IT Security Analyst, I, II, III or Senior

We are looking for talented individuals who are passionate about making an impact in the company and the community. Apply now and become part of the dynamic energy industry!Position DescriptionResponsible for the design, planning, testing, implementation, and administration of regulatory requirements and industry-wide accepted information security principles, practices, and information systems to ensure the protection of information assets processed, stored, or transmitted at UniSource. Evaluate the effectiveness of information security solutions and processes in place, keeping in mind the state of world events. Monitor for and identify security risks and exposures, determine the causes of security violations, assess, and implement procedures to halt future incidents. Understand and provide assistance to system users relative to information systems security matters. Participates in a team environment that provides cost-effective IT security services to the various business units. Works closely with other areas to insure optimum reliability and cohesiveness.Position-Related ResponsibilitiesPerforms security analysis, including architecture review, baselines, vulnerability assessments, and risk assessments to proactively identify security risks and exposuresPerforms security incident response and forensic investigationsProvides anti-virus, spam, and malware administration and management.Monitors security events across the network and ensures alerting and resolution of security issues and threats.Works with internal and external project managers to complete projects and efforts on time.Leads or participates in IT projects to provide information security expertise, guidance, or training.Works with internal and external auditors to implement technical aspects of regulatory/compliance/privacy controls, such as Sarbanes-Oxley, NERC CIP, HIPAA, and PCI DSS.Responsible for provisioning and de-provisioning usersEvaluates new and emerging security technologies, features, and products to determine their application in the protection of company information assetsProvides second-level support for the IT Help Desk. Performs 24 x7 support on a rotating basis.Ensures change control processes are followed and service levels affected by those changes are maintained.Works with Human Resources or Legal to provide sensitive investigative or litigation hold support.Responsible for day-to-day security administration of company databases (e.g. Oracle and MSSQL), e-mail applications, key business applications and networks Knowledge Is Expected In The Following Disciplines:Authentication and Access Control Tools, Management and AdministrationAnti-Virus, Spam and Malware Tools, Management and AdministrationApplication Security Architecture & Cloud Computing ConceptsChange & Security Configuration Audit and Control Encryption Processes, Management and AdministrationFirewall Management and AdministrationHardware/software Security Testing and EvaluationIntrusion Detection/PreventionIncident Response Practices and ProceduresComputer Forensic Practices and ProceduresLayer 2 and 3 routing and switching protocols (TCP/UDP, IPv4, IPv6, OSPF, etc.)Security Information & Event Management (SIEM) and LoggingScripting Languages, such as PowerShellVOIP Technology Security VPN’s (Virtual Private Networks) and SSLVulnerability Assessment Practices/Technology (i.e. Operating Systems, Network, Application, Database, and Web)Wireless Security InfrastructureSecurity Industry Standards, such as ISO, NIST & FISMARegulatory Requirements of NERC CIP, SOX, HIPAA, PCI DSS and other applicable regulationsInformation Security Awareness Programs and CommunicationsInformation Security Policy and Standards Information Security Risk AssessmentThis position may provide services to affiliates of the Company subject to the UNS Energy Code of Conduct and the related Policies and Procedures.Knowledge, Skills & Abilities(Equivalent combination of education and experience will be considered.)Level IMinimum Qualifications:High school diploma or GED.Effective written and oral communication skills are required plus a willingness to learn in a rapidly changing environment.Demonstrated ability to work both independently and as part of a team.Preferred Qualifications:Bachelor’s degree in Management Information Systems, Computer Science or related discipline is preferred.Two or more years in an IT related discipline is preferred.Level IIMinimum Qualifications:Requires the qualifications for an IT Security I plus experience with day to day security administration.Requires self-direction and the ability to work with vendors on creating statements of work and completing that work.Requires Industry certifications (i.e. GSEC or CISSP) or equivalent experience of 3-5 years in an information security or network discipline.Preferred Qualifications:Assists more experienced administrators on projects and deals with day to day support.Level IIIMinimum Qualifications:Requires the qualifications for an IT Security II plus leadership abilities.Provide mentoring and guidance to junior members of the teamRequires industry certifications (i.e. GSEC or CISSP) or equivalent experience of five or more years in an information security or network discipline.Preferred Qualifications:Individual is considered at full proficiency in the information security field and a leader on the security team.Works with other IS groups to ensure the understanding and coordination of effective results.Ensures that IS Standards and practices are understood and consistently applied.Demonstrates basic project planning & project management skills for leading individual or small team efforts.SeniorMinimum Qualifications:Requires the qualifications for an IT Security III and the ability to lead any information security project across the enterprise.Provide mentoring and guidance to junior members of the teamRequires industry certification (i.e. GSEC or CISSP) or equivalent experience of seven or more years in the information security discipline.Requires basic project planning & project management experience for leading teams.Preferred Qualifications:Has successfully led and completed IT Security projects, or lead teams as part of larger projects.Has Security Architect experience or provides strategic direction on how the state of information security should evolve.Visionary that is proficient at all required information security aspects and helps others to become more proficient.