assign and/or supervise the work of others.

Performs related work as assigned.

GENERAL QUALIFICATION GUIDELINES

Experience and Education

Experience in cybersecurity analysis, information security analysis, or digital forensics. Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of the limitations and capabilities of computer systems and technology; of operational support of networks, operating systems, Internet technologies, databases, and security infrastructure; of cybersecurity and information security controls, practices, procedures, and regulations; and of incident response program practices and procedures.

Skill in the use of a computer and applicable software; and in configuring, deploying, and monitoring security infrastructure.

Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls; to communicate effectively; and to assign and/or supervise the work others.

 


State Auditor’s Office

Added 9-1-15