RiseMe
LoginSign Up
State of New Mexico logo
State of New Mexico Verified
Government Administration

Senior IT Security Analyst (DoIT #2767)

New Mexico, United StatesOnsiteFull TimeSenior$72,800–$110,240 /yrPosted 2 months ago

Is this role right for you?

Upload your resume and get a skill-by-skill breakdown — see exactly where you match, where you're close, and what to highlight. Not a mystery percentage.

Get a tailored resume highlighting what this role needs.

Role summary

The Senior IT Security Analyst will be responsible for the day-to-day operations of Department of Information Technology firewalls and firewall management systems. This role ensures the safety of information systems assets and data, protecting them from unauthorized access or destruction. Key duties include conducting complex IT data and security audits, leading forensic investigations, and serving as a project lead while mentoring junior staff. The analyst will develop and implement information security strategies, contribute to business continuity and disaster recovery programs, and conduct internal reviews to ensure compliance with standards. They will also lead incident response efforts, define security configurations, and evaluate security tools and solutions.

Posting Details
Interviews are anticipated to be conducted within two weeks of closing date. The New Mexico Department of Information Technology (DoIT) is the enterprise technology partner serving and supporting state agencies with innovative solutions to advance the delivery of their core missions and to create progress for all New Mexicans. The DoIT Network and Security Services Bureau (DoIT-NSSB) is a dynamic, fast paced IT shop that supports State of New Mexico agencies, boards and commissions.
Why does the job exist?
The Senior IT Security Analyst position primarily and independently performs day to day operations on all Department of Information Technology firewalls and firewall management systems. Additionally, this position performs all procedures necessary to ensure the safety of information systems assets and data and to protect systems from intentional or inadvertent access or destruction. Conducts the most complex IT data and security audits and leads or assists with forensic investigations. Serves as project lead and mentors lower-level Security and Compliance Administrators.
How does it get done?
Provider, Data Center, Virtual Private Network and User firewalls.

  • Develops and implements strategies to align information security with business objectives and goals,

protecting the integrity, confidentiality, and availability of data, in collaboration with the Chief Information
Security Officer. Provides analysis, consultation, and training reflective of significant knowledge of intrusion
detection and internet architecture.

  • Contributes to designing and implementing the enterprise-wide organization continuity and disaster

recovery management programs, including maturity models, methodologies, sourcing, strategies, plans,
metrics and scorecards for all components of the program(s).

  • Develops and implements internal reviews and audits to ensure compliance with standards and processes

(Selecting sample, verifying documentation and other requirements).

  • Assists business partners with the determination of critical business processes and systems.
  • Leads and responds to security incidents and investigations and targets reviews of suspect areas.
  • Ensures recovery drills are performed. Analyzes recovery drills performance and recommends changes to

plan, as needed.

  • Conducts the most complex IT data and security reviews and audits for regulatory and standards compliance. Participates in third party security investigations and compliance reviews as requested.
  • Develops, reviews and audits criteria for lower-level security analysts to ensure that users adhere to the

necessary procedures and processes to maintain IT security.

  • Identifies and resolves root causes of security-related problems and related issues.
  • Consults with clients on security violations.
  • Leads the development and documentation of information security standards, best practices, and guidelines.
  • Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly

implemented.

  • Oversees security incident and response management.
  • Defines security configuration and operations standards for security systems and applications, including

policy assessment and compliance tools, network security appliances, and host-based security systems.

  • Defines and validates baseline security configurations for operating systems, applications, networking and

telecommunications equipment.

  • Interfaces with third-party vendors to evaluate new security products or as part of a security assessment

process. Maintains contact with vendors regarding security system updates and technical support of security
products.

  • Coordinates with vendors to ensure managed services are implemented and maintained appropriately.
  • Reviews and delivers information security performance summary with analytical evaluation to leadership

teams, as needed. Identifies areas needing improvement and develops recommendations.

  • Leads and reviews application security risk assessments for new or updated internal or third party

applications.

  • Evaluates and recommends tools and solutions that provide security functions.
  • May assist security forensic investigators.
  • Provides advice to management on 'balance' between business needs and data security.
  • Mentors and trains team members and peers on security solutions and actively participates on system and

application improvement project teams. Serves as a project lead on security-related matters.
Who are the customers?
All New Mexico state agencies that use the Department of Information Technology's Data Network.
Ideal Candidate
All New Mexico state agencies that use the Department of Information Technology's Data Network.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and three (3) years of experience in IT security or compliance validation (e.g., HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling seven (7) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g., CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g., PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience.
Employment Requirements
Must possess and maintain current ID or Driver's License. Pre-employment background investigation is required, and employment is conditional pending results.
Working Conditions

  • Office setting with extensive personal computer and telephone usage with extended periods of sitting.
  • Working in a cold data center environment.
  • Must also be able to lift 25 lbs.
  • Work after hours on call
  • Travel in a state vehicle throughout the state.

Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Natisha Montoya Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.

Ready to apply?
You'll be redirected to State of New Mexico's application page.