IT Security Analyst II (X)

Salary: $61,641.06 – $104,789.62 Annually

Location : City of Las Vegas, NV

Job Type: Full-Time

Job Number: 23JUN80022-O

Department: Department of Innovation and Technology

Division: IT – Computer Services

Opening Date: 06/28/2023

Closing Date: 7/12/2023 3:00 PM Pacific

Bargaining Unit: APPT

About the Position
Career Opportunity
The City of Las Vegas invites applications for IT Security Analyst II. This Positionperforms professional information security work enforcing information security practices and protocols. Maintains and helps deploy the city’s cybersecurity platform and solution efforts as well as perform network and host threat assessments to identify, evaluate and mitigate security risks, threats and vulnerabilities. Works with the city staff to develop action plans to mitigate identified vulnerabilities and promote security initiatives. Participates in team activities, including threat management, vulnerability management, assessments, incident response, disaster recovery planning, and network security monitoring.

Distinguishing Characteristics

IT Security Analyst I: This is the entry-level class within the Security Analyst series. Employees within this class are distinguished from the Security Analyst II by the amount of cyber security experience an individual has, as well as the performance of more routine tasks and duties. This class may be used as a training class, wherein employees have limited cyber security experience, and therefore receive instruction and assistance in cyber security principles, techniques and practices.

IT Security Analyst II: This is the second class within the Security Analyst series. Employees within this class are distinguished from the Security Analyst I by the performance of the full range of duties as assigned, including more complex research assignments. Employees at this level receive only occasional instruction or assistance as new or unusual situations arise, and are fully aware of the operating procedures and policies of the work unit.

Supervision Received and Exercised

Receives direction from the Information Technologies Section Manager.

SELECTION PROCESS: The selection process will include a review of all applications with only the most qualified participating in an interview. Final candidate selection will include hiring interview (if applicable). Any individual offered employment will be required to pass a pre-employment drug test and complete background check. Some positions may require preliminary background checks.

Note: Effective with pay period beginning July 23, 2023, employee pay rates will be reduced by 1.875% due to increase in NVPERS contribution.
EXAMPLE OF DUTIES
Essential Functions:

1. Work at the direction of the IT Section Manager to improve information security for the city.
2. Install, configure and administer security systems and tools.
3. Conduct proactive research to identify and understand new threats, vulnerabilities, and exploits. Provide recommendations to management concerning cyber security issues.
4. Perform security scans of network devices and systems.
5. Analyze logs to improve system and network performance, isolate and detect failures, and identify security vulnerabilities or malicious activity.
6. Respond to security incidents and report on incident handling and resolution.
7. Provide Incident Response (IR) support when analysis confirms actionable incident.
8. Create and maintain documentation of information security policies, procedures, reports, processes and diagrams.
9. Participate in developing and implementing departmental and citywide policies elating to cyber security and compliance topics. Assist with the enforcement of security policies and procedures by monitoring system activity.
10. Review security violation reports and investigate possible security exceptions.
11. Provide analysis of information security related events and incidents; independently address cyber security events as needed in order to prevent further compromise of technical assets and data.
12. Provide threat and vulnerability analysis as well as security advisory services.
13. Analyze and respond to previously undisclosed software and hardware vulnerabilities.
14. Investigate, document and report on information security issues and emerging trends, including current or proposed legislation, laws and regulations related to information security to determine applicability and impact to city operations.
15. Provide assistance to audits, Human Resource, and legal compliance areas as related to risk assessment.
16. Serve as primary contact for cyber security investigations; coordinate and provide assistance to internal and external staff and agencies.
17. Support and assist the development of baseline infrastructure and application hardening guides based on industry best practices.
18. Collaborate with technology and business teams to ensure that the implementation of new technologies and security solutions can be supported and that they are in alignment with security architecture, industry best practice, principles of secure design, and business strategies.
19. Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates.
20. Performs related duties and responsibilities as required.

MINIMUM REQUIREMENTS
IT Security Analyst I
Experience:

Three years of general IT experience. Experience working specifically in IT security is desirable.

Training:

Bachelor’s degree from an accredited college or university with major in computer science, telecommunications, management information systems or related fields. May substitute a combination of equivalent education and related experience. The city assesses 1.5 years of fulltime experience as equivalent to one year of education.

License or Certificate:

One or more of the following certifications (or equivalent) is required on the date of application:

• CompTIA Security+
• Certified Ethical Hacker (CEH)
• Global Information Assurance Certification Security Essentials Certification (GSEC)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

IT Security Analyst II
Experience:

Two years of cyber security experience. Experience with at least one of the following is required: PCI-DSS, HIPAA, NCJIS, or PII.

Experience with project management in an IT environment is desirable.

Training:

Bachelor’s degree from an accredited college or university with major in computer science, telecommunications, management information systems or related fields. May substitute a combination of equivalent education and related experience. The city assesses 1.5 years of fulltime experience as equivalent to one year of education.

License or Certificate:

One or more of the following certifications (or equivalent) is required on the date of application:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

KNOWLEDGE, SKILLS, AND ABILITIES
IT Security Analyst I

Knowledge of:

Microsoft Word, Project, Excel, PowerPoint and Visio.
Basic understanding of systems including but not limited to Windows, Unix and virtualization technologies.
Basic understanding of network switches, routers and firewalls.
Basic knowledge of Windows, Red Hat Linux and Oracle Linux operating systems.
Basic knowledge of various security methodologies and processes, and technical security solutions, such as firewall and IDS/IPS, anti-virus, and spam filtering.
Common Internet protocols and applications.

Ability to:

Treat confidential information with the highest degree of confidentiality and discretion.
Advise users in the application of security processes.
Work under pressure, and meet deadlines individually and collaboratively.
Think logically, assess problems, and be results-oriented.
Exercise independent judgment and discretion when dealing with cyber security events, particularly during off hours when management personnel may not be available to provide direction or feedback.
Quickly learn and understand new technologies.
Communicate effectively, both orally and in writing, to interact with team members, customers, management and support personnel (technical and non-technical).
Communicate clearly and concisely, both orally and in writing.
Establish and maintain effective working relationships with those contacted in the course of work.

Competencies:

Core Workforce Competencies

Professionalism – Demonstrates core values by being honest, respectful and positive.

Effective Communication – Expresses verbal and written thought in a clear and understandable manner.

Customer Focus – Demonstrates genuine concern and satisfies external and/or internal customers based on the CLV core purpose and values.

Adaptability – Able to effectively modify behavior to suit changing workforce demands.

Problem Solving – Solves problems by considering all causes, solutions and outcomes.

Productive Partnerships – Develops, maintains and strengthens partnerships with others.

Technical and Safety Expertise – Possesses a depth of knowledge, skill and ability in a technical (job) area.

IT Security Analyst II

In addition to the qualifications for IT Security Analyst I:

Knowledge of:

Advanced understanding of systems including but not limited to Windows, Unix and virtualization technologies.
Advanced understanding of network switches, routers and firewalls.
Tools such as PowerShell, Nessus, Nmap, tcpdump.
Advanced knowledge of Windows, Red Hat Linux and Oracle Linux operating systems.
Advanced knowledge of various security methodologies and processes, and technical security solutions, such as firewall and IDS/IPS, anti-virus, and spam filtering.
Various security infrastructure components (e.g. firewalls, SIEM, NAC, end point protection etc.).
TCP/IP Protocols, network analysis, and network/security applications.
Pertinent federal, state and local laws, codes, regulations.

Ability to:

Prepare and present technical and management reports.
Prioritize multiple tasks and switch between tasks quickly.

CITY OF LAS VEGAS, NEVADA

Appointive Compensation and Benefits – 2023

COMPENSATION

Annual Base Pay Increases

• Employees are eligible for annual performance-based merit increase or cash bonus, typically in first pay period of fiscal year.
• City Manager and City Council may approve annual cost of living increase.

BENEFITS

Uniform Allowance

• Applies to uniformed appointives in Fire & Rescue, Public Safety, and Municipal Court, currently $1,500/year

Retirement

• Eligible employees participate in the Public Employees’ Retirement System of Nevada (PERS). PERS, a statewide defined benefit plan, calculates retirement benefits based on 2.25 percent (current percentage for employees hired 7/1/15 and after) for each year of service, applied to the employee’s highest consecutive 36-month average salary. PERS also requires that employees share 50 percent of the PERS contribution, which is implemented by reducing the City’s salary ranges. The highest consecutive 36-month average salary is increased commensurate with the salary range reductions required by PERS.

Deferred Compensation Plan

• The city offers a 457(b) Plan, a government deferred compensation plan similar to a 401(k) plan. It offers both pre-tax and after-tax savings and investment options.

Deferred Compensation Match

• City provides a 100% match annually (on a per pay period basis) to your contributions, up to the following amounts in a 401(a) plan –

o Years 1-2 (0-24 months)* $4,000
o Years 3-4 (25-48 months)* $5,000
o Year 5 (49-60 months)* $6,000
o After 5 years (>60 months)* $6,000

*Years of service in Benefits Plus Tiers I, II, and III combined

• Employees are fully vested in the match after 5 years of service or at age 65.

Medical, Dental and Vision Insurance

• Employees are covered the first of the month following date of employment. Five medical plans, two dental and two vision plans are available. City pays 100% of employee premium + 50% of dependent premium.

Life and AD&D Insurance

• City provides $100,000 insurance at no cost.
• Additional voluntary life insurance and AD&D insurance available for purchase.

Disability Insurance

• City provides long term and short term disability policies:

o STD
• City pays 100% of base salary, for up to 90 days of an approved medical disability leave lasting over one week under STD, from first day of disability
• City pays 100% of base salary for a period over 90 days, if employee has applied for long term disability or PERS disability retirement, until a determination is final or employee is separated

Note: Public Safety Appointives are not eligible for City STD benefits.

o LTD: Benefits may begin after 90 days of an approved disability leave. Payment is up to 60% of earnings, up to $11,000/month, and may not be supplemented with sick or vacation.

Tuition Reimbursement

Employee Assistance Program

Annual Health & Wellness Reimbursement

• Employees may apply for reimbursement up to $2,400 per year for out of pocket health & educational wellness expenses. Reimbursement amounts may also be used for STEAM (Science, Technology, Engineering, Arts, and Mathematics) college classes and student loan repayments for the employee and immediate family members.

ANNUAL PHYSICAL EXAMS

• Employees covered by a City health plan and their covered spouse and dependents over age 18 are eligible for a comprehensive wellness physical exam annually at no cost to them at WellTrac.

VACATION

• Year 1: 3.69 hours/pay period = 96 hours/year
• Years 2 – 5: 5.85 hours/pay period = 152 hours/year
• Years 6 – 10: 7.08 hours/pay period = 184 hours/year
• Years 11 – 15: 7.69 hours/pay period = 200 hours/year
• Year 16 and over: 8 hours/pay period = 208 hours/year
• Maximum Accrual: 250 hours, no accrual beyond that point (Public Safety Appointive (PSA) group retains 2 times annual accrual max)
• Sell Back: Annual leave may be accumulated to a maximum of 250 hours; no accrual beyond that point. June and December sell-back, must leave balance of 40 hours.

HOLIDAY

• City provides 12 holidays plus a birthday holiday.

SICK LEAVE

• Sick Leave Accrual: 4 hours / pay period = 104 hours/year
• Sick Leave, maximum accrual: 480 hours; no accrual beyond that point (Public Safety group retains 840 hours max with continual accrual)
• Sick Leave, annual buy-back: None (Public Safety group retains annual buy-back)
• Sick Leave payout at separation: None (Public Safety group retains 50% payout between 5 and 20 years of service, 100% payout over 20 years of service)

RETIREE HEALTH AND LIFE INSURANCE

• Available for purchase- retiree pays full cost of premium.

NOTE: The City’s Benefits programs can be amended, reduced or eliminated at any time with or without notice as a management prerogative.

Revised 01/2023

01

Each applicant must complete this supplemental questionnaire as a part of the application screening and selection process. The information you provide will be reviewed and used to determine your eligibility to move forward in the selection process. Incomplete responses, false statements, omissions, or partial information may result in DISQUALIFICATION from the selection process.

• Do you agree to answer each supplemental question truthfully and that your responses can be verified from information included within the application?

02

The city of Las Vegas does not accept resumes in lieu of a completed employment application. Qualifying education and experience, including city of Las Vegas employment must be clearly documented in the Education and Work Experience sections of the employment application. DO NOT substitute a resume for your employment application or write “see attached resume” on your application.

• I understand my resume will not be accepted in lieu of a completed employment application.

03

What level of degree do you have from an accredited college or university?

• No Degree/High School Equivalent
• Associates Degree
• Bachelors Degree
• Masters Degree
• Doctoral Degree

04

Please disclose the discipline of your degree. Type N/A if you do not have a degree.

05

How many years of Cyber Security experience do you have?

• No Experience
• 1 Year
• 2 Years
• 3 to 5 Years
• 5 to 7 Years
• 7 to 9 Years
• More than 9 Years

06

Which of the following do you have experience with? (Select all that apply)

• PCI-DSS
• HIPAA
• NCJIS
• PII
• I do not have experience with any of these.

07

Please describe your experience with the selections you made in question 5. Be sure to note the years of experience you have with them.

08

At the date of this application, which fo these Certifications do you have? (Please attach a copy of your certification to your application)

• CISSP
• CISM
• CISA
• I do not have any of these Certifications

09

Do you have any project management experience within and IT environment?

• Yes
• No

10

If you answered yes to question 8 please describe your experience below. (If this does not apply to you please type NA.)

Required Question