Systems Security Analyst

Are you ready to be a key player in a groundbreaking initiative? The City of Chesapeake is seeking a dynamic and experienced System Security Analyst to join our innovative Chesapeake Connects Project. This greenfield project aims to revolutionize our city's digital infrastructure by establishing a state-of-the-art municipal broadband middle-mile network, installing a cutting-edge CBRS Private LTE network, and deploying a LoRaWAN network to connect remote meters and enhance our smart city capabilities.

As the System Security Analyst, you will be at the forefront of ensuring the security and integrity of our ambitious project - a 175-mile fiber optic network with 208 endpoints. Your expertise will be crucial in safeguarding our networks and data, providing secure connectivity for our community, and supporting the development of a resilient and future-proof infrastructure.

Key Responsibilities:

• Develop, implement, and manage a strategic, comprehensive enterprise cybersecurity and IT risk management plan to ensure the integrity, confidentiality, and availability of information.

• Establish and maintain cybersecurity policies, procedures, and standards in alignment with best practices and regulatory requirements.

• Conduct regular security risk assessments and vulnerability assessments to identify, analyze, and mitigate potential threats to the municipal broadband network.

• Monitor network traffic for unusual activity, investigate security breaches, and respond to incidents promptly and effectively.

• Collaborate with network engineers and IT staff to design and implement security measures for the municipal broadband network devices and endpoints.

• Manage and configure security tools and technologies, including firewalls, intrusion detection/prevention systems, endpoint protection, and encryption solutions.

• Conduct security awareness training and education for all employees and stakeholders to promote best practices in cybersecurity.

• Stay up-to-date with the latest cybersecurity trends, threats, and technology solutions to continuously improve the city's cybersecurity posture.

• Prepare and present reports on the status of cybersecurity to the CIO and other senior management.

• Participate in disaster recovery and business continuity planning and exercises.

Required Qualifications
Vocational/Educational Requirement: Requires any combination of education and experience equivalent to a bachelor's degree in computer science, cybersecurity, or a closely related field.

Experience: In addition to satisfying the vocational/education standards, this job class requires a minimum of four years of related, full-time equivalent experience, preferably in a broad range computer security role. Strong technical knowledge of IT infrastructure and vulnerability patch management preferred. Must have good knowledge of commercial compliance and regulatory standards (e.g. Payment Card Industry [ PCI ], Health Insurance Portability and Accountability Act [ HIPAA ]).

Special Certifications and Licenses: Requires a valid driver's license and a driving record in compliance with the City Driving Standards . Industry-related certifications (e.g. ( ISC )2 Certified Information Systems Security Professional [ CISSP ], , CompTIA CySA+, GIAC CSEC ) are preferred but not required.

Special Requirements:Employees may be expected to work hours in excess of their normally scheduled hours in response to short-term department needs and/or City-wide emergencies. Emergency operations support work and work locations may be outside of normal job duties.

Preferred Qualifications
Qualifications:

• Relevant certifications (e.g., CISSP , CISM , CEH , CompTIA Security+) are highly desirable.

• Minimum of 3-5 years of experience in cybersecurity, with a strong understanding of network security, endpoint security, and threat management.

• Proven experience in conducting risk assessments, vulnerability assessments, and incident response.

• Proficiency in security tools and technologies, such as firewalls, IDS / IPS , SIEM , and endpoint protection solutions.

• Strong analytical and problem-solving skills, with the ability to think critically and act decisively under pressure.

• Excellent communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

• Knowledge of relevant laws, regulations, and standards, such as NIST , ISO 27001, and GDPR .

• Experience in securing large-scale network infrastructures, preferably in a municipal or public sector environment, is a plus.

• Knowledge of current cybersecurity related threats, vulnerabilities and remediation practices.

• Knowledge of security access control measures and best practice