Information Technology Security Analyst
Regular Schedule: 34 hours per week
A vacancy exists in the Office of Information and Technology, Business Applications Unit.
A resume must be submitted with the application.
Non-Merit positions are not classified within the Baltimore County Government Classification and Compensation Plan.
A list of eligible applicants will be established based on the examination as outlined below.
You can attach your transcript(s) or license(s) to your resume.
Failure to submit proof of Licenses, Certifications and Education will result in your resume not being considered.
Examples of Duties
DEFINITION OF RESPONSIBILITY
Baltimore County Government is seeking an IT Security Analyst to join its IT team to provide services within its Access Management group. The IT Security Analyst will be responsible for integrating applications and systems into the County’s Identity Access Management system. Ensuring access to County applications and systems are safeguarded using industry standards. The IT Security Analyst will monitor and audit account usage to prevent unauthorized access, and audit systems for security compliance. Following least privilege principles when creating security roles for both applications and systems.
EXAMPLES OF ESSENTIAL DUTIES
Monitors System Access Request system to ensure appropriate access is provisioned.
Captures application requirements for integrating with provisioning system.
Reduces information security risks to an acceptable level using industry best practices, policies and procedures.
Provides Identity Access Management and Governance for commercial off-the-shelf software packages, County designed applications, as well as State systems.
Provides training to other members of OIT and/or County Staff.
Audits and monitors account usage for all County applications and systems.
Maintains and creates technical documentation and procedures for security tools.
Monitors and maintain endpoint security applications.
Manages the County’s Privileged Access Management appliance.
Integrates County applications and systems into the County’s Identity Access Management system using various authentication protocols (SAML, OAuth, OpenID, etc.).
Performs vulnerability scans against various applications and systems.
Performs investigations on cyber and physical access related issues.
Performs audits of computers systems to ensure compliance to established standards.
Performs other related duties as required.
(NOTE: The duties and responsibilities listed above are for the purpose of determining a common set of minimum qualifications for all positions in this class. They may not include all of the essential job functions of each position in the class. Each position may not be required to perform all of the essential job functions listed.)
Qualifications
Graduation from an accredited college or university with a bachelor’s degree in Computer Science, Information Systems or a related field
PLUS
Five (5) years of directly related experience or equivalent combination of education, experience, training, and certifications.
CISSP, Security+, or any other related certification.
Experience interacting with Identity Access Management platforms such as (SailPoint, Okta, Ping, ForgeRock, Microsoft, etc.).
Experience with SAML integrations and other standards based security protocols.
Experience with integrating business applications, databases, middleware and/or operating systems in an IAM provisioning system, access certifications, reporting, role/entitlement administration, compliance and user administration, authentication & authorization (SSO & MFA).
Extensive experience with Active Directory.
Experience monitoring and configuring a SIEM tool.
Desired Experience
Specific Identity Access Management activities include gathering requirements, designing the application, (Technology and Business) configuring/customizing the tool, change management, working with teams to re-architect environments and applications.
Experience operating and maintaining security tools such as Crowdstrike, BeyondTrust – Remote Access, and Tenable Nessus.
Can demonstrate competence in SQL programming language.
EXAMINATION PROCEDURE
Applicants will be qualified based on an evaluation of their training and experience, as stated on their resume. Applicants must state the dates and duties of past and present experience clearly and completely for evaluation purposes.
Conditions of Employment
New employees are strongly encouraged to get COVID-19 vaccination.
Employees hired after July 1, 2022 are required to participate in the Baltimore County Employees' Retirement System, with very limited exceptions.
Incumbents must be of good moral character and emotionally stable.
Medical Examination and Employment Background Investigation
Applicants selected for an appointment to a position in Baltimore County must successfully complete a physical examination and drug screen and a comprehensive background investigation which includes but not limited to a criminal background check and fingerprinting.
Job candidates may be required to complete an expanded background investigation, polygraph examination, and psychological examination.