Works under the direction of the IT Security Analyst III to execute, monitor, and assess the Shelby County Government (SCG) Information Security Program. Plans, researches, specifies, engineers, and implements highly complex security solutions. Administers and maintains systems critical to the function of the Information Security Program and develops procedures and policies for implemented solutions. Responsible for carrying out comprehensive security processes, risk assessments, and assessments of third-party vendors, and works with groups inside and outside of SCG to ensure the successful operation of the Information Security Program.

Pay Grade: 53
Salary Commensurate with Experience and Education

1. Three (3) years of experience in enterprise security threat and vulnerability identification and remediation, or a closely related field; AND

2. Bachelor’s degree from an accredited college or university in Computer Science, Management Information Systems, or related field; OR

3. An equivalent combination of related education and/or experience.

4. CompTIA Security , ISC2 SSCP, EC-Council CEH, or closely related certifications are preferred.

5. PROOF OF EDUCATION, TRAINING, AND/OR EXPERIENCE IS REQUIRED.

1. Conducts proactive threat hunting using advanced security tools to detect and respond to anomalies and potential threats, in addition to performing daily monitoring of system audit log feeds.

2. Generates and manages detailed incident reports, threat analysis reports, and compliance status reports, facilitating effective decision-making and risk management across assigned areas of responsibility.

3. Processes security office requests, including user access requests, access control changes, and responses to security advisories, ensuring timely and efficient handling of security concerns.

4. Develops, updates, and oversees the quarterly cybersecurity training content tailored to different organizational roles, ensuring relevance, engagement, and compliance with applicable frameworks.

5. Assists in managing Security Incident events using the approved IT incident response solution, coordinating remediation efforts across IT sections, and improving incident response plans through regular tabletop exercises and risk assessment updates.

6. Updates and maintains comprehensive cybersecurity incident response playbooks with steps for identifying, analyzing, and responding to security incidents.

7. Supports the IT Application Services by conducting security quality assurance reviews, conducting security vulnerability scans, and collaborating with DevOps and Applications Services to integrate secure coding practices into the development lifecycle.

8. Adheres to the new security technology developments relevant to business and IT requirements, evaluates and recommends security solutions, and assists with pilot tests to enhance the organizational security posture.

9. Assists in the development, deployment, and regular update of IT security policies and procedures, ensuring they reflect current best practices, legal requirements, and compliance standards.

10. Demonstrates strong interpersonal and communication skills, fostering collaboration with management, peers, customers, and non-IT departments to promote a culture of security awareness across the organization.

11. Demonstrates a strong passion for information technology and cybersecurity, staying driven to continuously explore, learn, and adopt new technologies and security practices.

12. Adheres strictly to ethical guidelines and legal requirements in all cybersecurity activities, including compliance with privacy laws, data protection regulations, and ethical hacking standards.

13. Commits to ongoing professional growth in cybersecurity to keep pace with the latest threats, vulnerabilities, and technological advancements.

14. Performs other related duties as assigned or directed.

1. Proficiency knowledge of cybersecurity principles, including risk management, threat modeling, security architectures, and incident response strategies.

2. Knowledge of key legal and regulatory requirements such as HIPAA, and PCI-DSS, and familiarity with frameworks such as ITIL, NIST CSF, CIS Controls, and zero trust.

3. Proficiency knowledge of a wide range of security technologies and tools, including SIEM, firewalls, IDS/IPS, DLP, endpoint protection, privilege access management, and threat intelligence platforms.

4. Knowledge of key IT infrastructure technologies including virtualization technologies, server architectures, containerization, and network infrastructure.

5. Knowledge of secure coding practices and common application security vulnerabilities, as outlined in the OWASP Top 10.

6. Ability to apply various risk assessment methodologies for thorough security analysis and assessments.

7. Ability to identify, analyze, and effectively resolve security threats and vulnerabilities.

8. Skilled communication for translating complex security concepts to non-technical audiences and fostering collaboration across organizational departments.

9. Ability to coordinate incident response efforts and manage security incidents.

10. Ability to make informed, critical decisions based on comprehensive risk analysis and threat intelligence.

11. Ability to adapt to evolving security landscapes and a proactive approach to address emerging security challenges.

12. Ability to manage confidential information, combined with meticulous attention to detail in security monitoring, log analysis, and conducting assessments.