Information Security Engineer/Analyst III

About The Position

Requirements

• Experienced – You have three (3) years of experience in Information Technology and/or Security.
• Committed to Equity – You will apply equity and exemplify shared values, behaviors, and practices in all aspects of the work. At the Port of Seattle, equity is a daily responsibility and a foundational expectation for all Port employees.
• Problem Solver – You have strong analytical and planning skills and can use critical thinking, logic, and reasoning to evaluate strengths and weaknesses to identify the most appropriate solution.
• Knowledgeable – You can use, implement, manage, and/or provide configuration guidance on a variety of security technologies. You can advise on, implement, and maintain security controls and policies that are aligned with compliance and regulatory framework requirements such as Criminal Justice Information Services (CJIS), the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Security Modernization Act (FISMA), and General Data Protection Regulation (GDPR), as well as the requirements for securing sensitive data.
• Collaborative – You have well-developed skills in cross-departmental coordination, including understanding other groups’ technical needs and collaborate for mutual benefit. You can work closely with a variety of internal and external stakeholders to resolve strategic issues.
• Effective Communicator – You can communicate, both orally and written, complex technical concepts effectively with technical and non-technical stakeholders, decision-makers, business partners, and team members.

Nice To Haves

• Desired – We hope you have the following licenses/certifications: (ISC)² Certified Information Systems Security Professional (CISSP), SANS GIAC (Global Information Assurance Certification), CompTIA Advanced Security Practitioner (CASP+), and/or ISACA (Information Systems Audit and Control Association) Certified Information Security Manager (CISM).

Responsibilities

• Identify, analyze, and mitigate security threats to the Port’s networks, systems, and data.
• Create end-user training content related to information security and cybersecurity and effectively facilitate trainings for diverse audiences.
• Lead efforts to assess, influence, recommend, deploy, and integrate medium to large or complex cybersecurity solutions.
• Partner with Legal and other stakeholders to support record retention and e-discovery needs.
• Deliver cybersecurity portions of large project implementations, including threat models, cybersecurity risk assessments, vulnerability scanning, system security design documentation, and third-party security testing reports.
• Detect and respond to advanced threats, threat actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data.
• Engage in incident response activities and ensure the Port’s data and infrastructure are protected by enabling appropriate security controls.
• Develop and maintain Information Security policies, procedures, guidelines, and standards, including developing access control policies, incident response plans, and other security-related documentation.
• Provide mentorship, training, and professional development for Information Security Engineer/Analyst Levels I and II.