Job Title: IT Security Risk Analyst
Location: Phoenix, AZ 85007
Duration: 12+ months (Strong possibility for an extension)
- This role will be part of the Infrastructure Protection Unit within the Information Technology Group of the Arizona Department of Transportation.
- This position requires expert level experience and administration duties with security even an incident management systems (SEIM).
- It also requires expert level experience in securityengineering, networksecurity authentication and security protocols.
- The position requires hands-on analysis activities such as identifying SQI and XSS vulnerabilities, analyzing packet captures and completing scripting (e.g., PowerShell, VB) tasks.
- The position requires skill in IT certification activities such as vulnerability scanning, syslog review/interpretation and application security analysis. Documenting system security plans and completing risk assessments are required for this position.
- Administer the security event and incident management (SEIM) system.
- Analyze packet captures, network configs, system logs, application code and scripts.
- Write scripts to automate manual security tasks.
- Complete written security audits and risk assessments.
- Identifying web application and database deficiencies and vulnerabilities.
- Certify systems based on database configuration, application scans and system configuration settings.
- Bachelordegree with six years of information securityexperience; or bachelordegree with three years of security risk assessment experience
- Three years' experience administering SEIM systems
- Firm understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800 series, FISMA, BITS etc.)
- Firm understanding of networksecurity, OSI model, and information security architecture
- Demonstrated experience in penetration testing/vulnerability mgmt tools and techniques
- Secure Network administration
- Security Event & Incident Management system administration
- Packet Analysis & Scripting
- Ethical Hacking
- Network, Application, Data and Host Security.