Senior Product Security Assurance Analyst (term-limited)

Salary range is $81k to $180k, with a midpoint of $129k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market.

Sound Transit also offers a competitive benefits package with a wide range of offerings, including:

• Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner.
• Long-Term Disability and Life Insurance.
• Employee Assistance Program.
• Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution).
• Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
• Parental Leave: 12 weeks of parental leave for new parents.
• Pet Insurance.
• ORCA Card: All full-time employees will receive an ORCA card at no cost.
• Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses.
• Inclusive Reproductive Health Support Services.
• Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues.

This is a term limited position of 5 years.

GENERAL PURPOSE:

Under general direction, the Security Assurance Analyst assists with the operations of the Agency's Information Security program for its technology assets. The Security Assurance Analyst plays a critical role in safeguarding the agency's digital assets by conducting individual system audits, assisting in vulnerability management tasks, security control configuration management, and other security assurance efforts required to ensure major systems and applications comply with internal security controls and industry requirements. This position requires technical expertise, critical thinking, and the ability to collaborate across teams to ensure a resilient security posture.

ESSENTIAL FUNCTIONS:

The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties.

• Conduct security reviews of systems and applications to ensure they follow internal requirements and industry standards (ISO 27001, NIST, etc.).
• Support internal and external audits of agency-wide applications through ongoing collection, validation, and organization of compliance evidence.
• Lead/Manage focused penetration testing, code analysis, segmentation testing, etc.
• Conduct system-specific vulnerability assessments.
• Translate agency security policy into actionable product-level requirements.
• Support security incident response activities.
• Advise on security control requirements for ongoing technology implementations.
• Manage vulnerability remediation efforts.
• Participate in the creation and management of information security governance documents (policies, standards, baselines, guidelines, and procedures).
• Review system architecture and design documents for principles of security by design.
• Ensure adherence to secure coding, encryption, and data handling standards for new applications.
• Track relevant assurance program metrics.
• Prepare regular reports on relevant metrics for different stakeholders.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Assist with ensuring that agency technology assets, systems, services, and facilities are compliant with information security procedures.
• Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency.
• Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy.
• It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees.
• It is the responsibility of all employees to integrate sustainability into everyday business practices.
• Other duties as assigned.

MINIMUM QUALIFICATIONS:

Education and Experience: Bachelor's Degree in Computer Science, Information Technology, Engineering, or closely-related field. Five years of general information technology experience with a focus on IT Security, Risk Management, Data Protection or Compliance; Or an equivalent combination of education and experience.

Required Licenses or Certifications:

One or more of the following certifications (valid and current):

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security+
• Any relevant GIAC
• Certified Cybersecurity Operations Analyst (CCOA)
• Associate of (ISC)2

Preferred Licenses or Certifications:

• ITIL
• Project Management

Required Skills & Knowledge:

• Strong command of and familiarity with modern security technologies, including (but not limited to) SIEM, SOAR, EDR, Vulnerability Scanning, PIM, PAM, certificate management, DLP.
• Strong understanding of information security assurance.
• Understanding and functional command of relevant security controls for financial and business critical systems.
• Familiarity with Microsoft's security technologies and products.
• Experience with cybersecurity auditing and consulting.
• Understanding of Zero Trust architecture and modern security frameworks.
• Strongly preferred: Knowledge of scripting or automation (Python, PowerShell).
• General knowledge of the NIST 800 series standards and the ISO 27001/2 frameworks.
• Working technical knowledge of general IT system architectures, software, hardware, protocols, and standards.
• Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint) as well as general proficiency with software applications in general
• Ability to work independently and manage multiple priorities.
• Effective workload prioritization and self-organization
• Effective project management skills.

Physical Demands/Work Environment:

• Work is performed in a standard hybrid office environment.
• Position is required to speak about and perform complex graphical interfaces and software that are not suitable for accommodations. May be subject to talking and seeing.
• The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required.

Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class.