Los Angeles County Department of Human Resources · 2 days ago
INFORMATION TECHNOLOGY SECURITY ANALYST
CA
Full-time
Onsite
Entry, Mid Level
$101K/yr - $136K/yr
2+ years expThe Los Angeles County Department of Human Resources is seeking an Information Technology Security Analyst to develop, implement, and monitor IT security standards and practices. The role involves performing risk assessments, managing security incidents, and ensuring compliance with IT security policies.
Government
Responsibilities
Participates in designing, applying, and monitoring a departmental IT security program in accordance with County and department-specific policies, standards, procedures and guidelines
Completes the analysis, build, testing, and deployment of IT security solutions
Assesses performance of applications across all components to identify potential vulnerabilities or threats; assists developers and infrastructure support staff with planning and implementing security countermeasures
Ensures that network devices are tested, implemented, and maintained through improvements, fixes, and revisions and with appropriate security controls such as authentication and configuration
Documents network data flows and access controls
Conducts risk assessments for identity and access management controls
Analyzes security data from computing and network devices to identify potential threats and vulnerabilities or to determine root cause of security incident
Analyzes security hardware and software to determine their utility within the network infrastructure; participates in change control and technical review of proposed changes to IT resources
Analyzes system outages, alerts, and reports of abnormal system behavior due to suspected security-related events such as viruses, Trojan activity, and hacker intrusions
Monitors, analyzes, and responds to security events using security event-management tools
Compiles and validates security-related statistical data for management reporting
Assists in crafting, applying, and assessing a departmental security-awareness training program and related materials and trains departmental staff at all levels on security protocols, policies, and procedures
Assists with development of compliance strategies for IT security programs; assesses risks of non-compliance with IT security policies, procedures, standards and guidelines and reports findings to appropriate management
Assists in the development and implementation of Business Continuity Plans and Disaster Recovery Plans
Assists with maintaining chain of custody of electronic and physical evidence related to an IT security incident
Monitors and assesses physical security control safeguards
Participates in the Countywide Computer Emergency Response Team (CCERT), Departmental Computer Emergency Response Team (DCERT), and or Security Engineering Teams (SET), as required
Qualification
Required
Graduation from an accredited college with a bachelor's degree in Computer Science, Information Systems, or a closely related field AND two (2) years of recent, full-time, paid experience, within the last 5 years, assisting with the implementation, management, and monitoring of IT security solutions and programs, in one (1) or more of the following areas
Three (3) years of recent, full-time, paid experience, within the last 5 years, assisting with the implementation, management, and monitoring of IT security solutions and programs, in one (1) or more of the following areas
Information systems security
IT risk assessment strategies and methodologies
Security issues pertaining to protecting IT resources
Information security best practices
Security management and practices
Computer threats, vulnerabilities, and exploits
Business Continuity Planning (BCP)
Disaster Recovery Planning (DRP)
A valid California Class C Driver License or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions
Preferred
Application Security management (ASM): Experience in application development using standard IT systems development methodology and techniques for resolving business problems. Includes systems develop, database management, development of online data entry and data inquiry capabilities, and defining techniques; communications, network analysis, design, planning and performance tuning
Identity and Access Management (IAM): Experience with defining, testing, and implementing IT user provisioning and identity management technologies. Includes developing IAM policies, standards, and procedures; identifying appropriate access control techniques; analyzing and selecting IAM solutions; and familiarity with security and system development life cycles (SDLC) processes
Incident Response Management (IRM): Experience in an IT organization providing technical assistance in computer incident response for potential or actual information-security breaches or attacks. Includes detecting, analyzing, responding to, and reporting information security incidents; and familiarity with the chain-of-custody process
Microsoft Security Suite Management: Experience using security tools in the Microsoft E5/G5 Security Suite including Microsoft Defender for Endpoint, Microsoft Defender for O365, Microsoft Defender for Identity, Microsoft Purview, and Microsoft Defender for Cloud Apps
Network Security Management (NSM): Experience in IT network planning, design, and analysis. Involves supporting the implementation of security tools and controls such as intrusion detection/prevention systems, sniffers, and firewalls
Physical / Environmental Security (PES): Experience in managing physical and environmental IT security methodologies to prohibit unauthorized physical access and prevent damage to IT resources. Includes physical and environmental security planning, design, and analysis
Policy and Compliance Management (PCM): Proficient with developing and implementing IT security policies and standards. Involves supporting the monitoring for compliance
Risk Assessment Management (RAM): Experience performing IT security risk assessments. Includes assisting with crafting and carrying out business continuity and disaster recovery plans and in developing risk assessment reports of findings and recommendations for remediation
Security Awareness Training (SAT): Experience assisting in developing, implementing, and evaluating IT security awareness training programs and related materials. Includes assisting in reporting of training compliance
Server Security Management (SSM): Experience in IT server (e.g., email, web, application, and database) security management comprised of implementing upgrades, patches, and updates to operating systems, software applications, and security protection software. Includes configuring server environment to protect the integrity of the system, for example by limiting user rights, disabling unnecessary services, and establishing group policies where applicable
Workstation Security Management (WSM): Experience managing the security of workstation (e.g., desktops, laptops and tablets) and portable devices (e.g., thumb drives and personal digital assistants). Includes implementing upgrades, patches, and updates to operating systems, software applications, and security protection software; establishing group policies and user rights; and disabling unnecessary services where applicable
Benefits
Cafeteria Benefit Plan
Contributory Defined Benefit Retirement Plan
Deferred Compensation & Thrift Plans
13 paid Holidays
Company
Los Angeles County Department of Human Resources
The County of Los Angeles provides those committed to a career in public service with boundless opportunities, a platform for professional and personal growth, and the ability to truly make a difference in people's lives.
10001+ employees
Funding
Current Stage
Late StageLeadership Team
Antonia Jimenez
Deputy Chief Executive Officer
Steve Robles
Assistant Chief Executive Officer Risk Management
Recent News
Press Telegram
2025-02-22
Company data provided by crunchbase