Cybersecurity Analyst

Distinguishing Characteristics:

The IT – Cybersecurity Analyst will assist the Director of Governance and Cybersecurity in the design, planning, testing, implementation, and administration of regulatory requirements and industry-wide accepted information cybersecurity principles, practices, and information systems to ensure the protection of information assets processed, stored, or transmitted by the Tucson Airport Authority (TAA) at Tucson International Airport (TUS) and Ryan Airfield (RYN). Ongoing support in the areas of incident response and investigation, vulnerability management, digital analysis and applied research in emerging areas of cybersecurity. Evaluate the effectiveness of information security solutions and processes in place, keeping in mind the state of world events. Monitor for and identify cybersecurity risks and exposures, determine the causes of cybersecurity violations, assess, and implement procedures to halt future incidents. Understand and provide assistance to system users relative to information systems security matters. Participate in a team environment that provides cost-effective IT cybersecurity services to the various departments. Work closely with other areas to insure optimum reliability and cohesiveness.

Essential Functions: 

The following functions and all other functions not included in this job description are to be performed in the best interests and for the greater good of TAA.

• Support and advocate for TAA’s Mission, Vision, Guiding Principles and act as a champion and role-model of TAA’s Cultural Fundamentals.
• Performs security incident response and forensic investigations.
• Follow operational processes in detecting, triaging, and responding to cybersecurity threats.
• Provide analytical and operational cybersecurity support.
• Review alerts, alarms, dashboards, and reports to determine relevancy and urgency of cybersecurity threats, vulnerabilities, and incidents.
• Enterprise IT operational experience - Strong understanding of operating systems, infrastructures, protocols, and applications.
• Responsible for day-to-day security administration of company e-mail applications, key business applications and networks
• Utilize technologies including but not limited to AV, IDS, IPS, MDR, email gateways, and web gateways to detect and respond to cybersecurity threats
• Working knowledge of cyber threat actor tactics, techniques, and procedures (TTPs), including the ability to troubleshoot cybersecurity issues, configurations and incidents across a wide range of devices, and infrastructure environments
• Document and communicate alerts and relevant information for escalation to appropriate teams
• Collaborate with other teams to assess risk and coordinate response based on existing Work Instructions, Department Procedures and Company Policies
• Research, prioritize and differentiate between potential intrusion attempts and false alarms
• Stay up to date with current vulnerabilities, attacks, and countermeasures
• Evaluates new and emerging security technologies, features, and products to determine their application in the protection of TAA information assets
• Performs security analysis, including architecture review, baselines, vulnerability assessments, and risk assessments to proactively identify security risks and exposures
• Ensures change control processes are followed and service levels affected by those changes are maintained.

• Be responsive to airport emergencies and situations that may involve loss of human life or property; support public safety and operational response to emergencies; utilize Incident Management System (ICS)/National Incident Management System (NIMS) protocols and procedures; coordinate and/or participate in after-action emergency de-briefing with appropriate departments and stakeholders.

The above listed functions are not necessarily all the essential functions.  Job duties and functions may be expanded or reduced by management based on future changing needs and job requirements.

Position Requirements: 

• A Bachelor's degree from an accredited four-year college/university with major coursework in Information Technology (IT), Business, Information/Cybersecurity.
• Industry certifications (i.e. GSEC or CISSP) or equivalent experience of five or more years in an information security discipline.
• TAA will consider any equivalent combination of experience and training that provides the necessary knowledge, skills, and abilities sufficient to demonstrate aptitude for the position.

Required Knowledge, Skills, and Abilities:

      Knowledge of:

• Anti-Virus, Spam and Malware Tools, Management and Administration
• Application Security Architecture & Cloud Computing Concepts
• Change & Security Configuration Audit and Control
• Firewall Management and Administration
• Hardware/software Security Testing and Evaluation
• Intrusion Detection/Prevention
• Incident Response Practices and Procedures
• Computer Forensic Practices and Procedures
• Layer 2 and 3 routing and switching protocols (TCP/UDP, IPv4, IPv6, OSPF, etc.)
• Security Information & Event Management (SIEM) and Logging
• Scripting Languages, such as PowerShell
• VOIP Technology Security
• VPN’s (Virtual Private Networks) and SSL
• Vulnerability Assessment Practices/Technology (i.e. Operating Systems, Network, Application, Database, and Web)
• Wireless Security Infrastructure
• Security Industry Standards, such as ISO, NIST & FISMA
• Regulatory Requirements of TSA Mandates, SOX, HIPAA, PCI DSS and other applicable regulations
• Information Security Awareness Programs and Communications
• Information Security Policy and Standards
• Information Security Risk Assessment

Skill in:

• Critical thinking, analyzing complex security problems and making sound recommendations or taking prudent actions.
• Configuring, maintaining, managing and tuning the operations of complex cybersecurity systems to achieve optimal technical capabilities.
• Preparing clear, concise, and accurate documentation, procedures, playbooks, reports, and other written materials.
• Communicating to establish and maintain professional effective customer focused working relationships with managers, vendors, consultants, employees and others.

Ability to:

Environmental Requirements

• Work primarily in a typical, temperature controlled administrative office setting in a semi-enclosed workspace.
• At times, work in a high noise environment and periodically in outdoor conditions.

      Mental Requirements

• Have the ability to learn and understand complex principles and techniques.
• Remain focused and decisive in stressful situations using sound judgement and perform tasks with a high degree of accuracy, attention to detail, and function in a fast-paced work environment with deadlines and multiple projects.
• Understand and apply technology principles to evaluate, operate, troubleshoot complex systems hardware, software, or other problems and make repairs or recommend actions to solve or prevent problems.
• Work independently or collaboratively in a team environment with limited instruction/supervision.
• Research information and organize data in a meaningful way to facilitate problem solving and decision making.

Physical Requirements

• Perform tasks with a full range of bodily movements, including lifting (up to 50 pounds), pushing, standing (for periods of two to three hours at a time), walking, reaching bending, kneeling, twisting, and crawling.
• Perform work in a confined space that may require regular and prolonged bending, working on irregular surfaces, and pulling/pushing job related material or equipment.
• Climb and work while on a ladder.
• Hear and communicate using the telephone, cell phone, or radio with sufficient clarity to be understood by others.
• Read, write, and speak the English language in an articulate and fluent manner.

General

• Represent TAA effectively in meetings on a variety of technology issues.
• Maintain a discreet and professional sense of confidentiality. Understand that dissemination of information outside of the job requirements is based on "need-to­ know."
• Prepare clear, concise, and comprehensive technical reports and other written materials.
• Establish and maintain effective working relationships with department personnel, other TAA personnel, representatives of other agencies, the local business community and the public and airport users.
• Use Microsoft Office software, computers, and other office equipment.

Licenses; Certificates; Special Requirements:

• A valid Arizona Driver's license.
• Meet and maintain the ability to drive personal or airport vehicles and obtain authorization to access the non-movement areas on the AOA (Air Operations Area).
• Must obtain and maintain access to the Secure Identification Display Area {SIDA).
• Successfully complete the National Incident Management System (NIMS) 100, 200, 700, and 800 course requirements and certification within the first year of assuming the position.
• Successfully complete one (1) relevant cybersecurity certification within the first year of employment, example CompTIA CySA+, CISSP, CEH, CISM, GSEC, Cisco Certified CyberOps Associate, or CCSP.
• As an employee, you are deemed to be essential personnel as part of TAA's emergency response and must respond to airport incidents as requested/required.
• Will serve at the pleasure of the President/CEO and is not covered under the appeals process.