Security Analyst - Consultant

Daily Duties / Responsibilities:

This is a hands-on technical role reporting to the Office of Cybersecurity SOC lead.

The analyst will support SCDHHS leadership, business units, partners, and vendors in day-to-day cybersecurity operations.

Security Program Experience:

Strongly desired experience includes:

• CMS ARC-AMPE, HIPAA, NIST or other FISMA RMF frameworks
  
• Performing repeatable security processes supporting compliant enterprise architectures
  
• Supporting security considerations for multi tenant cloud environments and vendor integrations

Technical Experience:

Candidates should have hands-on experience with:

1. Secure network design principles
2. Windows, macOS, and Linux operating systems
3. Switching and Routing
4. Enterprise Firewalls
5. Network auditing
6. IDS/IPS platforms
7. Network security monitoring
8. SIEM platforms such as QRadar, Splunk (Preferred)
9. Vulnerability scanning tools (Nessus, Qualys, etc.)
10. Cloud Infrastructure Security (Preferred)

Essential Responsibilities:

1. Assist in maturing network security and compliance solutions

2. Investigate and respond to daily network alerts

3. Perform network security assessments for proposed firewall and infrastructure changes

4. Conduct technical analysis for network security planning and engineering

5. Review and assessment of connectivity, website block and firewall rule requests to ensure they do not present an elevated risk to the agency

6. Analyze on-premise and cloud networks for potential threats

7. Develop, review, and analyze network traffic reports that violate the agency's approved standards governing Ports, Protocols and Services.

8. Monitor emerging threat vectors and recommend countermeasures

9. Collaborate with other areas of the agency to implement security controls

10. Support cloud and on-premise network changes and enhancement projects

11. Ensure compliance with ARC-AMPE, HIPAA and SCDIS-200

12. Assist with KPI creation and trend report monitoring

13. Participate in firewall configuration reviews and ruleset recertification

14. Provide guidance on best practices to technical teams

15. Perform additional SOC duties as assigned

Required Skills (rank in order of Importance):

1. Approximately 3-5 years of hands-on experience in network design, implementation, or support
2. Hand-on experience in IT security or system administration
3. Working knowledge of secure network design, security architecture, compliance tools, data protection, and access models
4. Ability to analyze logs, alerts, and network telemetry.
5. Proficiency with Microsoft Office tools

Preferred Skills (rank in order of Importance):

1. Experience working in regulatory environments
2. Experience supporting health IT or state government.
3. Familiarity with FISMA, NIST, CMS ARC-AMPE, and HIPAA security and privacy standards
4. Cloud network security controls (Azure or AWS).

Preferred Skills (rank in order of Importance):

1. Experience working in regulatory environments
2. Experience supporting health IT or state government.
3. Familiarity with FISMA, NIST, CMS ARC-AMPE, and HIPAA security and privacy standards
4. Cloud network security controls (Azure or AWS).

Preferred Education/Certifications:

1. CISSP or Security+