Cyber Security Analyst U.S. Courts
Salary Range $69,286.00 to $112,643.00
This new position is responsible for implementing local security policies, processes, and technologies that are consistent with the national information security program as well as collaborating with other judiciary stakeholders to establish, coordinate, and advance security priorities. Professional work related to the management of information technology security policy, planning, development, implementation, training, and support for the United States District and Bankruptcy Courts, and United States Probation Office.
Duties:
-
Review, evaluate, and make recommendations on courts' technology security programs, including automation, telecommunications, and other technology utilized by the court units throughout the district.
-
Promote and support security services available throughout the district.
-
Provide technical advisory services to securely design, implement, maintain, or modify information technology systems and networks that are critical to the operation and success of all court units.
-
Perform research to identify potential vulnerabilities in, and threats to, existing and proposed technologies, and notify the appropriate managers/personnel of the risk potential.
-
Provide advice on matters of IT security, including security strategy and implementation, to judges, unit executives, and other senior court staff. Serve as an information security resource to all court units regarding federal and judiciary security regulations and procedures.
-
Assist in the development and maintenance of local court unit security policies and guidance, the remediation of identified risks, and the implementation of security measures.
-
Develop, analyze, and evaluate new and innovative information technology concepts, approaches, methodologies, techniques, services, guidance, and policies that will constructively transform the information security posture of all court units within the circuit. Make recommendations regarding best practices and implement changes in policy.
-
Provide security analysis of IT activities to ensure that appropriate security measures are in place and are enforced.
-
Conduct security risk and vulnerability assessments of planned and installed information systems to identify weaknesses, risks, and protection requirements.
-
Utilize standard reporting templates, automated security tools, and cross-functional teams to facilitate security assessments.
-
Oversee the implementation of security on information systems and the generation of security documentation for system authorization and operation.
-
Manage information security projects (or security-related aspects of other IT projects) to ensure milestones are completed in the appropriate order, in a timely manner, and according to schedule.
-
Prepare justifications for budget requests.
-
Prepare special management reports, as needed.
-
Serve as a liaison with court stakeholders to integrate security into the system development lifecycle.
-
Facilitate project meetings, educate project stakeholders about security concepts, and create supporting methodologies and templates to meet security requirements and controls.
-
Assist court units in developing policies and procedures to ensure information systems' reliability and to prevent and defend against unauthorized access to systems, networks, and data.
-
Create and employ methodologies, templates, guidelines, checklists, procedures, and other documents to establish repeatable processes across the district's information technology security services.
-
Establish mechanisms to promote awareness and adoption of security best practices.
Qualifications
-
A bachelor's degree or higher, from an accredited institution, in an IT or IT-related major preferred. Certified
-
Information Systems Security Professional (CISSP), Certified Information Security Management (CISM), CompTIA Security+, or similar certification preferred. At least five years of professional IT security experience preferred, including:
-
Thorough knowledge of network management and security, network traffic analysis, computer hardware and software, and data communications.
-
Understanding of applicable programming languages, such as Python, Java, PHP, and SQL.
-
Provides risk assessment and recommends risk mitigation strategies where appropriate.
-
Designs security awareness training programs for users and IT staff applying industry standards. Creates materials and presentations; maintains training records; and coordinates and provides IT security training.
-
Ability to identify and analyze security risks and to implement resolutions.
-
Knowledge of anti-virus, anti-malware, application control, web threat protection and endpoint security controls.
-
Knowledge of IPSec and the ability to use it to protect data, voice, and video traffic.
-
Understanding of incident response, including the ability to implement a plan and procedures.
-
Ability to work with and influence multiple court locations within the district in order to align court units' strategies with secure, high-performance systems.
-
Skill in interpersonal communications, including the ability to use tact and diplomacy in dealing effectively with all levels of management, staff, and judicial officers.
-
Skill in project management, organizing information, managing time and multiple work assignments effectively including prioritizing and meeting tight deadlines.
