The Florida Bar
|IT SECURITY ANALYST - Information Technology|
Supervises The Following Positions:
|The Security Analyst is a key member of the IT Department and provides input on the design, development and implementation of IT network, hardware and software policies and procedures to ensure that The Florida Bar's data and systems are protected from unauthorized access. The role of the Security Analyst is to ensure the secure operation of TFB computer systems, servers and network infrastructure.|
% Of Time
|Essential Duties and Responsibilities|
|Analyzes, develops, recommends, plans, implements and monitors the effectiveness of TFB's IT security architecture; develops, recommends, implements, monitors and enforces all IT security programs, policies and procedures; advises on IT security strategy and works with management and audit staff to assess and agree on acceptable risk exposure-security cost tradeoffs to provide optimal levels of protection for TFB's information assets and business operating processes..|
|Establishes and makes on-going use of monitoring and detection techniques to ensure that security measures are functional and enforced; establishes and administers the firewall rule base and monitors all firewall activities; manages and monitors remote systems access; manage and maintain the security standards and procedures for routers, switches, servers, anti-virus, email systems, web servers, etc.; identifies system/network compromises or potential compromises and their sources; takes immediate action to ensure they are eliminated and/or prevented; creates and maintains an incident handling procedures guidebook; coordinates the implementation of a comprehensive system security audit program; conducts unannounced routine security inspections and audits; establishes physical security protocols for information assets.|
|Promotes awareness and builds support for safety and security of TFB IT operations and information assets as a cultural value among all managers and staff; develops business rationale and cost analyses and works with other IT staff to develop technical solutions to systems security risks and weaknesses; recommends and oversees the installation and monitors the effectiveness of IT security management systems and protocols.|
|Leads and works with other IT managers and staff to integrate advanced protection methodologies with TFB's network, hardware and software infrastructure; works with IT Operations staff to secure test and production environments; ensures security patches and configuration changes are effected in a timely manner; recommends and supports methodologies and processes to secure Internet and Intranet interfaces and usage.|
|Performs user administration support functions, including password, account and connectivity problems, and authorizations including simple and complex roles; provides secure network remote access; serves as 24x7 support contact for mission critical systems; provides training for end users on specialized systems; performs third-level desk and other support functions as required.|
|Periodically audits systems administration processes to ensure sound control systems are in place for the granting of user access and privileges and to ensure the timely removal of access for employees leaving TFB employment.|
|Monitors trends and developments in network security technologies; consults with vendors and other sources on industry and product direction, functionality and capabilities.|
|Provides backup support to other members of the IT Operations team.|
|KNOWLEDGE, SKILLS, AND ABILITIES NEEDED TO PERFORM SATISFACTORILY:|
-- Network architectures, theory and principles of network design and integration, including topologies and protocols.
-- Principles, methods and techniques for layout, installation, configuration, integration and operation of network systems, equipment and devices.
-- Principles, practices, methods, tools and techniques of network security, including on-line systems security products and methodologies.
-- Operating system technologies like Windows, IBM i, and Linux
-- Principles, practices and methods of network administration and maintenance, including configuration, performance tuning and diagnostic tools.
-- IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, VPNs, firewalls, DNS, web security and endpoint protection.
-- Windows operating system security (Active Directory), firewall, network scanning and intrusion detection products and authentication technologies.
-- Configuration of authentication, authorization and directory (LDAP & AD) services.
-- Maintenance of network servers such as file servers, VPN gateways, intrusion detection systems, etc.
-- Patching systems where necessary as well as locking down systems so that only authorized personnel can access and use them.
-- Develop conceptual frameworks and apply state-of-the-art technology to the design, development and management of security systems and protocols for the organization's operating systems and network infrastructure.
-- Perform business and functional analyses, risk exposure-security cost tradeoff assessments and reach sound conclusions regarding systems security and requirements.
-- Understand and apply the analysis of technical and functional requirements to the development of proposals, specifications and recommendations for efficient, cost-effective network security and technology solutions.
-- Plan, organize and complete projects efficiently and in accordance with organization's quality standards.
-- Prepare clear, concise and accurate policies, procedures, guidelines, reports of work performed, and other written materials
-- Make sound, independent decisions within established guidelines.
-- Communicate clearly and effectively orally and in writing.
-- Work collaboratively and effectively as a project leader and/or team member with other IT managers and staff, audit staff, outside consultants and others in the development and implementation of security processes and procedures.
-- Establish and maintain effective customer-focused working relationships with managers, customers, vendors, consultants, employees and others encountered in the course of work.
|MINIMUM EDUCATION AND WORK EXPERIENCE NEEDED FOR POSITION:|
|REQUIRED MINIMUM EDUCATION:|
Bachelor's degree in information technology or related field (proof of degree required at interview).
REQUIRED MINIMUM PROFESSIONAL WORK EXPERIENCE:
Two (7) years experience in networks, databases, security, web development or other related field.
OTHER JOB-RELATED REQUIREMENTS FOR THE POSITION (e.g., work schedule, physical and mental requirements, language requirements, overtime, travel, use of equipment/machines, etc.):
-- Work Schedule – Normal business hours are 8:00 a.m. – 5:30 p.m. Mon-Fri (occasional nights and/or weekends)
-- Travel – Minimal travel requirements. Potential travel times include: Training, Conferences and Software/Hardware Implementation
-- Related experience may substitute for the degree on a year-for-year basis
-- Two (2) years of staff or project management preferred