JOB TITLE: ANALYST, CLOUD SECURITY
Location: North Fort Myers, FL
Work hours: Varied Shifts - Due to the 24 hour, 7 days per week nature of power distribution, night, weekend, and holiday support via telephone or call-out, may be required.
LCEC provides reliable, cost-competitive electricity to more than 226,000 customers throughout a five county service territory located in Southwest Florida. We employ approximately 400 skilled employees and are one of more than 750 electric distribution cooperatives located throughout the United States. LCEC has been recognized locally and statewide as an industry leader and continually receives acknowledgment for the work that our employees do in the community along with other civic, environmental and professional honors.
POSITION SUMMARY: This position is responsible for ensuring the confidentiality, integrity and availability of LCEC technology platforms through the implementation of information security systems, policies and procedures based on industry best practices. The LCEC Information Security Management System (ISMS) is based on a continuous improvement methodology which will ensure that the organization adapts to new security threats as they arise and addresses all applicable cyber security related regulatory requirements. The Cloud Security Analyst is responsible for assisting in the implementation of ISMS elements as directed by the Supervisor, IT Security and the Information Security Officer (ISO). The analyst will participate in the design, implementation, and monitoring of cloud security architecture, strategy and standards. The analyst will also contribute to the development of the information security program and the integration of cloud security, vulnerability and risk management, monitoring, and incident response with the existing information security program.
POSITION RESPONSIBILITIES:
Information Security Management System (ISMS) & Compliance:
Subject matter expert for the ISMS:
Expert level knowledge of best practice guidelines and controls
- ISO 27001
- National Institute of Standards and Technology (NIST)
- Center for Internet Security (CIS) Critical Controls
Policy, Procedure & Control development, implementation and documentation
Continuous improvement using Plan, Do, Check, Act (PDCA) methodology
Ensure compliance with the cyber security components of the following:
- Critical Infrastructure Protection (CIP) Standards
- Fair and Accurate Credit Transactions Act (FACTA)
- Florida Information Protection Act (FIPA)
- Payment Card Industry (PCI)
- Others
Security Infrastructure, Architecture & Systems:
Defense in Depth Strategy:
- Assist in the development of a multi-year strategy for LCEC’s security architecture based on detailed risk assessments, priority and budget.
- Plan, budget and implement the approved strategy components on an annual basis.
- Experience with Zero Trust architecture design and implementation.
- Experience configuring SaaS application security and integrating with on-premise security applications including SAML 2.0, AD Federated Services, and log shipping.
Security Infrastructure and Operations:
- Identify security issues and risks, and develop mitigation plans.
- Evaluate, design, implement security configurations of SaaS and hybrid solutions.
- Provide security requirements of cloud architectures, designs and integrations with other cloud and on-premise solutions.
- Evaluate, design, implement, and support security-focused tools and services.
- Evaluate and recommend new and emerging security products and technologies.
- Develop and deliver training materials and perform general security awareness and specific security technology training.
- Security Operations Center (SOC)
- Senior member of the LCEC Computer Emergency Response Team (CERT)
- Incident Response Plan (IRP) & Forensics
- IRP Exercises
- Threat Hunt Exercises
- Administer network and computing devices/systems that enforce security policies and audit controls in a Windows/Linux environment.
- Assist in responses to external audits, penetration tests and vulnerability assessments.
- Conduct internal audits, penetration tests and vulnerability assessments.
- Meet with clients and management to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications and systems to production.
Security System Configuration, Management, & Auditing:
- AD Federated Services
- SAML 2.0 and Single Sign-on Solutions
- Public Key Infrastructure
- Office 365 security
- Firewalls
- Microsegmentation
- Intrusion Detection/Prevention (IDS/IPS)
- Traffic Monitoring and Control systems
- Encryption solutions
- Packet Sniffer
- Log Management Devices
- Security Information & Event Management (SIEM)
- Forensics Tools
- Vulnerability Scanners
- Penetration Testing
- External Security Assessment
- Incident Management & Response
- SPAM and Virus protection
- Data Loss Prevention (DLP)
- Information security metrics development and reporting
- Maintain effective working relationships with employees and customers at all levels within LCEC. Ensure smooth operations, productive communications, and effective understanding during all interpersonal contacts. Provide current and accurate information to all requesters, courteously and in a timely manner.
REQUIRED QUALIFICATIONS:
Level 1:
- BA/BS degree in Computer Science or related field. An Associate degree in Computer Science or related field plus four (4) years computer experience may be substituted for a BA/BS degree. Eight (8) years of experience in the computer/security field and multiple security related certifications may be substituted for a BA/BS degree.
- Five (5) years of experience in the computer industry, with at least three (3) years designing and implementing cloud security configurations.
- Ability to work in a dynamic environment with many competing priorities.
- Professional approach to information security management and ability to implement changes while minimizing operational impact.
- Team oriented approach to problem solving.
- Experience managing projects and matching requirements to technical solutions.
Senior Level:
- All required qualifications for Level 1.
- Ten (10) years of experience in the computer industry, with at least five (5) years designing and implementing cloud security configurations.
- Industry recognized premiere Cloud Information Security Certification (CCSP, CCSK).
DESIRED QUALIFICATIONS:
- CCSP: Certified Cloud Security Professional
- CCP: Certified Cloud Professional
- CompTIA Cloud+
- Microsoft Certified Azure Fundamentals
- CCSK: Certificate of Cloud Security Knowledge
PHYSICAL DEMANDS AND WORK ENVIRONMENT:
The physical demands and work environment characteristics described here must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:
- PHYSICAL DEMANDS: May be required to lift up to 50 pounds and sit for extended periods of time at a desk/computer terminal. Able to view computer monitor from a reasonable distance.
- WORK ENVIRONMENT: Air Conditioned office, computer room.
Please note that at the time a candidate is made a job offer, the candidate will be subject to a background check and a drug screening.
Required Skills
Required Experience