Cyber Security Analyst II or III

Cyber Security Analysts perform a variety of complex administrative, technical, advisory, and project management work in the Office of Cyber Security ensuring overall systems security in our private and commercial cloud services. They design and implement security controls to protect C Spire assets from cyber-attacks. They also help develop organization wide best practices for cyber security, monitor for security issues, and document security issues identified.

This role supports our governance, risk, and compliance efforts by performing cyber security control reviews or security audits and performing technical security assessments (e.g., vulnerability analysis, penetration testing, and application testing).

“Customer Inspired” isn’t our slogan — it’s our driving force, and not everybody is built for it. While we all bring our own strengths and skillsets to the table, there are some traits every C Spire Team Member needs to have:

• A relentless obsession to be the best in our industry
• A winner mentality determined to outsmart and outdo competitors
• A single-minded commitment to unbeatable customer experiences
• An unapologetic passion for innovation and technology
• An uncompromising drive toward continuous improvement
• A steadfast devotion to doing the right thing the right way
• A deep-seated dedication to accountability and ownership

Job Specific Responsibilities:

• Perform security risk and compliance assessments in accordance with relevant industry frameworks (e.g., NIST 800-53, NIST CSF) and compliance requirements (e.g., SOC 1/2, PCI-DSS, HIPAA, etc.).
• Track, report, and provide dashboard visibility on risk based, SOC, and PCI remediation initiatives.
• Analyze potential risk scenarios and facilitate corrective action plans to ensure controls effectiveness for mitigating exposure to identified risks.
• Communicate security compliance issues and control gaps through security governance and audit control processes.
• Recommend and monitor cyber security and IT security controls for systems and data across the enterprise.
• Participate in the development and maintenance of audit and remediation plans for critical environments, applications, and systems.
• Provide compliance, risk, and controls expertise to support various cyber security and compliance initiatives and activities.
• Coordinate and interact with external auditors, IT administrators, developers, and business executives.
• Consult with and advise business executives and IT administrators on various operational issues related to cyber security.
• Track audit findings to ensure corrective actions are implemented.
• Analyze and assess damage to infrastructure resulting from security incidents, examine available tools and processes for remediation.
• Assist with developing and implementing cyber security program which includes cyber security policies, risk assessments, security awareness training, etc.

The following are preferred qualifications for both the level II and level III Cyber Security Analyst:

• System administration (preferably at enterprise scale).
• System hardening / secure configuration baseline development.
• Vulnerability scanning / management.
• Virtualization (e.g., VMware, containers).
• Application security (e.g., WAFs, API security, code reviews, DAST/SAST/IAST, etc.).
• Attack surface management.
• Cloud architecture and security.
• Scripting (e.g., Python, PowerShell).

REQUIRED

• Level II
  • Bachelor’s degree in Information Systems, Computer Science, or Business with an emphasis in Information Technology or related field.
  • 3-5 years of professional IT experience required.
  • 2+ years of professional Cyber Security experience.
  • Cyber security certification (e.g., Security+, CySA+, CRISC, GWEB) or ability to achieve within a year.
  • Working knowledge of operating systems (e.g., Microsoft Windows, Linux).
  • Basic understanding of application security (e.g., OWASP Top 10).
  • Basic proficiency with cyber security controls, security compliance analysis, security risk assessment, cyber security controls assessment, and security control gap analysis.
  • Knowledge of cyber security concepts, assessment processes, and high-level controls used for validating compliance. Understanding of major GRC security regulations/assessment processes (NIST 800-53, NIST 800-37, ISO 27001, SOC 1/2, and related primary security regulations) would be extremely useful.
  • Strong critical thinking and problem-solving skills.
  • Excellent written and oral communication skills, including the ability to communicate complex technical issues to senior stakeholders and non-technical staff.
  • Prior experience working in an IT organization, supporting enterprise level IT functions and processes
• Level III
  • All of the required qualifications for a Level II.
  • 5+ years of professional IT experience required.
  • 3+ years of professional Cyber Security experience.
  • Solid understanding of application security (e.g., OWASP Top 10, web application firewalls).
  • Proficiency with cyber security controls, security compliance analysis, security risk assessment, cyber security controls assessment, and security control gap analysis.
  • Strong knowledge of cyber security concepts, assessment processes, and high-level controls used for validating compliance. Understanding of major GRC security regulations/assessment processes (NIST 800-53, NIST 800-37, ISO 27001, SOC 1/2, and related primary security regulations).