This position performs information technology cyber security and analysis functions in support of the Matanuska-Susitna Borough technology infrastructure.

Work is performed and duties are carried out in accordance with established policies, procedures, and Borough core values: Accountability, Customer Focus, Dedication, Integrity, Responsiveness and Teamwork.

Baccalaureate degree in a course of study related to the occupational field. Post-secondary education or experience which provides the expertise required to perform effectively the functions of the position may substitute for the degree on a year-for-year basis.

Five (5) years of experience in the occupational field, sufficient to understand the major duties of the position with two (2) years of full-time Information Security related experience required.

CISSP, GSEC, Security+, or comparable security certifications required within one year of hire. Comparable certification will be determined by the supervisor prior to employment.

Must have a working understanding of LAN/WAN technologies, cyber-security log software and technologies.

Possession of or ability to readily obtain a valid driver's license issued by the State of Alaska for the type of vehicle or equipment operated.

Must successfully pass a pre-employment drug screen.

Completion of required Incident Command System (ICS) course in accordance with established Borough policy

• Perform and monitor information security for the Borough's IT landscape to ensure the identification of required security related issues by configuring and establishing monitoring, correlation and alerting solutions.
• Protect digital files and information systems against unauthorized access, modification or destruction.
• Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of relevant event detail and summary information.
• Investigate and analyze security breaches to determine their root cause; ensure the situation is handled promptly and effectively following the security incident response process.
• Work with network and systems administrators to ensure security standards are configured and maintained to enable effective identification and alerting of potential security events, as well as reducing false positives to protect Borough assets.
• Perform operational support of information security technology such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Security Information and Event Management (SIEM).
• Assist with implementation of countermeasures or mitigating controls as they relate to the Borough's security posture.
• Provide security reports to IT leadership on all related incidents, responses, and related issues.
• Complete information security related project tasks on time and within budget and scope.
• Develop and maintain the Cyber Incident Response plan; recommend and execute security strategies to improve processes based on lessons learned over time.
• Participate in reviewing information security solutions and strategic planning and budgeting as it relates to cyber security.
• Plan, implement and upgrade security measures and controls.
• Maintain network and system security diagrams and documentation.
• Act as the lead threat hunter at the Borough to consolidate and conduct comprehensive analysis of threat data for threat detection and incident response.
• Evaluate and work with vendors to deconstruct malware.
• Define, implement and maintain Borough information security policies.
• Support development and implementation of cyber security governance.
• Evaluate Borough departmental and operational needs to define and coordinate system performance requirements, integrate technical parameters, and assure compatibility of all physical, functional and program interfaces.
• Participate in enterprise architectural planning and implementation of IT infrastructure and systems; make recommendations for changes that can help the removal of vulnerabilities and reduction in the risk of exploitation that may result in potential incidents.
• Participate in vendor management for security related services and projects.
• Support security awareness training.
• Foster relationships with other organizations and vendors as related to cyber security.
• Knowledge of application and infrastructure security solutions (firewalls, intrusion detection/prevention systems, network security, password management, data encryption, and access control).
• Knowledge of Microsoft 365 Defender family of products
  Ability to perform threat hunting and forensics work for security incidents
• Knowledge of network security architecture, network design and networking protocol.
• Ability to effectively manage multiple activities, including cross-team dependent activities, simultaneously.
• Ability to work effectively in collaboration with other members of a team or/and other professionals with minimal supervision.
• Ability to quickly learn new processes and technologies, and to adapt to changes in sequences and timelines.
• Ability to self-educate on the ever-changing landscape of cyber hacking tactics.
• Ability to effectively compile, correlate and assess analytical log files.
• Knowledge of cyber security concepts.
• Ability to maintain confidentiality.
• Ability to create well-written, effective, and easy-to-understand procedural documents and workflow diagrams.
• Knowledge of information security principles and best practices for an enterprise environment.
• Ability to influence and build credibility as a peer through strong interpersonal and leadership skills.
• Ability to perform well under significant enterprise-wide pressure with a sense of urgency.
• Knowledge of vulnerability scanning technologies and management products.
• Knowledge of report design and business analysis principles.
• Skill in decision making and problem solving.
• Skill in establishing plans and setting objectives and goals.
• Skill in interpersonal relations and in dealing with the public.
• Skill in oral and written communication.
• Performs other duties as assigned.