Security Analyst Mid-Level
: Job Details :

HBITS-06-13702 - Security Analyst Mid-Level - 50% REMOTE - Albany, NY Agency Name: DOT Provide a short description of the Position: Under the direction of a Senior Information Security Analyst and the Information Security Officer within the ITS Dedicated Security Services Team for DOT, the candidate will be a member that provides security services to the NYS Department of Transportation (DOT). The incumbent will provide in-depth information security consulting and services aligned with business needs of the DOT to ensure confidentiality, integrity, and availability of information and systems Provide a complete list of the day-to-day tasks to be performed by the Selected Candidate: Duties include, but are not limited to: •Implement information security and compliance programs for IT systems and OT systems. •Conduct written risk assessments for existing systems/solutions, new systems/solutions, and services in use or to be used by the business. •ssist with management and resolution of security threats to business information systems. •Serve as information security analyst and evaluate systems and contracts for alignment with Business and State information security policies. •Monitor and remain aware of information security industry trends, tools, and techniques. •Perform additional duties as required. Job Title: Security Analyst Skill Level: Mid-Level Target Start Date: 12/30/2024 Engagement Length in Months: 30 Is this a Full or Part-Time Position: Full-Time What are the daily work hours: M-F any 8 hour shift between 7AM and 5PM. Where is the Home Base Region? 1 Where is the physical work office located: 50 Wolf Road, 2nd floor, Albany NY 12205 Is telecommuting allowed for this position: Yes If YES, note if negotiable or list the percentage allowed/number of days allowed per week: Telecommuting is allowed but must be applied for per ITS policy: Currently 50% Telecommuting per 2 week period is allowed (i.e. 2 days 1st week; 3 days 2nd week) Initial training period will be in office for no less than two weeks. What is the format of the Candidate interview: In-person What type of software is typically used by the Agency: MS Suite (Word, Excel, Visio, OneNote, Teams, SharePoint), Tenable.SC, Qualys, CrowdStrike What type of hardware is typically used by the Agency: Dell, IBM, Client Position MANDATORY Qualification: Position Job Title: Security Analyst Position Job Title Description: Plans and carries out security measures to protect an organization's computer networks and systems. Position Skill Level: Mid-Level Position Skill Level Description: 36 - 60 months: Candidate is able to work independently, without assistance. List all the Position REQUESTED Qualifications: •60 months experience implementing information security and compliance programs for IT systems and OT systems. •60 months experience conducting written risk assessments using industry standards such as NIST, CIS Critical Controls, ISO 27001, etc. •48 months experience triaging and determining mitigation plans (with and/or without Vendor) to resolve security threats to business information systems. •48 months experience evaluating business systems (Commercial Off the Shelf and Custom Developed) for alignment with IT and OT information security policies. •36 months experience in securing cloud environments •36 months conducting information systems security analysis using Secure System Development LifeCycle (SSDLC) •pplicable Information Security or Information Technology certifications such as GSEC, GOCSP, CGEIT, CISA, CRISC, GCCC, Security+, Network+, CCSP, CSSLP, ISSAP, ISSEP, SSCCP, etc. •Bachelor's Degree or higher in one or more of the following: Information Security, Computer Science, Information Science, Information Assurance, Information System Management, Cybersecurity, Digital Forensics, IT Governance, Compliance and Risk Assessment Required Documentation: •Rsum •Copy of Candidate Identification (i.e., Driver's License/Green Card/Visa and Passport if applicable) •ny documents referenced in the above Requested Qualifications (i.e., professional certifications, degrees, etc.) Are there additional security requirements for the Authorized User: Yes If YES, include the additional security requirements: All Consultants will sign a NDA (non-disclosure agreement) upon initiation of the engagement, and WILL submit to a NY State Police background check and ITS Fingerprinting Process. Will additional training potentially be required during the Engagement: Yes If YES, provide description of anticipated training: Analyst will need to become familiar with Operational Technology Security Requirements and other items as assigned. What type and/or manner, of knowledge transfer is requested during the Engagement: Knowledge transfer will include written documentation as applicable to all work and/or needs for the agency and to facilitate the dissemination of knowledge to team members. Consultant will work with state staff and transfer knowledge gained with state staff and other consultants Is travel anticipated during the Engagement: Yes If YES, list anticipated frequency and locations for travel: Travel is unlikely, but may be required depending on meeting locations, incident response needs, or training locations travel within the Albany area.