Senior Cyber Security Analyst - (25-IT-601015-079)

The intent of this job description is to provide a representative summary of the major duties, locations, and responsibilities performed by incumbent(s) in this job.  Incumbent(s) may not be required to perform all duties in this description, and incumbent(s) may be required to perform work-related tasks other than those specifically listed in this description.  This job description is not a “contract” between the employee and the Authority.  The job duties and essential functions may be changed at the discretion of the General Manager.

 

General

 

Job Title: Senior Cyber Security Analyst Job Code: P0548 Supervises Directly: No     New or Revised: Revised Regular or At-Will: At-Will Date Last Revised: 5/23/2025 Exempt or Non-Exempt: Exempt Compensation Approval Signature:   Union/ Non-Union: Non-Union Department Name and Division:  IT-Information Security Salary Schedule:  Non-Union Salary Range Cost Center Code:    601015 Grade: NU17 Essential Position: No Reports To: Director, Cyber Security Services EEO Code: Professionals Work Format Hybrid

 

Who We Are & What We Do:

At DC Water, we provide more than 700,000 District of Columbia residents and 24.6 million annual visitors with essential water, wastewater, and stormwater services. DC Water also provides wholesale wastewater treatment services for 1.8 million people in Montgomery and Prince George's counties in Maryland, and Fairfax and Loudoun counties in Virginia. We aspire to be known for superior service, ingenuity, and stewardship to advance the health and well-being of our diverse workforce and communities. To achieve this vision, we commit to our shared mission every day—exceeding expectations by providing high quality water services in a safe, environmentally friendly, and efficient manner.

 

Role Description:

The Senior Cyber Security Analyst is responsible for the administration of deployed cyber control technologies.  The role is part of the Security Operation Center (SOC) which monitors, analyzes, detects, and responds to cyber incidents on both traditional IT and Operational Technology (OT) networks.  The role coordinates with both the Information Technology (IT) team and Operational Team (OT) to ensure individuals have the appropriate access to DC Water Resources, monitors vulnerabilities and threats, collects intelligence, assists in disaster recovery operations, and in updating cyber controls with intelligence obtained from third-party providers. This role is also responsible for the identification of IT assets supporting DC Water’s business processes.

 

Essential Duties & Responsibilities:

• Supports the Director, Cyber Security Services, in ensuring DC Water’s preparedness to address cyber risks.
• Maintains user access controls for computing resources.
• Monitors SOC operations to detect, analyze, and respond to cyber incidents, including intrusion attempts, malware infections, and other security threats, across IT and OT networks.
• Analyzes security events and incidents within the DC Water Computing and Network environment, investigating root causes, assessing impact, and coordinate and document response actions to mitigate risks and minimize operational disruptions.
• Tests, implements, deploys, maintains, reviews, and administers the infrastructure software required to effectively manage the DC Water network defenses and resources.
• Monitors DC Water’s network to actively remediate unauthorized activities.
• Assists in disaster recovery operations, using preparation, identification, mitigation, remediation, and recovery approaches, as needed to maximize business resilience and information security.
• Collaborates with the Director, Cyber Security Services, to incorporate threat intelligence obtained from third-party providers into Cyber Controls, enhancing DC Water's ability to proactively identify and mitigate emerging threats.
• Conducts and reports outcomes of vulnerability and penetration testing on IT and OT systems, identifying and prioritizing vulnerabilities for remediation to reduce the risk of exploitation by malicious actors. 
• Uses advanced threat hunting techniques and tools to identify and neutralize threats before they escalate.
• Documents security incidents, investigations, and response activities in accordance with established procedures, ensuring accurate and thorough reporting for compliance, audit, and legal purposes. 
• Determines deviations from acceptable configuration, vendor, or IT Policy.
• Generates security metrics, dashboards, and reports to provide visibility into key cybersecurity performance indicators, trends, and emerging risks for the senior executive team.
• Oversees the receipt and distribution of IT assets owned, leased, or subleased by DC Water to IT and OT, including creation and maintenance of supporting documentation to manage the acquisition and disposal of IT assets.
• Continuously assesses and improves DC Water's cybersecurity capabilities, processes, and procedures, leveraging lessons learned, industry best practices, and emerging technologies to enhance overall cyber resilience and readiness.

 

Supervisory Responsibilities: N/A

 

Key Working Relationships: Works with the Information Technology Solution Center (ITSC) and Infrastructure teams to enable the delivery and disposal of computing and network assets. Maintains and manages Role-Based Access to the Information Technology Asset Management Database. Partners with internal stakeholders to understand and logically document current and future processes.

 

Skills & Qualifications:

The qualifications listed below are representative of the knowledge, skill, and ability necessary for an individual to perform each essential responsibility satisfactorily. Reasonable amounts of training are provided.

 

Required Skills & Qualifications

Required Experience: Minimum 5 years of experience in Information Systems. Strong understanding of the key functions of cybersecurity, cyber risk mitigation strategies, and event and incident flows within a Security Event and Incident (SEIM) system. Ability to define the problem, generate and select alternatives, and implement solutions. Intermediate understanding of MITRE and Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework for Information Technology and Operational Technology Networks. Strong understanding of one or more computer programming and/or scripting languages (PowerShell, KQL, Python, etc.). Intermediate understanding of network ports, protocols, and services, host and network-based Intrusion Prevention Systems (IPS). Advanced understanding of system and network logging events. Familiarity with the National Institute of Standards and Technology NIST 800-53 Control Families and the NIST Cyber Incident Response steps. Minimum Education Requirements: A Bachelor’s degree in Information Systems, Computer Science, or a related technical field from an accredited college or university. Required Skills: Cybersecurity Tools & Technologies Information Security Access Control Incident Response Adaptable & Agile Attention to Detail Analytical & Problem-Solving Skills Teamwork Communication Skills Required Licenses & Certifications: None Required Languages:  English  Physical Requirements:  General Office Conditions

 

Preferred Skills & Qualifications

Preferred Experience: Experience in cybersecurity incident response and network security monitoring and must be proficient in using technology tools such as CheckPoint, Azure, Microsoft Entra, Defender, and Purview.  Preferred Education Requirements: Master’s degree in cybersecurity, information technology security, computer engineering, computer information systems, computer science or related field from an accredited college or university. Preferred Skills: Cyber Threat Intelligence Vulnerability Assessment Cyber Risk Analysis & Mitigation Continuous Monitoring Emerging Trends in Cybersecurity Business Alignment Enterprise Security Messaging KPI/KPR Validation and Oversight Security Compliance Reporting Training Design and Development Preferred Licenses & Certifications: Certifications in cybersecurity, such as a CompTIA Security+, GIAC Certifications, or similar. 

 

*The work environment characteristics described in the physical requirements section of the required skills & qualifications table are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential responsibilities. 

 

Your Experience at DC Water:

At DC Water, our people make us an industry leader. Join a group of thinkers, innovators, and problem solvers focused on protecting life’s most precious resource in the nation’s capital.

 

• Take pride in your work. We provide an essential service and do work that matters. A career at DC Water is an exciting opportunity to help improve the environment and make a lasting difference for the community.

 

• Connect to a strong culture. Everything we do is grounded in our shared values—accountability, trust, teamwork, customer focus, safety, and wellbeing.

 

• Be your true self. We are an inclusive organization that embraces diversity, and we recognize and celebrate employees’ individuality and unique contributions.

 

• Build your skills and career path. We are committed to developing a future-ready workforce by helping our employees develop skills for the jobs of tomorrow. 

 

We are proud to be an EEO/AA employer M/F/D/V.

We maintain a drug-free workplace and perform pre-employment substance abuse testing

 

The Americans with Disabilities Act prohibits discrimination against “qualified individuals with disabilities”.

If a reasonable accommodation is needed to participate in the job application or interview process, to

perform essential job functions, and/or to receive other benefits and privileges of employment, please

email complianceada@dcwater.com.