04 Aug
Cyber Security Analyst
California, Pleasanton , 94588 Pleasanton USA

Vacancy expired!

State Fund is seeking one (1) new consultant to work in our Enterprise Security Technical Unit on various security related duties outlined in the attached Statement of Work. The Security Analyst is expected to work in our Pleasanton and Vacaville locations, when our offices re-open.

The contract is anticipated to be for a 6-month term with possible renewal based on successful performance, and subject to termination with 30 days written notice from State Fund.

The tasks for the Security Analyst include, but are not limited to, the following:
  • Act as a primary senior advisor for forensics and security incident response as well as perform daily operational analytical technical security functions such as forensics analyses or security incident response duties.
  • Provide recommendation to improve State Fund’s security incident response and forensic capabilities and assist with the implementation of the various security tools (e.g. surety incident ticket processing, forensics system images, forensic tools, etc.)
  • Provide recommendations on how to alleviate future threats and/or advanced persistent threats during post incident review sessions or as needed.
  • Participate and/or lead security incidents leveraging forensic techniques and skills that can detect root causes for the incident, a threat, or advanced persistent threat.
  • Assist and/or drive the implementation of a centralized threat intelligence repository to enhance security incident response capabilities and forensics.
  • Knowledge transfer to and training of State Fund employees including documented training materials.
  • Advise the CISO and ESEC Team on matters involving organizational, strategic, tactical, and security best practices related to forensics and security incidents management.
  • Attend meetings/Represent ESEC as a Senior Lead for all security matters.
  • Act as Lead/Co-Lead/Backup on assigned ESEC projects.
  • Other duties as assigned when not working on Forensics or Security Incidents such as: assist with phishing campaigns and security awareness reinforcement trainings, etc.

Technical Knowledge and Skills:
  • MINIMUM OF 5+ YEARS OF TECHNICAL EXPERIENCE CONDUCTING FORENSICS AND SECURITY INCIDENTRESPONSE.
  • WORKING EXPERIENCE OF OBTAINING CYBER THREAT INTELLIGENCE AND MAKING THE INFORMATION USABLE BY THE SECURITY INCIDENT RESPONSE PROCESS.
  • WORKING EXPERIENCE IN THREATS IN CURRENT ENVIRONMENT AND APPLYINFORMATION TO PREVENT FUTURE VULNERABILITIES IN INFRASTRUCTURE.
  • PROJECT MANAGEMENT SKILLS.
  • WORKING EXPERIENCE USING BEST PRACTICES STANDARDS AND FRAMEWORKS: ISO 27001/27002, PCI:DSS V3; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
  • WORKING EXPERIENCE, AT A MINIMUM:
  • HARDWARE: NETWORK SWITCHES, ROUTERS, LOAD BALANCERS, SERVERS, STORAGE SYSTEMS, END-USER SYSTEMS, MOBILE DEVICES, OR OTHER DEVICES THAT ENABLE THE ORGANIZATION TOCOMPLETE ITS MISSION
  • OPERATING SYSTEMS: UNIX, LINUX, WINDOWS
  • NETWORK: LAN, WAN, INTERNET, PROXY/FILTERING, FIREWALL, VPN, DMZ
  • NETWORK PROTOCOLS SUCH AS TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA, ETC.
  • DATABASES: ORACLE, SQL, MYSQL
  • CLOUD PLATFORMS: IAAS, PAAS, SAAS
  • SECURITY CONCEPTS SUCH AS ENCRYPTION, HARDENING, ETC.
  • FORENSIC ANALYSIS TOOLS
  • GOVERNANCE, RISK, COMPLIANCE (GRC)
  • VULNERABILITY ASSESSMENTS
  • PENETRATION TESTING
  • MAINFRAME DB2
  • ACTIVE DIRECTORY
ROGRAMMING LANGUAGES ARE A PLUS

Vacancy expired!

Subscribe for new vacancies
Report job