 | NEW MEXICO STATE UNIVERSITY |
HUMAN RESOURCES SERVICES | |
POSITION CLASSIFICATION DESCRIPTION | |
| Position Classification Title: | R&D Info Security Analyst,Sr |
| Position Classification Code: | M4005 |
| Job Family: | Information Technology |
| Pay Level: | 11 |
| Exempt Status: | Exempt |
| This description is intended to describe the general nature of the work being performed. It is not intended to be a complete list of specific duties of any particular position. Duties, responsibilities and bargaining unit eligibility may vary based on the specific tasks assigned to the position. | |
| Purpose of Classification: | |
| Provide advanced technical support for Information Assurance theoretical and technology assessments of Computer Network Operations. Monitors, evaluates, and maintains systems and procedures to protect the data systems and databases from unauthorized users. Identifies potential threats and responds to reported security violations. Determines causes of security violations and recommends corrective actions to ensure data security. Possesses and applies broad knowledge of principles, practices and procedures to the completion of moderately difficult assignments. | |
| Standard Duties: | |
| Conduct information assurance certification and accreditation testing and analysis for systems to determine vulnerabilities. Support penetration testing, threat CNO testing, information assurance protect/detect/react/respond analysis and evaluation. Participates in defining and implementing overall security strategy, policies, and procedures. Provides security advice and guidance to systems engineers and management. Performs security audits, risk analysis, and application-level vulnerability testing and reviews. Collaborates on solutions to mitigate risks and enhance system security. Researches, recommends, and implements changes to procedures and systems to enhance data systems security. Leads security projects including requirements definition, task planning, research, testing, implementation, and management. Usually works with minimum supervision, conferring with superior on unusual matters. Assignments are broad in nature, usually requiring originality and ingenuity. Has appreciable latitude for un-reviewed action or decision. May oversee the supervision of other personnel as needed. Performs miscellaneous job-related duties as assigned. | |
| Knowledge, Skills and Abilities: | |
| - Advanced knowledge of information security and computer network access technologies - In-depth technical knowledge of data protection and integrity, operating systems and network security, authentication, and security protocols | |
| - Experience in vulnerability/survivability assessments of information technologies, threat Computer Network Operations experimentation, Information Assurance certification and accreditation, research/development, and vulnerability assessments of systems - Experience in supporting research and development/evolution of tools, techniques and methodologies - Experience in support of customers in conducting information assurance certification and accreditation testing and analysis - Experience in supporting penetration testing, threat CNO testing, IA protect/detect/ react/respond analysis and evaluation | |
| - Ability to support customers by performing security audits, risk analysis, and application-level vulnerability testing and reviews - Ability to analyze and evaluate systems and provide recommendations and solutions - Ability to collaborate on solutions to mitigate risks and enhance system security • Familiarity with DOD Information Assurance Certification and Accreditation Process (DIACAP) | |
| Minimum Qualifications: | |
| Education- Bachelor’s degree in a related field. | |
| Experience- Five (5) years of experience directly related to the standard duties as outlined. | |
| Equivalency- None | |
| Certifications/License- | |
| Departmental Requirements- | |
| Special Requirements- | |