GCI's Security Analyst I will work within management and operation of enterprise-wide vulnerability scanning; enables the business to operate securely, protect its people, defend its assets, and preserve shareholder value. The position accomplishes this by administering and operating a vulnerability scanning platform to identify hardware, operating system, and application vulnerabilities within the environment.

　　ESSENTIAL DUTIES AND RESPONSIBILITIES FOR ALL LEVELS:

　　Security Operations (prevention & identification):

　　Maintain daily security operational procedures, tasks, and controls.

　　Manage and communicate the current threat landscape, identifying and orchestrating the mitigation of threats and vulnerabilities.

　　Manage security controls, product updates, procedures, and tools to defend assets against vulnerabilities that put them at risk.

　　Manage security configurations, standards and rules for the vulnerability scanning platform, including policy assessment, reporting, tuning, troubleshooting and vendor escalations.

　　Maintain appropriate access to the vulnerability scanning platform and work with other business units to ensure visibility and scan quality.

　　Vulnerability Management Program:

　　Assist in the development of security policies, procedures & standards.

　　Perform periodic risk-based assessments of systems, networks, and applications to help operational teams prioritize and escalate remediation efforts.

　　Stay current with industry security advances or potential security/fraud problems, compliance, and regulatory trends about new technology and best practices.

　　Serve as subject matter expert to business areas, project teams and ensure the appropriate implementation of vulnerability scanning.

　　Support audit processes and remediation plans

　　Support the security awareness and training objectives of the Enterprise Security Office

　　Competencies

　　Demonstrated commitment to GCI’s core values of diversity, equity, and inclusion (DEI) by promoting and maintaining an inclusive and equitable work environment for all employees and contractors, and in interactions with customers, vendors, and the public.

　　ACCOUNTABILITY- Takes ownership for actions, decisions, and results; openly accepts feedback and demonstrates a willingness to improve. Ability and capability to work with only minimal supervision.

　　BASIC PRINCIPLES - Interacts with people in a way that builds mutual trust, confidence, and respect; adheres to GCI’s Code of Conduct for Employees – the Basic Principles.

　　COLLABORATION - Works effectively with others to accomplish common goals and objectives; maintains positive relationships even under difficult circumstances. Ability to develop and maintain productive relationships with peers, subordinates, and managers across the enterprise.

　　COMMUNICATION- Conveys thoughts and expresses ideas appropriately and professionally. Demonstrated ability to discuss complex technical details with extended support staff and translate into non-technical communication.

　　COMPLIANCE - Follows internal controls; protects confidential information; abides by GCI’s Code of Business Conduct & Ethics. Model example of integrity and trustworthiness, honors the confidentiality of information entrusted to them and promotes and fosters the mission statement for the Enterprise Security Office.

　　CUSTOMER FOCUS - Demonstrates commitment to service excellence; gives high priority to customer satisfaction. A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.

　　RELIABILITY - Consistently follows through on assigned tasks as expected; demonstrates timely attendance at meetings, training, and other work obligations.

　　RESULTS - Uses a combination of job knowledge, initiative, sound decision making, innovation, adaptability, and problem solving. Demonstrated ability to move easily between detail and conceptual levels and work on multiple projects with varying and changing priorities and timelines. Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

　　In-depth knowledge and understanding of an enterprise-class vulnerability scanning platform deployed across a large and diverse technology environment with thousands of assets.

　　Proficiency in performing risk and vulnerability assessments.

　　Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

　　Audit, compliance, and governance familiarity

　　Familiarity with privacy and compliance standards, such as SOX, HIPAA and PCI-DSS

　　Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation

　　Experience in IT processes including incident management, problem management, change management, and release management.

　　SAFETY & SECURITY - Supports a safe work environment by following all workplace safety rules and guidelines; complies with applicable Security policies and procedures. Demonstrated ability to keep confidential information secure.

　　DECISION MAKING: Uses sound, logical judgment based on department and company policy and procedures, data, research, and experience to choose an appropriate course of action.

　　Strong understanding of business applications and financial systems.

　　Excellent technical knowledge of mainstream operating systems, for example Microsoft and Linux, and a wide range of security technologies, such as network security appliances, Identity and Access Management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

　　Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.

　　Familiarity with configuration benchmarks such as CIS, STIG and SCAP

　　Familiarity with frameworks and standards, such as ISO 2700x, ITIL, COBIT, and NIST frameworks.

　　Technical Competencies

　　Proficient computer skills and MS Office knowledge (e.g., Outlook, Teams, Word, Excel) to use the company intranet.

　　Strong understanding of business applications and financial systems.

　　Excellent technical knowledge of mainstream operating systems, for example Microsoft and Linux, and a wide range of security technologies, such as network security appliances, Identity and Access Management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

　　Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.

　　Familiarity with configuration benchmarks such as CIS, STIG and SCAP

　　Familiarity with frameworks and standards, such as ISO 2700x, ITIL, COBIT, and NIST frameworks.

　　Level Definition

　　Position Title: Security Analyst I

　　Grade: E04

　　Additional Job Requirements:

　　This is an entry level position requiring close supervision as well as collaboration with a more experienced Security Analyst. This position will support Security Analyst in implementing moderate to more complex projects.

　　Minimum Qualifications:

　　Required: *A combination of relevant work experience and/or education sufficient to perform the duties of the job may substitute to meet the total years required on a year-for-year basis.

　　High School diploma or equivalent.

　　Bachelor’s degree in computer science, technology, security, or related field. *

　　Minimum of two (2) years’ experience in information security, information technology infrastructure, programming development, support, operations, systems, security, administration, access control, cryptography, architecture, analysis, disaster recovery, investigations, compliance, or technical legal areas (such as those involved in law enforcement, prosecution, defense, or forensics). *

　　Including one (1) year experience in involving vulnerability management duties.

　　Preferred:

　　CEH: Certified Ethical Hacker

　　GSEC / GCIH/ GCIA: GIAC Security Certifications

　　ECSA: EC-Council Certified Security Analyst

　　GCPM: GIAC Certified Project Manager

　　CISA: Certified Information Security Auditor

　　CCFP: Certified Cyber Forensics Professional

　　CRISA: Certified in Risk and Information Systems Control

　　CISSP: Certified Information Systems Security Professional

　　CISM: Certified Information Systems Manager

　　GSLC: GIAC Security Leadership

　　CSX Certificate, CSX Practitioner, or CSX Specialist

　　Other applicable telecom industry, IT, Information Security and Compliance related Certifications.

　　Required at ALL Levels

　　DRIVING REQUIREMENTS:

　　This position may require access to reliable transportation for occasional travel, such as, between retail store locations, offices, worksites, or other locations as needed. PHYSICAL REQUIREMENTS AND WORKING CONDITIONS:

　　Work is primarily sedentary, requiring daily routine computer usage.

　　Ability to work shifts as assigned, work in standard office/home office setting, and operate standard office equipment.

　　Ability to accurately communicate information and ideas to others effectively.

　　Physical agility and effort sufficient to perform job duties safely and effectively.

　　Ability to make valid judgments and decisions.

　　Available to work additional time on weekends, holidays, before or after normal work hours when necessary.

　　Work is performed at a variety of GCI locations or remotely.

　　Travel for business and training purposes is required.

　　Position is expected to work a rotational 7/24 on-call schedule and is subject to call-in as required.

　　Must work well in a team environment and be able to work with a diverse group of people and customers.

　　Virtual workers must comply with remote work policies and agreements.

　　Background /Security Conditions: Based on the position’s business needs, background and security checks are subject to Level 3 background, credit check and drug testing; these background and security checks will be conducted on a three-year rotation basis, or periodically based on specific contract requirements. GCI will ensure that background checks are conducted in compliance with all applicable federal and state statutes, such as the Fair Credit Reporting Act (FCRA) and the Americans with Disabilities Act (ADAAA).

　　The company and its subsidiaries operate in a 24/7 environment providing critical services to Alaskans and may need to respond to public health and safety matters or other business emergencies. Due to business needs employees may be contacted outside of the core business hours to respond to an immediate emergency. As such, you will be requested to provide emergency after hours contact numbers, to include your home and cell phone numbers if you have those services.

　　EEO: GCI is an equal opportunity employer. Qualified applicants are considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, marital status, mental or physical disability, veteran status, or any other status or classification protected under applicable state or federal law.

　　DISCLAIMER: The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.