STATE CLASSIFICATION JOB DESCRIPTION


Salary Group B29

Class No. 0324

CYBERSECURITY ANALYST III

GENERAL DESCRIPTION

Performs highly advanced and/or supervisory (senior-level) cybersecurity analysis work. Work involves protecting cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. May plan, assign, and/or supervise the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

EXAMPLES OF WORK PERFORMED

Monitors and analyzes cybersecurity alerts from cybersecurity tools, network devices, and information systems.

Monitors and maintains cybersecurity infrastructure and/or policies and procedures to protect information systems from unauthorized use.  

Performs vulnerability scans of networks and applications to assess effectiveness and identify weaknesses.

Performs forensic analysis of information systems and portable devices and forensic recovery of data using assessment tools.

Evaluates network and system security configuration for best practices and risk-based access controls.

Evaluates cybersecurity and privacy legislation, regulations, advisories, alerts, and vulnerabilities.

Reviews, develops, and delivers cybersecurity awareness training.

Researches and implements new security risk and mitigation strategies, tools, techniques, and solutions for the prevention, detection, containment, and correction of data security breaches.

Identifies and evaluates new cybersecurity technologies to remediate vulnerabilities.

Advises management and users regarding security procedures.

Recommends and manages implementation of corrective actions.

May plan, assign, and/or supervise the work of others.

Performs related work as assigned.

GENERAL QUALIFICATION GUIDELINES

Experience and Education

Experience in cybersecurity analysis, information security analysis, or digital forensics. Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of the limitations and capabilities of computer systems and technology; of operational support of networks, operating systems, Internet technologies, databases, and security infrastructure; of cybersecurity and information security controls, practices, procedures, and regulations; and of incident response program practices and procedures.

Skill in the use of a computer and applicable software; and in configuring, deploying, and monitoring security infrastructure.

Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls; to communicate effectively; and to plan, assign, and/or supervise the work of others.


State Auditor’s Office

Added 9-1-15