IT Associate Cybersecurity Analyst

IT Associate Cybersecurity Analyst

The IT Associate Cybersecurity Analyst will be responsible for supporting the organization's efforts to protect its systems, networks, and data from cyber threats. This role involves assisting in monitoring, analyzing, and responding to security incidents and vulnerabilities under the guidance of the IT Security and Compliance Analyst. On call 24 hours per day and 7 days a week. Assist Supervisor and Director on any other ad hoc projects as required and needed.

Essential functions, as defined under the Americans with Disabilities Act, may include any of the following representative duties, knowledge, and skills. This is not a comprehensive listing of all functions and duties performed by incumbents of this class; employees may be assigned duties which are not listed below; reasonable accommodations will be made as required. The job description does not constitute an employment agreement and is subject to change at any time by the employer.

Essential duties and responsibilities may include, but are not limited to, the following:

• Assisting in monitoring security alerts and events from various sources, such as SIEM (Security Information and Event Management) systems, IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection platforms.
• Participating in the investigation and analysis of security incidents, including conducting initial triage, gathering evidence, and documenting findings.
• Supporting vulnerability management activities, including scanning systems for vulnerabilities, analyzing scan results, and tracking remediation efforts.
• Assisting in managing security controls and technologies, such as firewalls, antivirus software, and security policies.
• Contributing to security awareness and training initiatives to educate employees about cybersecurity best practices and raise awareness of potential threats.
• Assisting in the development and maintenance of security documentation, including policies, procedures, standards, and guidelines.
• Participating in security risk assessments and compliance audits, including gathering evidence, documenting findings, and assisting with remediation efforts.
• Staying informed about the latest cybersecurity threats, trends, and technologies through self-study, training, and professional development opportunities.
• Collaborating with other members of the cybersecurity team and cross-functional teams to address security concerns and implement security controls.
• Providing general support to the cybersecurity team as needed, including administrative tasks, reporting, and project coordination.
• Must be dynamic and flexible to learn and cross train in other system and networking disciplines for maintaining functional continuity.
• Supports the relationship between the City of Odessa and the general public by demonstrating courteous and cooperative behavior when interacting with visitors and City staff; maintains confidentiality of work-related issues and City information; performs other duties as required or assigned.
• Supports the departmental operations with regular and timely attendance.
• Must have and maintain a cell phone for City use to hold this position.
• On call 24 hours a day to resolve system failures.

• Excellent communication skills, both written and verbal.
• Basic understanding of cybersecurity principles, concepts, and best practices.
• Familiarity with networking concepts, operating systems, and common security tools and technologies.
• Strong analytical and problem-solving skills, with the ability to analyze security events and incidents.
• Ability to work collaboratively in a team environment and willingness to learn from more experienced professionals.

Bachelor's degree in information technology, cybersecurity, computer science, or a related field is desired but not required. Education can be substituted based on 4+ years of work experience in cybersecurity, compliance, or a related field. High school diploma or GED required.

CompTIA Security+, CompTIA Network+ and Certified Ethical Hacker (CEH), and GIAC Security Essentials (GSEC) preferred but not required.

Must have a cell phone for communications with IT management 24 hours a day and 7 days a week.