Security Analyst

Note :- Looking Local to Seattle , WA or who can relocate and work onsite for hybrid work.

Position : IT Information Security Analyst

Location : Seattle , WA

Client : Sound Transit

Duration : 6 months up to 12 months

Id : 25-12454

Under general direction, the Information Security Analyst assists with the operations of the Agency's Information Security program for its technology assets. The Information Security Analyst's role is to support service owners and system owners in ensuring the confidentiality and integrity of information systems and data across the entire organization.
The Information Security Analyst performs two core functions for the Agency. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation and resolution of security events detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and/or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the Agency's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals
On-call availability is required as a member of the Information Security Incident Response Team.

Essential Functions :

• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Research and recommend additional security solutions or enhancements to existing security solutions to improve the overall security posture of the Agency.
• Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically
• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, when under direct control (i.e., security tools) or support when not (i.e. workstations, servers, network devices, etc.)
• Maintain operational configurations of all in-place security solutions as per the established baselines.
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (i.e. workstations, servers, network devices, etc.). Interpret the implications of that activity and devise

plans for appropriate resolution. Participate in investigations into problematic or suspicious activity.

• Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
• Provide on-call support for Information Security Incident Response activities
• Conduct vulnerability scans and assessments, including reporting and follow up on remediation status
• Inform and train staff members on their responsibilities concerning information security procedures
• Support the administrated processes to maintain compliance with regulatory obligations (e.g. DOL.

• Assist with ensuring that agency technology assets, systems, services, and facilities are compliant with information security procedures.
• Participate in ongoing information security education, awareness and outreach activities as required.
• Monitor threat intelligence and other available information to proactively enhance the Agency's security posture.
• Demonstrates Sound Transit's Values in every interaction
• It is the responsibility of all personnel to follow the Agency safety rules, regulations, and procedures.
• pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees.

Required Licenses or Certifications:

• One or more of the following certifications:
• Certified Information Systems Security Professional (CISSP) (strongly preferred)
• CompTlA Security+ o GIAC Information Security Fundamentals
• Microsoft Certified Systems Administrator: Security
• Associate of (ISC)2
• ITIL and Project Management certification a plus.

Special / Additional Qualifications (Over Role/ Category Level)

Bachelor's degree in computer science, information technology, business administration, engineering, or closely related field and five years of information technology experience with a focus on IT Security, Risk Management, Data Protection or Compliance, OR an equivalent combination of education and experience.

• At least 4 years of systems security and administration experience.

Specific Qualifications, Knowledge, and Skills:

• Hands-on experience conducting vulnerability assessments using Tenable, including scan configuration, interpretation of results, and remediation tracking.
• Proven ability to triage and respond to Information Security incidents, events, and related service tickets in a timely and professional manner.
• Practical knowledge in deploying, tuning, and supporting endpoint protection platforms such as CrowdStrike Falcon.
• Familiarity with enterprise SIEM platforms and forensic tools such as EnCase, with the ability to correlate logs and support investigative tasks.
• Proficiency in system administration for both Windows and Linux environments, including patching, configuration management, and baseline hardening.
• Working knowledge of key security frameworks including NIST SP 800-series and ISO/IEC 27001/27002, with an understanding of their practical application.
• Demonstrated experience in conducting system security reviews, risk assessments, and vulnerability or penetration testing activities in production or test environments.
• Strong foundational understanding of threat vectors, threat actor tactics, and system vulnerabilities across on-prem and cloud platforms.
• Experience working with and supporting a wide range of security tools and technologies related to endpoint, network, cloud, and log management.
• In-depth understanding of attack surface analysis and the impact of various exploitation techniques on business systems and infrastructure.
• Technical proficiency in areas such as Security Information and Event Management (SIEM), network protocols (TCP/IP, UDP, IPSEC, HTTP/S, routing protocols),
• malware analysis (infection paths, behavior), and system-level troubleshooting.
• knowledge of network security controls and technologies (proxy, firewall, IDS/IPS, router/switch, open-source information collection platforms), cryptography, Microsoft Active Directory.
• Proven competency in the use of MS Office applications (Word, Excel, PowerPoint, SharePoint, Teams)
• Strong work habits, time management and self-organization
• Excellent communication skills (verbal/written), including the ability to provide technical reports