position
Information Security Analyst III
division/department
Legal and Risk Management/Information Security
classification
Exempt
nature of position
Reporting to the Manager, Information Security, the Information Security Analyst III is responsible for maintaining the Confidentiality, Integrity, and Availability of CHFA information. The Information Security Analyst III will perform activities related to the implementation, monitoring, and oversight of information security systems. This position will support the information security manager in carrying out routine security functions, including testing controls, providing oversight, conducting event and incident investigations and responses, and reporting updates to management. Responsible for analyzing and resolving security and vulnerability issues in a timely manner. The Information Security Analyst III will be responsible for proactive security measures, including honeypots, honey credentials, honey users, and other threat-hunting methodologies using the security tools and technology available to CHFA. They will work to ensure systems and staff comply with information security policies and procedures across the enterprise and will be involved in recommending and implementing changes to CHFA’s security posture.
The Information Security Analyst III must possess strong analytical and technical knowledge of information systems, security practices, and technologies, the use of established IT security applications, controls, and methods, and a working knowledge of industry issues and concerns related to IT security.
essential functions
- Reports directly to the Information Security Manager and collaborates with the IT team in developing solutions and processes to address current and future security risks.
- Responsible for utilizing enterprise security-related technologies in a proactive security posture, including Managed Detection and Response, Metasploit, DLP, vulnerability scanning, etc.
- Monitors and analyzes logs and alerts from various technologies (IDS/IPS, Firewall, Proxy, Anti-Virus, SIEM, etc.) across multiple platforms.
- Evaluate and recommend security processes and procedures, including using security partners, toolsets, and other technologies available to CHFA.
- Conducted vulnerability assessments evaluating CHFA’s systems and network, penetration testing results, web application reviews, social engineering tests, physical security reviews, and collaborating in secure IT infrastructure and solutions.
- Perform routine, periodic inspections of new and existing systems to ensure security measures are being followed and are functioning effectively. Recommend remediation steps where applicable.
- Provide leadership and support in CHFA’s Incident Response Planning and execution.
- Provides subject matter guidance regarding information security best practices during the design and implementation phases of infrastructure and solutions projects.
- Collaborate with peers and colleagues across divisions, including the IT Director, IT Operations Manager, and IT Solution Manager, regarding the development and implementation of all IT related projects including, but not limited to Systems, Internal and Third-Party Development projects, business development projects, system enhancements, incident response, remediation testing, etc.
- Provides limited end-user support as required, which requires competencies in all end-user support roles
- Assists in training and sharing knowledge with CHFA staff face-to-face and by developing applicable documentation
- Responsible for evaluating new and emerging security technologies and how those technologies could enhance CHFA’s security posture and strategic goals.
- Perform other related work as directed.
knowledge, skills, and ability
- Strong working knowledge of security fundamentals and other security standards, including maintaining confidentiality, integrity, and availability of data utilizing security partners and toolsets, including but not limited to SEIM, SOC, DLP, FIM, Vulnerability Assessments, and remediation testing.
- Advanced Knowledge/Experience in the following required:
- Microsoft Windows operating systems (Linux experience a plus)
- Group Policy and Active Directory security configuration
- Knowledge of generally accepted security and privacy standards (NIST, COBIT, ISO, etc.)
- DevSecOps, including OWASP secure coding best practices
- Experience working with current CHFA-specific technologies preferred, general firewall security products, Email Threat Protection, Anti-malware/Anti-virus, encryption, and multifactor authentication. Microsoft Purview and Entra ID experience preferred.
- Understand how to automate critical security functions utilizing Security Orchestration Automation and Response (SOAR) technology with appropriate levels of analyst oversight.
- Ability to communicate, both orally and in writing, in a thoughtful, effective, and diplomatic manner
- Ability to balance, prioritize, and organize multiple complex problems under pressure while maintaining a positive and professional demeanor.
- Demonstrate compliance with CHFA’s Code of Conduct, all company policies and procedures, and all laws and regulations
- Abilities that reflect our values:
- Ability to continuously improve and develop knowledge and skills while adapting quickly to changing circumstances and processes
- Ability to work towards inclusion in all activities and decisions through the solicitation and appreciation of diverse perspectives
- Ability to exercise strong ethical and personal accountability in all activities and decisions
- Ability to embrace a culture of operational excellence to ensure processes are continually evaluated and improved as necessary
- Ability to operate with a sense of integrity
- Ability to have fun with a demonstrated sense of humor
- Ability to establish rapport with persons of diverse ethnic, racial and cultural backgrounds, essential
experience/education
- Bachelor's Degree in Information Systems or equivalent experience in a related discipline
- 7+ years of recent experience in implementing security solutions for multiple hardware, software, and cloud-based platforms
- Information Security related certification (e.g., Security+, CISSP, CISM, GSEC, SSCP, CSTA) or the ability to obtain one is a plus
- Familiarity with Information Security standards and best practices
- Demonstrated capability to assess, understand, communicate, document, and resolve information security issues
equipment used
Telephone; personal computer; photocopier/scanner.
working environment
The incumbent in this position will perform the essential functions of the position in a hybrid environment, which requires sitting at a desk for most of the day with or without accommodation. This position requires medium to high levels of interaction and collaboration with others.
hiring range
$83,000 - $107,000
benefit information
Comprehensive medical, dental, and vision insurance plans, with competitive rates
Generous Paid Time Off, including paid volunteer time and leave programs
Please visit our benefits page for additional information
how to apply
External candidates: Please submit your resume online at www.chfainfo.com/careers - Job Opportunities Tab
The position closes on December 14, 2024, or until the position has been filled.
With respect to its programs, services, activities, and employment practices, Colorado Housing and Finance Authority prohibits unlawful discrimination against applicants or employees on the basis of age 40 years and over, race, sex, sexual orientation, gender identity, gender expression, color, religion, national origin, disability, military status, genetic information, marital status or any other status protected by applicable federal, state or local law. Requests for reasonable accommodation, the provision of auxiliary aids, or any complaints alleging violation of this nondiscrimination policy should be directed to the nondiscrimination coordinator, 1.800.877.2432, TDD/TTY 303.297.7305, CHFA 1981 Blake Street, Denver CO 80202-1272, available weekdays 8:00 a.m. to 5:00 p.m.
