Information Security Analyst

Jeffco Public Schools (Jeffco) is located in Jefferson County, Colorado. It is the second largest school district in Colorado serving 69,000 students across 155 schools. With 14,000 employees, the district is the largest employer in Jefferson County and has provided educational excellence for more than 70 years.

Jeffco embraces the spirit of the West and the natural beauty of the Rocky Mountain region with the county spanning more than 770 square miles running the length of the western edge of the Denver metropolitan area. The district is diverse in both population and geography, from urban to rural, including the mountain communities in the foothills west of Denver.

Overall, Jeffco has 31% of students that qualify for free and reduced lunch, an indicator of poverty, and 34% minority (25% Hispanic) student population. The district is implementing a new strategic plan, Jeffco Thrives 2025 that is focused on providing a world-class education that prepares all Jeffco students for bright and successful futures as local and global citizens. Come join us!

Jeffco Public Schools is a Single-State Employer. All candidates hired by Jeffco Public Schools must reside within the state of Colorado.

The Information Technology (IT) division supports the district's mission and vision by providing technology-based services and support focused on digital equity, enabling secure and effective data culture, and future-focused sustainability. The IT division's major services areas include infrastructure & network, enterprise client management, school-based site support, educational technologies, a centralized service center, device support and repair, business technology services, student technology services, information security, integration and identity services, enterprise data warehouse, and digital media tools. IT houses approximately 150 individuals that provide centralized technical services to the district.

The Information Security department is a vital part of the IT division at Jeffco Public Schools, dedicated to ensuring the confidentiality, integrity, and availability of the district's digital assets. This team works proactively to safeguard the district's information systems and networks by identifying vulnerabilities, responding to threats, and implementing best-in-class security measures.

Focused on protecting the digital environment for students, staff, and community members, the Information Security team collaborates with stakeholders across the organization to promote security awareness, establish policies, and maintain compliance with industry standards and regulations. The team plays a key role in advancing Jeffco?s mission of providing equitable, secure, and innovative educational opportunities.

With a future-focused approach, the Information Security team ensures that Jeffco remains resilient against emerging cyber threats while fostering a secure and inclusive digital ecosystem.

The Information Security Analyst is a critical member of Jeffco Public Schools? Information Security team, responsible for protecting the district's digital infrastructure from cyber threats and vulnerabilities. In this role, you will leverage cyber defense tools and methodologies to monitor, analyze, and safeguard our systems and networks. Key responsibilities include identifying and responding to security incidents, conducting risk assessments, and providing actionable recommendations to strengthen our cybersecurity posture.

You will collaborate with cross-functional teams to ensure compliance with industry standards and best practices, while also contributing to the development and refinement of security policies and procedures. This position requires a strong understanding of cybersecurity principles, network protocols, and incident response methodologies.

Analyst - Information Security
Annual Position
FLSA: Exempt
FTE: 1.00000 , Hours/Day: 8.000 , Days/Year: Year Round
Salary Plan, Grade, Step: Information Technology , N06, 1
Min-Mid Annual Salary Range: $91,022.00 - $109,073.50 Effective as of: 06-16-2024

Compensation schedules for Jeffco Schools can be found here. Starting salary for non-licensed roles is based on the candidate's relevant work experience and education. Additional considerations may be given for job-specific certifications and skills. Applicants should submit all relevant and verifiable education, training and work experiences at the time of application. Starting Salary for licensed educators is based on the step and lane schedule found here.

The successful new hire or rehired candidate will be responsible to complete and incur the fingerprinting and processing fee of $54.50 through an appropriate fingerprinting vendor and the Colorado Bureau of Investigation, within 48 hours of offer acceptance.

SUMMARY Responsible for using data collected from a variety of cyber defense tools to safeguard district computer systems and networks against unauthorized access, data breaches, and cyber threats. Assess potential vulnerabilities and respond to incidents, ensuring compliance with industry standards and regulations. Collaborate with other teams to conduct risk assessments and provide recommendations to enhance overall security for digital environment.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Develop content for cyber defense tools.

Coordinate with enterprise-wide cyber defense staff to validate network alerts.

Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.

Perform cyber defense trend analysis and reporting.

Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.

Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.

Plan and recommend modifications or adjustments based on exercise results or system environment.

Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.

Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.

Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

Determine tactics, techniques, and procedures (TTPs) for intrusion sets.

Recommend computing environment vulnerability corrections.

Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).

Isolate and remove malware.

Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.

Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.

Analyze and report security posture trends.

Assess adequate access controls based on principles of least privilege.

Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain current awareness of cyber defense threat condition and determine which security issues may have an impact on the enterprise.

Assess and monitor cybersecurity related to system implementation and testing practices.

Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

EXPERIENCE 5 years of combined experience in information technology and/or information security.

EDUCATION AND TRAINING Bachelor's degree required. Preferred field of study in Information Technology, Computer Science, or related field. Additional years of experience may be considered in lieu of degree. Relevant certifications may be considered in lieu of degree (see below for relevant topics). Certification equivalency dependent upon recommended or required experience to take certification OR required experience to renew certification. Documentation from organizations website to support equivalency must be provided for review.

CERTIFICATES, LICENSES, REGISTRATIONS Certifications demonstrating advanced knowledge preferred for hire include, but are not limited to, certifications from CompTIA, GIAC, ISSA, ISC2, ISACA.

KNOWLEDGE, SKILLS AND ABILITIES Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of Windows/Unix ports and services. K0049: Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). Knowledge of incident response and handling methodologies. Knowledge of incident response and handling methodologies. Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). Ability to analyze malware. Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). Skill in developing and deploying malware signatures. Skill in detecting host and network based intrusions via intrusion detection technologies (endpoint detection and response tools). Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Skill in evaluating the adequacy of security designs. Skill in using incident handling methodologies. Skill in collecting data from a variety of cyber defense resources. Skill in recognizing and categorizing types of vulnerabilities and associated attacks. Skill in reading and interpreting signatures (YARA, Splunk Query Language, KQL). Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning). Skill in conducting trend analysis. Skill to use cyber defense Service Provider reporting structure and processes within one's own organization. For additional KSAs that would be helpful to know, demonstrate or perform please see the NIST NICE framework documentation for primary function: Cyber Defense Analyst, Work Role ID: PR-CDA-001, and secondary function: Cyber Defense Incident Responder, Work Role ID: PR-CIR-001.

SPAN OF CONTROL This position does not have supervisory responsibilities.

The physical demands, mental functions, and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

PHYSICAL DEMANDS While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, or crouch; and talk or hear. The employee must occasionally lift and/or move up to 100 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, and ability to adjust focus.

MENTAL FUNCTIONS While performing the duties of this job, the employee is regularly required to compare, analyze, communicate, copy, coordinate, instruct, compute, synthesize, evaluate, use interpersonal skills, compile, and negotiate

WORK ENVIRONMENT Typical office environment. The noise level in the work environment is usually moderate.

Jeffco Salary Schedules

Jeffco Benefits

The Jefferson County School District does not discriminate on the basis of disability, race, color, creed, religion, national origin, age, sexual orientation, marital status, political affiliation, pregnancy, or gender.