Senior Product Security Assurance Analyst (term-limited)

Sound Transit•Seattle, WA

1d•$81,000 - $180,000•Hybrid

About The Position

Under general direction, the Security Assurance Analyst assists with the operations of the Agency’s Information Security program for its technology assets. The Security Assurance Analyst plays a critical role in safeguarding the agency’s digital assets by conducting individual system audits, assisting in vulnerability management tasks, security control configuration management, and other security assurance efforts required to ensure major systems and applications comply with internal security controls and industry requirements. This position requires technical expertise, critical thinking, and the ability to collaborate across teams to ensure a resilient security posture. This is a term limited position of 5 years.

Requirements

Bachelor’s Degree in Computer Science, Information Technology, Engineering, or closely-related field.
Five years of general information technology experience with a focus on IT Security, Risk Management, Data Protection or Compliance; Or an equivalent combination of education and experience.
One or more of the following certifications (valid and current): Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) CompTIA Security+ Any relevant GIAC Certified Cybersecurity Operations Analyst (CCOA) Associate of (ISC)2
Strong command of and familiarity with modern security technologies, including (but not limited to) SIEM, SOAR, EDR, Vulnerability Scanning, PIM, PAM, certificate management, DLP.
Strong understanding of information security assurance.
Understanding and functional command of relevant security controls for financial and business critical systems.
Familiarity with Microsoft’s security technologies and products.
Experience with cybersecurity auditing and consulting.
Understanding of Zero Trust architecture and modern security frameworks.
Working technical knowledge of general IT system architectures, software, hardware, protocols, and standards.
Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint) as well as general proficiency with software applications in general
Ability to work independently and manage multiple priorities.
Effective workload prioritization and self-organization
Effective project management skills.

Nice To Haves

ITIL
Project Management
Knowledge of scripting or automation (Python, PowerShell).
General knowledge of the NIST 800 series standards and the ISO 27001/2 frameworks.

Responsibilities

Conduct security reviews of systems and applications to ensure they follow internal requirements and industry standards (ISO 27001, NIST, etc.).
Support internal and external audits of agency-wide applications through ongoing collection, validation, and organization of compliance evidence.
Lead/Manage focused penetration testing, code analysis, segmentation testing, etc.
Conduct system-specific vulnerability assessments.
Translate agency security policy into actionable product-level requirements.
Support security incident response activities.
Advise on security control requirements for ongoing technology implementations.
Manage vulnerability remediation efforts.
Participate in the creation and management of information security governance documents (policies, standards, baselines, guidelines, and procedures).
Review system architecture and design documents for principles of security by design.
Ensure adherence to secure coding, encryption, and data handling standards for new applications.
Track relevant assurance program metrics.
Prepare regular reports on relevant metrics for different stakeholders.
Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Assist with ensuring that agency technology assets, systems, services, and facilities are compliant with information security procedures.
Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency.
Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit’s Equity & Inclusion Policy.
It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees.
It is the responsibility of all employees to integrate sustainability into everyday business practices.
Other duties as assigned.

Benefits

Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner.
Long-Term Disability and Life Insurance.
Employee Assistance Program.
Retirement Plans: 401a – 10% of employee contribution with a 12% match by Sound Transit; 457b – up to IRS maximum (employee only contribution).
Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
Parental Leave: 12 weeks of parental leave for new parents.
Pet Insurance.
ORCA Card: All full-time employees will receive an ORCA card at no cost.
Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses.
Inclusive Reproductive Health Support Services.
Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you’ll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues.