What are the responsibilities and job description for the Applications Security Analyst position at Zane State College?
General Description
Performs professional and technical work involving the analysis, assessment, and coordination of application security activities for County systems and business applications. Conducts security reviews of applications, databases, interfaces, file shares, cloud and SaaS platforms, and related systems to identify vulnerabilities, access control weaknesses, insecure configurations, and data exposure risks. Utilizes approved vulnerability assessment and security analysis tools to identify, validate, document, and track security issues affecting applications and supporting systems. Works with application owners, technical staff, business units, and vendors to support remediation planning, implementation of corrective actions, mitigation strategies, and documentation of approved exceptions. Assists in the development and maintenance of procedures, standards, and documentation related to application security, vulnerability management, and access governance. Prepares findings summaries, reports, and recommendations for technical staff, business users, management, and leadership. Assigned systems may include one or more major systems supporting multiple business units and/or several smaller systems with cross-system integration requirements. Assigned security tasks cover a diverse range of on-premise and cloud-based enterprise systems, spanning departments such as Finance, Public Safety, General Services, etc. Work may include securing in-house processes and software within Windows, SQL, and web-based environments. Work is performed under the general direction of designated Information Technology leadership.
This is a temporary position, only expected to last 6 months
Essential Job Functions
~ Conducts security assessments of assigned applications, databases, interfaces, file shares, collaboration platforms, cloud services, SaaS platforms, and related systems to identify vulnerabilities, access control weaknesses, insecure configurations, and data exposure risks.
~ Documents security findings, risk observations, technical conditions, business impact, and recommended corrective actions in accordance with established procedures and standards.
~ Utilizes approved vulnerability assessment, scanning, and security analysis tools to identify, validate, document, and prioritize security findings affecting applications and supporting systems.
~ Reviews user, group, shared, service, and administrative access to assigned systems and applications to identify excessive privileges, inappropriate access, dormant accounts, and opportunities to improve least-privilege enforcement.
~ Works with application owners, infrastructure staff, database administrators, business units, vendors, and other Information Technology personnel to support remediation of identified vulnerabilities and security control deficiencies.
~ Assists with review and documentation of security exceptions, compensating controls, mitigation strategies, and risk acceptance decisions in accordance with established policies and procedures.
~ Supports periodic access reviews and evaluates onboarding, transfer, and offboarding processes for control weaknesses, inconsistent access assignments, and access governance gaps.
~ Identifies systems that store, process, or transmit sensitive, confidential, or business-critical data and assists in mapping data types, access groups, and applicable security controls.
~ Reviews application- and system-level security controls, including access restrictions, role design, encryption settings, data sharing controls, and other protective measures, as applicable.
~ Assists in the development, maintenance, and improvement of procedures, standards, templates, and documentation used for application security assessments, vulnerability management, and related review processes.
~ Prepares reports, summaries, metrics, dashboards, and status updates related to security findings, remediation activities, and risk conditions for management, leadership, auditors, and other stakeholders.
~ Participates in project planning, implementation, upgrade, and change review activities to identify security requirements and reduce security risk in new or modified applications.
~ Works with users, technical staff, and vendors in troubleshooting security-related issues, validating corrective actions, and supporting practical resolutions.
~ Keeps abreast of modern cybersecurity methods, technologies, threats, standards, and software through workshops, seminars, trade journals, professional associations, and self-study.
~ Assists other Information Technology staff in resolving security-related system and application issues and participates in planning, audit support, procurement review, and technical standards activities as requested.
Requirements/Preferences
Education:
Preferred: Associate or bachelor’s degree from an accredited college or university with major course work in cybersecurity, information systems, computer science, information technology, or a related field; or equivalent combination of training, education, and experience that demonstrates the ability to perform the work described.
Experience
Preferred: Experience documenting security findings, supporting remediation activities, reviewing system or application access, and working with business applications, databases, cloud services, SaaS platforms, or vendor-hosted application environments. Experience with assigned business processes and systems, such as Finance, Human Resources, Public Safety, Tax, Billing, Web, or document/content management systems.
Certifications/Licenses
Required: Valid Virginia driver’s license with good driving record. Preferred: Security-related certification.
Knowledge, Skills And Abilities
Working knowledge of principles, practices, and methods used in application security, vulnerability assessment, access control review, risk identification, and remediation support. Working knowledge of authentication and authorization concepts, least-privilege principles, security configuration review, encryption concepts, data protection controls, and common security weaknesses affecting enterprise applications and systems. Working knowledge of current techniques used in systems analysis, business process analysis, interface review, and security documentation. Some knowledge of security assessment tools, reporting methods, issue tracking processes, and risk documentation practices. Skilled in analytical thinking, problem solving, technical documentation, and communication with technical and non-technical personnel. Ability to logically and systematically assess security issues and recommend practical courses of action. Ability to identify, validate, and prioritize vulnerabilities and access-related risks across multiple systems and business processes. Ability to coordinate effectively with system owners, vendors, technical staff, and departmental personnel. Ability to prepare concise and accurate reports, findings summaries, remediation recommendations, and exception documentation. Ability to prioritize and perform work effectively with minimum direction in a complex and fast-paced environment. Ability to learn, understand, and apply new technologies, security tools, and assessment methods. Ability to work independently and in a self-motivated fashion. Ability to communicate both orally and in writing ideas, concepts, recommendations, technical matters, and complex information clearly and concisely in a timely manner, at a level consistent with the audience. Ability to analyze data sufficient to verify and identify problems such as inaccurate, incomplete, or improperly protected information and suggest appropriate solutions. Ability to work well with end-users and other employees in a team-based environment with minimal supervision.
Supervisory Responsibilities
None
Additional Requirements
Must be a United States citizen or a lawful permanent resident of the United States and eligible for naturalization. Subject to a complete criminal history background search with acceptable results. May be subject to DMV driving record review as required by amount of work-related driving, specified by support responsibilities. Must be able to perform the job as described in the Physical and Environmental Demands section of this job description. May need to utilize personal vehicle with mileage reimbursement.
Other Information
Benefits are available to full-time positions only.
Performs professional and technical work involving the analysis, assessment, and coordination of application security activities for County systems and business applications. Conducts security reviews of applications, databases, interfaces, file shares, cloud and SaaS platforms, and related systems to identify vulnerabilities, access control weaknesses, insecure configurations, and data exposure risks. Utilizes approved vulnerability assessment and security analysis tools to identify, validate, document, and track security issues affecting applications and supporting systems. Works with application owners, technical staff, business units, and vendors to support remediation planning, implementation of corrective actions, mitigation strategies, and documentation of approved exceptions. Assists in the development and maintenance of procedures, standards, and documentation related to application security, vulnerability management, and access governance. Prepares findings summaries, reports, and recommendations for technical staff, business users, management, and leadership. Assigned systems may include one or more major systems supporting multiple business units and/or several smaller systems with cross-system integration requirements. Assigned security tasks cover a diverse range of on-premise and cloud-based enterprise systems, spanning departments such as Finance, Public Safety, General Services, etc. Work may include securing in-house processes and software within Windows, SQL, and web-based environments. Work is performed under the general direction of designated Information Technology leadership.
This is a temporary position, only expected to last 6 months
Essential Job Functions
~ Conducts security assessments of assigned applications, databases, interfaces, file shares, collaboration platforms, cloud services, SaaS platforms, and related systems to identify vulnerabilities, access control weaknesses, insecure configurations, and data exposure risks.
~ Documents security findings, risk observations, technical conditions, business impact, and recommended corrective actions in accordance with established procedures and standards.
~ Utilizes approved vulnerability assessment, scanning, and security analysis tools to identify, validate, document, and prioritize security findings affecting applications and supporting systems.
~ Reviews user, group, shared, service, and administrative access to assigned systems and applications to identify excessive privileges, inappropriate access, dormant accounts, and opportunities to improve least-privilege enforcement.
~ Works with application owners, infrastructure staff, database administrators, business units, vendors, and other Information Technology personnel to support remediation of identified vulnerabilities and security control deficiencies.
~ Assists with review and documentation of security exceptions, compensating controls, mitigation strategies, and risk acceptance decisions in accordance with established policies and procedures.
~ Supports periodic access reviews and evaluates onboarding, transfer, and offboarding processes for control weaknesses, inconsistent access assignments, and access governance gaps.
~ Identifies systems that store, process, or transmit sensitive, confidential, or business-critical data and assists in mapping data types, access groups, and applicable security controls.
~ Reviews application- and system-level security controls, including access restrictions, role design, encryption settings, data sharing controls, and other protective measures, as applicable.
~ Assists in the development, maintenance, and improvement of procedures, standards, templates, and documentation used for application security assessments, vulnerability management, and related review processes.
~ Prepares reports, summaries, metrics, dashboards, and status updates related to security findings, remediation activities, and risk conditions for management, leadership, auditors, and other stakeholders.
~ Participates in project planning, implementation, upgrade, and change review activities to identify security requirements and reduce security risk in new or modified applications.
~ Works with users, technical staff, and vendors in troubleshooting security-related issues, validating corrective actions, and supporting practical resolutions.
~ Keeps abreast of modern cybersecurity methods, technologies, threats, standards, and software through workshops, seminars, trade journals, professional associations, and self-study.
~ Assists other Information Technology staff in resolving security-related system and application issues and participates in planning, audit support, procurement review, and technical standards activities as requested.
Requirements/Preferences
Education:
Preferred: Associate or bachelor’s degree from an accredited college or university with major course work in cybersecurity, information systems, computer science, information technology, or a related field; or equivalent combination of training, education, and experience that demonstrates the ability to perform the work described.
Experience
Preferred: Experience documenting security findings, supporting remediation activities, reviewing system or application access, and working with business applications, databases, cloud services, SaaS platforms, or vendor-hosted application environments. Experience with assigned business processes and systems, such as Finance, Human Resources, Public Safety, Tax, Billing, Web, or document/content management systems.
Certifications/Licenses
Required: Valid Virginia driver’s license with good driving record. Preferred: Security-related certification.
Knowledge, Skills And Abilities
Working knowledge of principles, practices, and methods used in application security, vulnerability assessment, access control review, risk identification, and remediation support. Working knowledge of authentication and authorization concepts, least-privilege principles, security configuration review, encryption concepts, data protection controls, and common security weaknesses affecting enterprise applications and systems. Working knowledge of current techniques used in systems analysis, business process analysis, interface review, and security documentation. Some knowledge of security assessment tools, reporting methods, issue tracking processes, and risk documentation practices. Skilled in analytical thinking, problem solving, technical documentation, and communication with technical and non-technical personnel. Ability to logically and systematically assess security issues and recommend practical courses of action. Ability to identify, validate, and prioritize vulnerabilities and access-related risks across multiple systems and business processes. Ability to coordinate effectively with system owners, vendors, technical staff, and departmental personnel. Ability to prepare concise and accurate reports, findings summaries, remediation recommendations, and exception documentation. Ability to prioritize and perform work effectively with minimum direction in a complex and fast-paced environment. Ability to learn, understand, and apply new technologies, security tools, and assessment methods. Ability to work independently and in a self-motivated fashion. Ability to communicate both orally and in writing ideas, concepts, recommendations, technical matters, and complex information clearly and concisely in a timely manner, at a level consistent with the audience. Ability to analyze data sufficient to verify and identify problems such as inaccurate, incomplete, or improperly protected information and suggest appropriate solutions. Ability to work well with end-users and other employees in a team-based environment with minimal supervision.
Supervisory Responsibilities
None
Additional Requirements
Must be a United States citizen or a lawful permanent resident of the United States and eligible for naturalization. Subject to a complete criminal history background search with acceptable results. May be subject to DMV driving record review as required by amount of work-related driving, specified by support responsibilities. Must be able to perform the job as described in the Physical and Environmental Demands section of this job description. May need to utilize personal vehicle with mileage reimbursement.
Other Information
Benefits are available to full-time positions only.