Job Details

General Summary: Under general direction, the Information Security Analyst - Defender assists with the operations of the Agency's Information Security program for its technology assets with a dedicated focus on MSFT Defender for Identity and Office 365. The Information Security Analyst's role is to support service owners and system owners in ensuring the confidentiality and integrity of information systems and data across the entire organization. The Information Security Analyst performs three core functions for the Agency. The first is the day-to-day operations for Defender for Identity and Office 365 while the second is the identification, investigation and resolution of security events detected by those systems. The third function consists of implementing security configurations on the Defender and 365 products, which requires extensive knowledge and experience with both. The analyst is expected to be fully aware of the Agency's security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals On-call availability is required as a member of the Information Security Incident Response Team.

Essential Functions: Configuration of security functionality and operation of MSFT Defender for Identity, Security Incident Response support.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Research and recommend additional security processes or enhancements to existing security solutions to improve the overall security posture of the Agency. Specially with MSFT Defender for Identity and Office 365
• Perform the deployment, integration, and initial configuration of MSFT Defender for Identity and Office 365 in accordance with standard best operating procedures generically and the enterprise's security documents specifically
• Maintain up-to-date baselines for the secure configuration and operations for MSFT Defender for Identity and Office 365
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution. Participate in investigations into problematic or suspicious activity.
• Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
• Provide on-call support for Information Security Incident Response activities.
• Inform and train staff members on their responsibilities concerning information security procedures.
• Support the administrated processes to maintain compliance with regulatory obligations (e.g., DOL.) • Assist with ensuring that agency technology assets, systems, services, and facilities are compliant with information security procedures
• Participate in ongoing information security education, awareness and outreach activities as required.
• Monitor threat intelligence and other available information to proactively enhance the Agency's security posture.
• Demonstrates Sound Transit's Values in every interaction

Special / Additional Qualifications (Over Role/ Category Level)
Education & Experience: Bachelor's Degree in computer science, information technology, business administration, engineering, or closely related field and five years of information technology experience with a focus on IT Security, Risk Management, Data Protection or Compliance, OR an equivalent combination of education and experience.
• At least 4 years of systems security and administration experience with MSFT Defender products include Identity and Office 365.

Required Licenses or Certifications:
• One or more of the following certifications: o Certified Information Systems Security Professional (CISSP) (strongly preferred). o CompTlA Security+ o GIAC Information Security Fundamentals. o Microsoft Certified Systems Administrator: Security.
• Associate of (ISC)2.
• ITIL and Project Management certification a plus.

Specific Qualifications, Knowledge, and Skills:
• Experience performing routine work within MSFT Defender for Identity and Office 365.
• Experience responding to Information Security incidents and events.
• Experience utilizing security software and tools, including (but not limited to): CrowdStrike endpoint protection, Microsoft Defender, and SIEM.
• Strong command of system administration tools (Windows/Linux).
• Experience with security administration of cloud platforms (Microsoft 365).
• General knowledge of the NIST 800 series standards and the ISO 27001/2 frameworks.
• Demonstrated work experience conducting system security assessments, control analysis, risk assessment, vulnerability assessments or penetration tests.
• Strong understanding of information security threats and vulnerabilities.
• Strong understanding of and experience with security-related technologies, systems, and tools.
• In-depth understanding and experience with various attack vectors and their effect on technologies.

Required Skills:
• Technical skills proficiency in the following areas: security information event management, network protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols), system administration, malware (propagation, infection, types), intermediate knowledge of network security controls and technologies (proxy, firewall, IDS/IPS, router/switch, open-source information collection platforms), cryptography, Microsoft Active Directory.
• Proven competency in the use of MS Office applications (Word, Excel, PowerPoint, SharePoint, Teams).
• Strong work habits, time management and self-organization.
• Excellent communication skills (verbal/written), including the ability to provide technical reports.

Physical Demands/Work Environment:
• Work will be performed vi remote office.

Sound Transit promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required. It is the responsibility of all employees and temporary staff to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees.