Cyber Security Analyst

City of Myrtle Beach•Sc, SC

8h•Hybrid

About The Position

The purpose of this classification is to perform technical work to support the City’s cybersecurity initiatives, including maintaining and monitoring systems, training users, tracking and correcting security vulnerabilities, assisting users with technology requests, running system updates and upgrades, and performing backups. The work is light work. The employee is frequently required to apply 10 pounds of force to move objects. The employee is occasionally required to exert up to 20 pounds of force to move objects. Additionally requires: climbing, hearing voices, lifting, manual dexterity, mental acuity, reaching, speaking, expressing ideas by the spoken word, visual acuity in data/color/inspect defects or measurements, and walking. Work is performed both indoors and in the field. Work is performed part of the time working in an environment where errors on this job can lead to significant physical or mental consequences for self or others. The City of Myrtle Beach has the right to revise this job description at any time. This description does not represent in any way a contract of employment.

Requirements

Bachelor’s degree in cybersecurity, computer technology, computer programming, or a related field; or Vocational/Technical degree with training emphasis in cybersecurity, computer technology, computer programming, or a related field with two (2) years of experience in cybersecurity or a related field; or A combination of high school diploma or equivalent, five (5) years of experience in cybersecurity or a related field, and industry standard certifications such as A+, Network+, Security+, CISSP, CEH, CySA+, Etc.
Knowledge of technological trends and developments in the area of information security, risk management, web architectures, and cloud computing.
Knowledge of IT technologies including: ISO/IEC 7498-1, Routing and Switching in LAN/WAN architectures, WLAN , Radius, Firewalls, SSO/ SAML , SaaS/Cloud Services, Identity Access Management, SDLC , Microsoft Technologies (Active Directory, IIS, ISA, DNS, SQL), and Linux.
Knowledge of vulnerability management, SIEM and Log Management, file integrity, proxy servers, DLP, IPS/IDS, VPN, PKI, multiple-factor authentication, and cryptography.
Knowledge of customer service principles.
Knowledge of project management.
Knowledge of management principles.
Skill in analyzing and solving problems.
Skill in organizing.
Skill in communicating, both verbally and in writing.
Skill in developing and delivering presentations.
Skill in influencing others.
Skill in persuading.
Skill in calculating decimals, percentages, and fractions; and interpreting graphs.
Ability to frame security and risk-related concepts to both technical and nontechnical audiences.
Ability to evaluate, audit, deduce, and/or assess data using established criteria.
Ability to Coordinate activities of a project, program, or designated area of responsibility.
Ability to operate, maneuver and/or control the actions of equipment, machinery, tools, and/or materials used in performing essential functions.
Ability to utilize a wide variety of reference, descriptive, and/or advisory data and information.
Ability to interpret instructions furnished in written, oral, diagrammatic, or schedule form.
Ability to exercise independent judgment to adopt or modify methods and standards to meet variations in assigned objective.
Ability to exercise judgment, decisiveness and creativity in situations involving evaluation of information against measurable or verifiable criteria.
Ability to pay attention to details.
Ability to gather information informally and formally before taking action.
Ability to facilitate effective brainstorming.
Ability to quickly learn new technology.

Responsibilities

Maintains Active Directory, Microsoft 365, Entra, INFOR, and other various system accounts.
Manages and audits Multi-Factor Authentication (MFA) and Conditional Access policies within Entra ID to ensure secure remote access.
Create and maintain Active Directory scripts and GPOs (Group Policy Objects) to enforce city policies.
Audits and validates the integrity and security of system backups to ensure immutable recovery points during incident response.
Oversees and maintains regulatory compliance with various policies, including but not limited to HIPAA, PCI, CJIS, Etc.
Performs event analysis through the use of Security Information and Event Management (SIEM) software and open source tools.
Conducts regular log reviews and proactively hunts for indicators of compromise (IoCs) within the environment.
Deploys, upgrades, reclaims, and troubleshoots Network Intrusion Detection Systems (NIDS).
Investigates, documents, and reports on information security issues and emerging trends.
Provides incident response, digital forensic preservation, and initial triage during security incidents.
Performs network vulnerability assessments to identify vulnerabilities or confirm compliance with security standards.
Evaluates the intelligence of data collected from a variety of cyber defense tools (including but not limited to IDS alerts, firewalls, network traffic logs) to analyze events in networks.
Recommends and applies security controls throughout the city’s infrastructure, utilizing a risk-based approach.
Develops and conducts user training on security best practices.
Writes and revises user training manuals.
Performs other related duties as assigned, requested, and required.