Cybersecurity Analyst

Cybersecurity Analyst

The Cybersecurity Analyst supports the county's security posture by performing vulnerability assessments, owning the vulnerability management program, leading Microsoft Purview data classification operations, and contributing to compliance activities aligned to the NIST Cybersecurity Framework (CSF). This is an early career security analyst position in an expanding cybersecurity operation. The analyst will own defined program areas within vulnerability management and data classification, draft cyber security policy and standards documentation, and manage the operational components of the county's cybersecurity awareness training program in coordination with the ITS training team. The role reports to the network security administrator and works across ITS teams and county departments to identify, assess, and remediate security risks to county systems and data.

Essential duties and responsibilities include:

• Own the vulnerability management program lifecycle — define scan schedules and SLA thresholds, conduct regular vulnerability scans across county infrastructure including servers, endpoints, network devices, and cloud-hosted services, track remediation trending over time, and produce actionable risk-ranked findings reports for ITS leadership.
• Lead Microsoft Purview onboarding for county departments including departmental collaboration, sensitivity label taxonomy design, content classification rule maintenance, and exception adjudication. Ensure county data classification standards are enforced consistently across Microsoft 365, SharePoint, Azure, and on-premises repositories.
• Support compliance and data classification activities under HIPAA, CJIS Security Policy, and applicable state and federal data privacy requirements by mapping technical controls to framework requirements and documenting compliance status.
• Draft cybersecurity policies, standards, and procedures grounded in the NIST Cybersecurity Framework for review by the Network Security Administrator, including documentation covering asset management, access control, and incident detection categories.
• Monitor security alerts from existing tools (endpoint protection, email filtering, firewall logs) and triage potential incidents, escalating confirmed threats per established procedures.
• Coordinate patch management activities with infrastructure and applications teams to ensure timely remediation of known vulnerabilities, tracking patch compliance against defined SLAs.
• Support ITS in conducting risk assessments for new technology procurements and system changes using ITS security and risk assessment rubrics.
• Manage the compliance components of the county's mandatory cybersecurity awareness training program in coordination with the ITS training team, including phishing simulation campaign execution, compliance tracking, automated notifications, and credential suspension workflows for overdue participants. Produce and deliver quarterly metrics reports to ITS leadership on training completion rates, simulation results, and program effectiveness.
• Participate in incident response activities including detection, containment, documentation, and post-incident review. Contribute to the development of incident response playbooks as the county builds its response capability.
• Assist in updating documentation on security controls, vulnerability management metrics, and compliance posture for reporting to ITS leadership and county stakeholders.
• Research emerging threats, vulnerabilities, and attack techniques relevant to local government environments.
• Assist with identity and access management reviews, including periodic access certifications and privileged account audits across county systems.

Required knowledge, skills, and abilities include:

• Working knowledge of vulnerability scanning tools (e.g., Nessus, Microsoft Defender Vulnerability Management, Qualys or similar) and the ability to interpret scan results and prioritize remediation based on risk.
• Familiarity with the NIST Cybersecurity Framework (CSF) and the ability to map organizational practices to CSF categories and subcategories.
• Understanding of data classification concepts and applied classification and data loss prevention frameworks.
• Practical experience with Microsoft Purview Information Protection, sensitivity labels, or comparable data classification tooling and in onboarding businesses (e.g., teams, offices, departments) with onboarding and utilizing Purview including cloud (MS SharePoint and Azure) and on-prem repositories.
• Knowledge of common network protocols, operating systems for Microsoft (Windows Server, Windows 10/11), and Active Directory/Entra ID administration sufficient to understand security implications.
• Familiarity with HIPAA Security Rule requirements.
• Ability to produce clear, concise written reports and briefings that communicate technical findings to non-technical audiences, including department heads and elected officials.
• Ability to work across teams and organizational boundaries, coordinating remediation activities with staff who do not report to ITS.

• Working understanding of common attack vectors, the MITRE ATT&CK framework, and how threat intelligence applies to vulnerability prioritization.
• Ability to manage competing priorities and maintain documentation discipline in an environment where processes are being established for the first time.

Required qualifications include:

• Bachelor's degree in cybersecurity, information technology, computer science, or a related field. An equivalent combination of education and directly relevant experience will be considered.
• Minimum 3 years of experience in information security, vulnerability management, IT audit, or a related discipline. Public sector experience is preferred but not required.
• At least one active industry certification: CompTIA Security+, Microsoft Security Operations Analyst, or GIAC GSEC, or equivalent.
• Experience with Microsoft Purview, Microsoft Defender for Endpoint, or Microsoft 365 security and compliance tools.
• Familiarity with SIEM platforms (e.g., Microsoft Sentinel, Splunk, Elastic) and security log analysis.

Preferred qualifications include:

• Experience with NIST SP 800-53 controls, CIS Controls v8, or NIST SP 800-171.
• ISACA CISM, ISACA CCOA, CompTIA CySA +, or GIAC GCIH certification.
• Experience supporting HIPAA or CJIS compliance programs.
• Experience developing or contributing to cybersecurity policies, standards, or governance documentation.

Physical demands include:

Work is performed primarily in an office environment with standard business hours. Occasional evening or weekend work may be required during security incidents or planned maintenance windows. This position may require on-call availability on a rotating basis as the county's monitoring capability matures. Some travel between county facilities may be required.

AI and Emerging Technology Competency

Montgomery County ITS is actively adopting generative AI and automation tools to improve operational efficiency. The Cybersecurity Analyst is expected to develop competency with AI-assisted security tools, including AI-driven threat detection, automated vulnerability prioritization, and AI-supported compliance documentation. The analyst should approach these tools with practical curiosity and ability test and operate tools within established security boundaries to ensure the safety of county data and operating systems.

Equal Employment Opportunity

Montgomery County is an equal opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic.