The Cyber Security Analyst is responsible for safeguarding the organization's computer systems, networks, data, Camera surveillance system and building access card system. This role involves planning and implementing security measures, monitoring security systems, and responding to security incidents. The Cyber Security Analyst will collaborate with other IT professionals to ensure that all systems are secure and compliant with industry standards.
EDUCATIONAL REQUIREMENTS
• Bachelor's Degree in Computer Science, Information Technology, Cyber Security, or a related field (required).
EXPERIENCE REQUIREMENTS
• Minimum of 2-3 years of experience in a Cyber security analyst role or similar position.
• Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ (preferred).
OTHER REQUIREMENTS
• Must have or be able to acquire a valid state driver's license.
• Must pass federal, state, and local criminal investigation clearances, and pass a drug screening test administered by the Commission or its designated provider.
• Must be insurable under the agency's insurance policy.
• Advanced certifications in Cyber Security (preferred).
• Experience with cloud security and securing cloud-based services (preferred).
• Familiarity with scripting and automation tools (preferred).
• Experience in a similar industry or organization size (preferred).
KNOWLEDGE
• Proficiency in security tools and technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint security).
• Strong understanding of network protocols, operating systems (Windows, Linux, Unix), and common attack vectors.
• Experience with vulnerability assessment and penetration testing tools.
• Knowledge of Housing & Urban Development Public Housing regulations and policies pertinent to the department.
• Knowledge of HUD programs, requirements, and policies/procedures.
• Knowledge of DHC and departmental policies, procedures, and goals.
• Knowledge of the principles and practices of automated information systems, and data processing.
• Knowledge of basic office practices, procedures, and equipment.
• Knowledge of Business English; punctuation, arithmetic and spelling.
• Knowledge of record keeping methods and procedures.
REQUIRED SKILLS
• Proficiency in security tools and technologies (e.g., SIEM, IDS/IPS, firewalls, endpoint security).
• Strong understanding of network protocols, operating systems (Windows, Linux, Unix), and common attack vectors.
• Experience with vulnerability assessment and penetration testing tools.
• Knowledge of regulatory standards and compliance requirements such as NIST, SOC 2, ISO 27001, GDPR, PCI-DSS
• Master position-specific software.
• Plan, organize, complete or assign work and special projects to meet organizational goals.
• Calculate, compute, summate and/or tabulate data and information.
• Communicate effectively orally or in writing with relevant stakeholders, internal and external, from a variety of backgrounds.
• Develop and maintain recordkeeping systems and procedures.
• Evaluate information against a set of standards.
• Exercise sound judgment in analyzing situations and identifying potential problems within scope of responsibility.
• Forge strategic partnerships with relevant stakeholders.
• Maintain confidentiality.
• Operate a computer to perform various work-related tasks.
• Operate standard office equipment.
• Perform mathematical calculations with speed and accuracy.
• Plan, organize, coordinate, and follow through on work projects to ensure efficiency.
• Prepare written documents/reports with proper sentence structure, grammar and overall completeness.
• Provide high level, quality customer service both internally and externally.
• Read and understand department specific documentation, and policies and procedures.
• Research issues using a variety of sources to obtain data and information.
• Resolve issues using all available resources.
• Respond effectively to sensitive inquiries or complaints.
• Review and edit documents for accuracy and completeness.
• Understand and apply HUD organizational rules, instructions, policies and procedures appropriately.
• Work effectively with a diverse group of stakeholders.
• Work under pressure of deadlines.
SUPERVISORY RESPONSIBILITIES
• No direct employee supervisory responsibilities
REPORTS TO
• Director of Information Technology
ESSENTIAL JOB FUNCTIONS
• Security Monitoring: Continuously monitor network and system activity for security breaches or intrusions using security tools and technologies.
• Incident Response: Lead the response to security incidents, including detection, containment, eradication, and recovery. Document and analyze incidents to prevent future occurrences.
• System Vulnerability Assessments: Conduct regular vulnerability assessments and penetration tests on systems and networks to identify security weaknesses and recommend corrective actions.
• Security Configuration Management: Ensure that all systems and applications are securely configured and comply with security policies and standards.
• Security Policy Enforcement: Develop, implement, and enforce security policies and procedures to protect the organization's systems and data.
• Risk Management: Perform risk assessments to evaluate the security posture of systems and networks. Develop risk mitigation strategies and implement them.
• Security Awareness: Conduct security awareness training for employees to educate them on security best practices and organizational policies.
• Compliance: Ensure compliance with relevant regulations and standards, such as NIST, SOC 2, ISO 27001, GDPR, PCI-DSS, and others.
• Collaboration: Work closely with IT teams, developers, and other stakeholders to integrate security into the system development lifecycle and ensure the secure deployment of new technologies.
• Security Audits: Assist with internal and external security audits, ensuring that security controls are effective and compliant with regulatory requirements.
• Reporting: Prepare and present reports on security status, incidents, vulnerabilities, and trends.
• All other duties as assigned.
WORK ENVIRONMENT
• Office environment with potential remote work options.