Johnson County Wastewater · 19 hours ago
Security Analyst III
Olathe, KS, US
Full-time
Hybrid
Senior Level, Lead/Staff
8+ years expJohnson County Government is committed to serving a diverse community and is seeking a skilled and experienced Security Analyst III to join their Department of Technology and Innovation. The role focuses on maintaining and enhancing security posture, with responsibilities including leading security initiatives, developing security policies, and ensuring compliance with regulations.
Utilities
Responsibilities
Strengthen the county’s security posture through technology evaluation and process improvement
Optimize Microsoft Defender for Office 365 Plan 2 capabilities, including advanced threat protection, phishing detection, and automated investigation and response, to enhance email security posture
Develop and maintain security automation workflows to streamline vulnerability management and incident response using tools such as custom scripting, Microsoft Defender for Office 365 Plan 2, and SIEM/SOAR platforms
Lead and execute web application penetration tests, identifying vulnerabilities in custom and third-party applications, and working with development teams to remediate findings
Conduct and analyze vulnerability scans and penetration tests across infrastructure and applications
Collaborate with other teams within the Department of Technology and Innovation to standardize and improve security processes across all business units
Conduct reporting and auditing of Identity and Access Management
Identify and analyze current and evolving threats and vulnerabilities, especially those targeting web applications
Ensure compliance of enterprise IT architecture with federal health, privacy, and financial regulations
Conduct comprehensive risk assessments of the current environment and proposed changes to the hardware and software stack to identify potential security vulnerabilities and ensure alignment with organizational security standards
Develop and document security policies and procedures aligned with industry best practices and emerging threats
Lead security projects, including the deployment of new technologies and tools for application security testing
Analyze and respond to security incidents, advisories, and alerts
Promote secure development practices and provide guidance to developers on secure coding
Work with end users to address business functionality needs while ensuring secure methodologies
Train end users and promote security awareness for improved system security and efficiency
Monitor and manage security-related contracts and tools
Utilize forensic tools for data collection and incident response
Participate in on-call rotation
Qualification
Required
Bachelor's degree in Information Technology or relevant field
8+ years of experience in information technology
5+ years of experience in information security, including risk analysis and management
Analytical skills, including the ability to research, interpret data, conceptualize data, analyze information, and write formal recommendations based on findings
Hands-on experience with Microsoft Defender for Office 365 Plan 2, including configuration, policy management, and automated investigation and response
Demonstrated ability to design and deploy automated security workflows for incident response and vulnerability remediation
Experience in threat hunting using SIEM and EDR tools on Windows and Unix systems
Comprehensive understanding and substantive experience in network systems engineering, computing systems and software applications
Demonstrated expertise in web application penetration testing, including manual and automated testing techniques, OWASP Top 10, and secure development lifecycle practices
Experience with tools such as Burp Suite, OWASP ZAP, Metasploit, and custom scripts for web app testing
Experience working in a change-controlled environment
Experience working with: Network and security management software, Network analysis tools, Scripting languages including UNIX command line utilities, Vulnerability Management tools, Layer7 firewalls (NGFW), Vendor access systems, Active Directory, Log management tools, Network Security monitor tools
Strong interpersonal and collaboration skills
Curiosity and a proactive approach to problem-solving
Written communication skills, including business writing, report writing, summarizing, and editing skills
Oral communication skills, including presentations to: individuals, small groups, and large groups
Facilitation skills, including ability to use group decision making to gain commitment and/or ability to encourage participation
Preferred
3+ years of experience driving automation initiatives to reduce manual effort and improve response times for phishing, malware, and other email-based threats
3+ years of experience in project management
Familiarity with IT security standards (ISO, NIST) and regulatory frameworks (CJIS, HIPAA, PCI)
Experience implementing security control frameworks such as the Center for Internet Security (CIS) Benchmarks and/or Security Technical Implementation Guides (STIGs) to ensure system hardening and compliance
Experience supporting Microsoft business applications (Active Directory, Exchange, Azure, Entra, Purview, Defender for Office)
Experience working with SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems)
Experience using network analysis tools, scripting languages including UNIX command line utilities, software vulnerabilities, exploits and malware
CISSP certification
Benefits
Full Benefits
Wonderful benefits
Retirement plans
Wellness incentives
Great organizational culture
Company
Johnson County Wastewater
Johnson County Wastewater (JCW) is responsible for the safe collection, transportation and treatment of wastewater generated by our community.
201-500 employees
Funding
Current Stage
Growth StageCompany data provided by crunchbase