IT Specialist III - Lead Security Analyst

• Lead the monitoring, detection, investigation, and response to security incidents using SIEM, EDR, and threat intelligence platforms.
• Work with the SOC team to investigate and remediate security events.
• Conduct root cause analysis and forensic investigations on security breaches and incidents.
• Develop and refine incident response plans, playbooks, and escalation procedures.
• Develop, implement, and maintain security policies, standards, and procedures to comply with NIST 800-53, CIS, CJIS.
• Support internal and external audits, ensuring compliance with regulatory and industry security frameworks.
• Participate in an On-Call rotation and may involve evening and weekend support as needed.
• Assist with security awareness training and user education programs.
• Assist with penetration testing and remediate the findings.
• Oversee the identification, prioritization, and remediation of security vulnerabilities.
• Work with Infrastructure and application teams to ensure timely patching and mitigation of security risks.
• Conduct security gap analysis and implement new security technologies, automation, and best practices.
• Staying updated on the AI technologies, zero-trust network architectures, and evolving cyber threats.
• Find additional information in the Information Technology Specialist III job description.

• Bachelor's degree in Computer Science or closely related field.
• Six (6) years of information technology experience, with two of those years performing highly specialized work in a lead or expert capacity on highly complex or specialized information systems or services in one or more functional area in a closely related or emerging information technology field.
• Any combination of education and experience that provides equivalent knowledge, skills, and abilities.

• Thorough understanding of cybersecurity principles, including threat detection, vulnerability management, intrusion detection/prevention, and incident response.
• Expertise in SIEM platforms and EDR/XDR solutions.
• Strong knowledge of firewalls, IDS/IPS, VPNs, and endpoint security solutions.
• Knowledge of network protocols (TCP/IP, DNS, HTTP/S, LDAP/LDAPS, TLS) and network security tools (e.g., Wireshark, Snort).
• Knowledge of email security (DMARC, DKIM, and SPF).
• Familiarity with cyber threat intelligence (TAXII/STIX and YARA) and experience with security automation such as Python, SOAR solutions.
• Analyze and respond to complex security incidents, conduct forensic investigations, and implement remediation plans.
• Strong analytical and problem-solving skills to assess cybersecurity risks and recommend mitigations.
• Ability to effectively communicate security risks to technical and non-technical stakeholders.
• Strong knowledge of vulnerability assessment tools and prioritize vulnerabilities based on risk.
• Oversee security projects from initiation to closure, ensuring alignment with organizational goals, risk management strategies, and compliance requirements.
• Supervisory experience is preferred to effectively manage and support team members.

Your Team

The Mission of the Employees of the City of Irvine is to create and maintain a community where people can live, work, and play in an environment that is safe, vibrant, and aesthetically pleasing. We are one team that exists to serve our community in the continual pursuit of a City that offers an exceptional quality of life. The City of Irvine's five values of Humility, Innovation, Empathy, Passion, and Integrity reflect the interests and needs of the community, and the level of service they expect and desire. We are One Irvine through embrace of a team-oriented approach by living our values every day.

Administrative Services is committed to sound fiscal stewardship in maximizing the City's ability to deliver high-quality services to the community. The department consists of six areas: Administration, Fiscal Services, Budget and Strategic Planning, Purchasing, Information Technology, and Geographical Information Systems (GIS).

Equal Opportunity Employer
The City of Irvine is an Equal Opportunity Employer and provides reasonable accommodations to qualified individuals with disabilities. We encourage you to inform Human Resources at least two business days prior to the first phase of the selection process if you have a disability that may require an accommodation.