Security Analyst

Required Skills:

3 years demonstrated experience assessing the security of complex integrated applications with the following characteristics:

o Internet accessible databases containing personal (confidential) information.

o Availability, backup, recovery, and data integrity issues of 24/7 systems.

o Very large database and high-volume online system, that includes over 1 million records and 100K transactions a year Multiple tier application systems.

o 2-factor or other physical security controls.

3 years demonstrated testing experience for each of the following:

o Security and penetration/vulnerability testing 

o Cloud and virtualization security 

o OS hardening (Windows, Linux) 

o HTTP 

o TCP/IP 

o Encryption 

o Routing protocols 

o Layer 2 and Layer 3 security 

o Database security and SQL vulnerabilities 

o DNS architecture and security implications 

o IT security best practices 

o Microsoft.Net Framework 

o Application and database servers 

o Azure Government hosting

o Azure Services 

o Wide Area Network infrastructure 

o IIS 

o Microsoft SQL Server 

o Web Services security 

o Microsoft Windows Services 

o Microsoft Active Directory 

o Public Websites 

Simple Object Access Protocol (SOAP) 

Bachelor’s Degree in an IT-related or Engineering field. 

Valid Certified Information Systems Security Professional (CISSP) Certification 

Desired Skills:

3 years’ demonstrated experience in providing security planning and implementation services, with at least one large scale government system integration project.

3 years demonstrated experience assessing security risks for applications built with:

o Reporting Services 

o Internal Web Applications 

o Multi-node (statewide) networks 

o Experience with industry standard compliance frameworks (SOX, NIST, etc.) 

Understanding of State Administrative Manual (SAM) Section 5300, Information Security.