United Spinal Association Jobs

JOB REQUIREMENTS: DNR IT Information and Data Security section is looking for a Security Analyst II for our Continuous Diagnostics and Mitigation (CDM) Program with a strong focus on identifying cybersecurity vulnerabilities on an ongoing basis, supporting automated assessment methods and monitoring of implemented security controls. Responsibilities: Provide guidance and technical assistance to system administrators in securing the systems and networks under DNR IT areas of responsibility. Ensure and assess the entire DNR network is continually monitored for security vulnerabilities and compromises. Conduct security self-assessments (e.g., Penetration Testing) to evaluate the processes, procedures and tools used to review, assess, and test information systems controls and security across DNR managed systems. Report security status, vulnerabilities, and issues to management Work with the Department of Administration Division of Enterprise Technology pre- and post-implementation audits of new systems to ensure secure integration. Periodic review and analysis of system Integrity, data integrity and data flows Assurance of quality and consistency of all DNR information technology-related activities including standards, policies and procedures Audit access rights and ensure alignment to policies. ***** OTHER EXPERIENCE AND QUALIFICATIONS: MANDATORY: - Strong understanding of Modern Authentication, Authorization, and Accounting including Role-based and attribute-based access controls RBAC and ABAC. (5+ years) - Strong understanding of Security information and event management (SIEM)methods and tools. (5+ years) - Understand the purpose and structure of the National Vulnerability Database (NVD), Common Vulnerability Database (CVE), Common - Weaknesses and Enumeration (CWE) and Common Attack Pattern Enumeration and Classification Database (CAPEC) (5+ years) - Strong understanding of Directory Services including Active Directory - Understanding of Identity access systems (IAM) and network access control (NAC) - Basic understanding of Transact and ANSI Structure Query Language (SQL) - Knowledge of NIST Risk Management (RMF) and Cyber security Framework (CSF) - ZScaler Administration - Incident Response Life Cycle - Cyber Security Risk Management Principles NICE TO HAVE SKILLS: - Tenable Administration - MS Web Defender Administration - Zimperium (Mobile Device) Administration - PowerShell Scripting (Intermediate) ***** APPLICATION INSTRUCTIONS: E-Mail a Rsum: joannem@cci-worldwide.com