Demo
Salary Resume Critique Job Openings

Sr. IT Security Analyst

Port of Tacoma, WA
Tacoma, WA Full Time
POSTED ON 3/17/2025
AVAILABLE BEFORE 4/14/2025

Salary : $107,376.00 - $171,792.00 Annually

Location : Tacoma, WA

Job Type : Regular / Full-Time

Remote Employment : Flexible / Hybrid

Job Number : 683

Department : Information Technology

Opening Date : 12 / 04 / 2024

FLSA : Exempt

Bargaining Unit : POT NON

Anticipated Starting Salary : Between $118,646 - $139,584 depending on qualifications

Job Summary

The anticipated hiring range is between $118,646 - $139,584 depending on qualifications.

The Sr. IT Security Analyst is focused on safeguarding the organization's technology from risks and attacks. They play a crucial role in protecting the Port's technology from unauthorized access, threats, and vulnerabilities. This role involves monitoring, detecting, investigating, analyzing, and responding to security events. Additionally, they will implement and maintain defensive measures using cybersecurity systems, tools and best practices.

Essential Functions

Securing the Port's Technology :

  • Oversee access, identify suspicious activity, and recommend solutions to reduce risk and prevent cyberattacks
  • Partner with other IT team members to secure networks, systems, applications, and the Port's sensitive information by ensuring that best practices are followed.
  • Continuous development and use of modern security controls to protect the Port's endpoints
  • Timely communication regarding security issues to peers and management
  • Validate security software and firmware updates are installed and current on all networks and systems

Performing Security Assessments :

  • Identify, assess and prioritize system vulnerabilities for timely remediation
  • Assess and prioritize potential risks and their impacts on organizational assets
  • Conduct or lead third parties through simulated attacks to identify and address security weaknesses
  • Assess regulations and standards through regular audits and corrective actions
  • Provide input on security policies from assessments to address current threats and recommendations for organizational alignment

    • Cybersecurity Incident Response and Disaster Recovery Planning :

  • Respond to security incidents, including containment, eradication, and recovery efforts
  • Timely communications and activation of Incident Response Team
  • Conduct post-incident analysis to determine root cause and preventative measures
  • Maintain and update incident response documentation and tools
  • Plan annual Cybersecurity Incident Response and Disaster Recovery Tabletop exercises
  • Evaluate and update disaster recovery plans based on lessons learned and actual incidents

    • Education, Audit and Compliance :

  • Maintain and advance security awareness, phish testing and specialized training for employees
  • Contribute to Informing staff about new security threats, policies, and procedures through regular updates and educational materials
  • Conduct internal security audits, support external auditors, and ensure audit findings are addressed
  • Track and maintain all audit recommendations and report on remediation progress
  • Stay current with relevant laws, regulations, and industry standards, and assist in the development of policies to ensure compliance
  • Consult on security policies and procedures and alignment with compliance requirements

    • Managing Business and Vendor Partnerships :

  • Establish and sustain effective working relationships with internal IT teams and business partners
  • Collaborate with organizations such as the U.S. Coast Guard, CISA, MS-ISAC, MTS-ISAC, WA State Fusion Center, AAPA, Port of Seattle etc.
  • Supervise and maintain relationships with the Port's Cybersecurity vendors, specifically for :

    • Managed Services

  • Annual penetration testing
  • Annual security performance audits
  • Annual incident response (IR) and disaster recovery (DR) tabletop exercises
  • Various annual government and military assessments and audits

    • Governance and Risk Management :

  • Develop, update, evaluate, and help implement security policies, standards, and procedures to ensure they are in line with organizational objectives and regulatory mandates.
  • Partner with stake holders to assist in the implementation and maintenance of a governance framework to oversee security initiatives, ensuring they are effectively managed and integrated across the organization
  • Partner with the Cybersecurity Oversight Committee to discuss risk, remediation and oversight (monthly)
  • Conduct regular risk assessments and analyses to identify, evaluate, and prioritize potential security threats and vulnerabilities
  • Develop and implement risk mitigation strategies and controls, and continuously monitor and report on the effectiveness of these measures

    • Required Education and Experience

    Bachelor's degree in cybersecurity, computer science or information technology or related field is required. An additional four (4) years' experience in Cybersecurity may substitute for a bachelor's degree.

    A minimum of five (5) years progressively responsible Cybersecurity experience in risk management, governance, audit and compliance required.

    Experience working with the NIST CSF 1.1 or greater preferred.

    Preferred Professional Certifications :

  • CCSP : Certified Cloud Security Professional (or related industry security certs)
  • CEH : Certified Ethical Hacker
  • CISM : Certified Information Security Manager
  • CISSP : Certified Information Systems Security Professional
  • CompTIA Security / CySA

    • Additional Requirements

    Knowledge

  • Demonstrated knowledge of security protocols, incident response, threat analysis, vulnerability assessment, and security technologies.
  • Knowledge and familiarity in NIST CSF 1.1 and related cybersecurity standards, protocols, and regulations.
  • Familiarity with security technologies, firewalls, IDS / IPS, antivirus, encryption, and vulnerability management tools.
  • Knowledge of incident response processes, disaster recovery planning, and post-incident analysis
  • Understanding of GRC frameworks to ensure the organization meets regulatory requirements and industry best practices.
  • Awareness of how to develop, evaluate, and implement security policies and procedures in alignment with organizational goals and regulatory mandates.
  • Knowledge of managing relationships with cybersecurity vendors and collaborating with external partners like government agencies and other relevant organizations.

    • Skills

  • Skill in conducting risk assessments, identifying vulnerabilities, prioritizing remediation efforts to mitigate security risks.
  • Advanced ability to perform technical security assessments, including vulnerability scanning, penetration testing, and threat analysis.
  • Strong communication skills, both written and verbal, to effectively convey security issues, policies, and procedures to various stakeholders, including non-technical audiences.
  • Proficiency in coordinating and executing incident response plans, including containment, eradication, and recovery, as well as conducting root cause analysis.
  • Expertise in conducting internal security audits, supporting external audits, and ensuring compliance with laws, regulations, and industry standards.
  • Skill in staying updated with the latest cybersecurity threats, technologies, and best practices, and applying this knowledge to the organization's security posture.

    • Abilities

  • Ability to analyze complex security incidents, assess the impact, and develop effective solutions to address vulnerabilities.
  • Ability to work with cross-functional teams, including management, and external partners, to achieve security objectives.
  • Capability to lead security initiatives, mentor, and influence stakeholders to adopt best practices in cybersecurity.
  • Ability to monitor systems, detect suspicious activities, and ensure all security measures are implemented and maintained accurately.
  • Ability to make timely, informed decisions in high-pressure situations, particularly during security incidents or breaches.
  • Skill in managing cybersecurity projects, planning, and execution, to ensure they are completed on time and within scope.

    • This individual must demonstrate a caring customer service attitude, a strong commitment to operational excellence, and dedication to the organization's core values : Integrity & Transparency; Excellence; Adaptability; Stewardship; Teamwork & Partnerships; Health & Safety; and Diversity, Equity & Inclusion. The Port / NWSA seek candidates who will embrace and model these values both internally and externally, and who understand what it means to carry out these values in their everyday work. We value individuals who also bring an impeccable work ethic, honesty, and integrity, and who consistently exhibit enthusiasm, energy, and a drive to succeed.

    In accordance with the Immigration Control and Reform Act of 1986, all persons offered employment must provide acceptable proof of identity and authorization to work in the United States. Proof will be required prior to employment.

    The successful candidate must possess (or obtain within 30 days of employment) a valid driver's license. Candidate must be able to successfully complete a background investigation. Candidate must also be able to obtain / maintain a Transportation Worker Identification Credential (TWIC), which is a program managed by the Department of Homeland Security (DHS). Information on this program can be viewed .

    The conditions of employment for this position are "At-Will" which means that either the Port or an employee can terminate the employment relationship at any time and for any reason not prohibited by statute. No supervisor, manager, or director of the Port, other than Executive Director, has the authority to alter these employment conditions.

    THE PORT OF TACOMA IS AN EQUAL OPPORTUNITY EMPLOYER COMMITTED TO PROMOTING AND ENCOURAGING DIVERSITY IN THE WORKPLACE.

    As an employer of choice, the Port is proud to offer an excellent benefits package. This includes medical, prescription, vision and dental with no out-of-pocket premiums and full coverage for employee, spouse, and all eligible dependents. In addition, the Port offers vacation, paid holidays, sick leave, bereavement leave, paid parental leave, participation in the Washington State Public Employees' Retirement System (PERS) and a Port-funded Voluntary Employee Beneficiary Association (VEBA) account for out-of-pocket health related expenses for employees and their eligible dependents. The Port's benefits package is valued between 45%-55% of base salary.

    Do you have a minimum of a bachelor's degree in cybersecurity, computer science, information technology or a related field ?

    How many years of progressively responsible cybersecurity experience in risk management, governance, audit and compliance do you have?

  • 0 to less than 3 years
  • 3 years to less than 5 years
  • 5 years to less than 7 years
  • 7 years to less than 9 years
  • 9 years or more

    • Do you have experience working with NIST CSF 1.1 or greater?

    Do you have current professional IT security certifications? If yes, please list below. If no, enter N / A.

    Required Question

    Salary : $107,376 - $171,792

    If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
    Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

    What is the career path for a Sr. IT Security Analyst?

    Sign up to receive alerts about other jobs on the Sr. IT Security Analyst career path by checking the boxes next to the positions that interest you.
    Income Estimation: 
    $112,673 - $137,290
    Income Estimation: 
    $139,945 - $168,577
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $112,673 - $137,290
    Income Estimation: 
    $139,945 - $168,577
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $152,549 - $188,894
    Income Estimation: 
    $194,072 - $240,547
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $87,093 - $107,335
    Income Estimation: 
    $111,725 - $147,313
    Income Estimation: 
    $112,673 - $137,290
    Income Estimation: 
    $140,233 - $181,029
    Income Estimation: 
    $161,209 - $233,553
    Income Estimation: 
    $123,246 - $161,441
    Income Estimation: 
    $152,549 - $188,894
    Income Estimation: 
    $135,994 - $168,063
    Income Estimation: 
    $161,209 - $233,553
    Employees: Get a Salary Increase
    View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

    Not the job you're looking for? Here are some other Sr. IT Security Analyst jobs in the Tacoma, WA area that may be a better fit.

    Sr. IT Security Analyst

    widenet, Tacoma, WA

    Sr. IT Security Analyst

    Widenet Consulting, Tacoma, WA

    View More Jobs

    AI Assistant is available now!

    Feel free to start your new journey!