Job Details

Position Title: Information Security Analyst (Reg FT)

Department: ITS Field Operations

Campus: Office of College Services

Additional Information: This position will remain open until filled. However, in order to ensure consideration for an interview, please submit your completed application, cover letter and resume by no later than August 16, 2019. The College cannot guarantee that application materials received after this date will be considered or reviewed.

Benefits:  CCAC offers an exceptional benefits package. Highlights include an excellent health plan with very low out-of-pocket expense network option, generous time off and holiday pay, a 403b retirement plan with up to 10% employer match or other options through the State’s retirement defined benefit pension system, free employee parking, public service (student) loan forgiveness eligible employer, and employer paid benefits including group life insurance, short-term and long-term disability insurance, and flexible spending accounts.

Work Hours (for hourly positions): M - F 8:00am - 5:00pm overtime as needed per project assignments Additional hours, including evening and weekend hours, may be needed to meet the needs of the department.

Salary Grade: Admin 15 - $56,912

Job Category: Administrators

Employment Type: Regular Full-Time

Job Slot: 5811

Job Open Date:  8/16/2019

Job Close Date: 

General Summary:  The Information Security Analyst will be primarily responsible for the daily activities surrounding information security monitoring and incident management processes. This includes vulnerability management, security information and incident management, threat mitigation and related processes that are identified in the college’s information security policies and procedures. Its primary function is to focus on daily operational information security operations.

Requirements:  A Master's degree in Information Security with 1 year work experience or Bachelor’s degree in Information Science with at least three years of work experience or Associate degree in Information Science or related field and at least five years of work experience in information security protection, detection and response processes. Hands-on experience with Windows platform is required, and Linux and open source security tools expertise is desired. Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues in a fast-paced environment. Excellent written and oral communication skills. Ethical hacker certification or willingness to get certified.


1. Provide ongoing protection, detection and response services for college information resources and digital assets as identified in the college’s information security program and strategic plan.
2. Review, maintain, update, and recommend using a cloud computing checklist of all (SaaS, IaaS, PaaS) and other third party hosted CCAC resources.
3. Monitor, identify, and analyze security risks to determine their impact and relevance to the college’s assets. Conduct research, analyze data, reach conclusions, and make recommendations.
4. Analyze potential information security events to determine if these events qualify as legitimate security incidents and follow through incident management protocol as necessary.
5. Initiate escalation procedures to counteract potential threats/vulnerabilities; appropriately inform related ITS staff and managers on potential incidents.
6. Document and conform to processes related to security monitoring and incident management.
7. Monitor the college’s networks and digital assets for security breaches and investigate any violation when one occurs.
8. Conduct periodic penetration testing and vulnerability scans to assess the college’s information security posture.
9. Co-manage and maintain information security tools such as SIEM, endpoint protection, vulnerability management systems, intrusion detection system and prevention systems (IDS/IPS) and other information security tools and cloud based management consoles.
10. Examine, appraise, and interpret information security related data and systems. Correlate metrics to assess the effectiveness of existing systems and information security measures.
11. Respond to security event escalations, and conduct detailed forensic analysis of potential incidents.
12. Assist in the installation and use of security hardware and software such as firewalls and data encryption programs to protect sensitive college information.
13. Respond to ServiceDesk tickets, as well as track outcomes of the issues and requests.
14. Conduct security and threat assessment audits of the college assets and business processes and make recommendations for improving security measures on-site and cloud.
15. Produce or update data flow diagrams required for security assessments. 
16. Assist in information security related projects and initiatives.
17. Participate in review of the effectiveness of existing information security and risk management tools and provide recommendations.
18. Participate in information security risk assessments and controls selection activities.
19. Participate in information security awareness, training and educational activities.
20. Participate in the creation and maintenance of the information systems disaster recovery and business continuity plans and play an important role in testing of these plans and the actual disaster recovery process.
21. Closely examine information security event data and prepare periodic customized reports. 
22. Document security breaches and the extent of the damage caused by such potential breaches and maintain an ITS risk and incidence log and record any third investigation updates.
23. Perform other duties as required or assigned.

Clearances:  Current criminal record/child abuse clearances will be required if offered the position and in order to be employed at the College. The three clearances are Pennsylvania Child Abuse History Clearance, Pennsylvania State Police Criminal Records Check, and Federal Bureau of Investigations (FBI) Criminal Background Check. The College has provided instructions on how to obtain these clearances and are available here.