Santa Margarita Water District

Cybersecurity Analyst

Onsite - Rancho Santa Margarita, CA
$100K - $150K Annually
Application Deadline: 5/14/24

Class specifications are intended to present a descriptive list of the range of duties performed by employees in the class. Specifications are not intended to reflect all duties performed by individual positions.


Under general supervision, the Cybersecurity Analyst will be responsible for cybersecurity processes and procedures, assist with cybersecurity architecture, design, requirement validation and verification, and handle the day-to-day cybersecurity duties of the District’s system infrastructure.

This position will also support System Analyst activities as they relate to the District’s enterprise systems. This includes secured implementation and support of host systems, communications, business systems and network infrastructure; also performs technical tasks related to evaluating, introducing, and maintaining information technology systems. A business system in this role includes Geographical Information (GIS) systems, Financial Information (FIS) systems, Customer Service Information (CIS) systems, Maintenance Management (CMMS) system, Utility Billing (UB) systems, and Capital Program Management (CPM) systems (among others).


The Cybersecurity Analyst job class is distinguished from the Systems Analyst job class in that the former has a primary focus on all cybersecurity activities for the District’s business systems. Activities include design, implementation, maintenance and continuous improvement to the security posture of all District business systems.

Positions in this class typically have intermediate work experience in the given subject area and past experience in a system analyst capacity. This classification will support and coordinate cybersecurity tasks under general direction. A Cybersecurity Analyst typically works under general supervision while learning job tasks, progressing to direction as procedures and processes of assigned area of responsibility are learned. This classification will work on strategic or project level tasks when directed and interface with vendors on an semi-regular basis.

This position reports directly to the Information Technology Manager.


The duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or a logical assignment to this class.

  • Identify weaknesses or misconfigurations in current system designs and recommend and implement solutions.
  • Acts as front-line incident responder; Gathers and analyzes cybersecurity incident-related data and supports the appropriate response.
  • Assist in performing technical project support duties on assigned systems projects in coordination with System Analysts; may be assigned full responsibility for specific systems. implementations relevant to security.
  • Actively monitor threat lists; This includes federal, local, third party, and internal security reports/lists in order to assist staff in proactively applying security patches.
  • Regularly identifies updates to and reviews security policies, standards, guidelines and procedures to ensure ongoing maintenance of security. This includes careful consideration of business, best practices, and security requirements.
  • Actively supports and schedules after hours patching and remediation activities.
  • Supports disaster recovery and business continuity activities. This includes supporting initiatives that reduce system downtime, identify & resolve misconfigurations, or restore a system. In addition, will initiate and monitor vendor performance and activities during critical software or hardware incidents.
  • Perform analysis and provide recommendation for procurement of secure software and hardware solutions. This includes gather pricing information, reviewing vendor privacy, data ownership, vulnerability response, and software lifecycle policies. This also includes reviewing vendor code and gathering vendor quotes to assist in budget preparation.
  • Provide metrics and reporting on system security health: this includes active updates on weekly, monthly, quarterly, and annual cybersecurity tasks.
  • Coordinating quarterly disaster and recovery analysis, planning, testing and system administration of systems.
  • Provides security impact analysis on activities that impact the security of a District system or process; These activities may involve selection, implementation, reconfiguration, or upgrade activities of systems or processes.
  • Provides after hours availability to support a continuous operation, as required by District systems. This may include working an alternative work schedule to support after hours security activities.
  • Provide continuous research in support of identifying best practices across cybersecurity, information systems, and water utilities to provide updates and integrate new methods and tools as appropriate.
  • Implements internal control, network security methodologies and other security systems for data, systems, and hardware protection and recovery procedures; ensures timely and accurate back-up of data; maintains appropriate confidentiality of sensitive information.
  • Performs a variety of specialized, highly technical and complex security-oriented activities related to database system or network system duties in support of specialized functions or programs.
  • Provides operational support to the District’s network and systems infrastructure. This includes but is not limited to programming, building, analyzing, diagnosing, maintaining, securing and operating various network devices and systems.
  • Maintain effective relationships with third party providers and support personnel.
  • Perform other related duties as assigned.

Ability to:

  • Perform a variety of professional level duties related to technical and operational support. This includes providing internal customer service for District departments.
  • Perform a variety of professional cybersecurity level duties related to the design, maintenance, remediation, and recovery of systems and processes. This includes supporting the continuous scanning, remediation, and testing of devices.
  • Work efficiently and effectively with various software, hardware, operating systems, databases, network systems, business functional systems, cloud platforms, and telecommunications systems.
  • This includes the installation, upgrade, maintenance and troubleshooting of these systems.
  • Incumbent can write clearly and effectively to support the update and development of policies and procedures.
  • Monitor computer information system utilization and recommend appropriate revisions to processes.
  • Develop and test programs; prepare test data, and test and debug application programs.
  • Establish and maintain effective working relationships with those contacted in the course of work. This includes the ability to exhibit a positive customer service attitude at all times.
  • Communicate clearly and concisely, both orally and in writing. This includes a strong understanding or proper business communications.
  • Play a lead role in being a proponent of cybersecurity awareness and training for end users. This includes actively supporting the safeguarding of confidential and private information in the course of business. This includes understanding the proper and improper ways to distribute information in the course of business.
  • Play a significant role in incident response, business continuity, and disaster recovery processes.
  • Exhibits appropriate business professionalism.
  • Know and understand all aspects of the job.
  • Intermittently analyze work papers, reports and special projects.
  • Identify and interpret technical and numerical information.
  • Observe and follow operational and technical policy and procedures.

Knowledge of:

Intermediate to advanced knowledge of secure system analysis. This includes knowledge of best practices in system design, programming, configuration, and security planning. This includes intermediate to advanced level knowledge of networks, database systems, business functional systems, cloud providers, and other hardware and software technology.


Any combination of experience and training that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be:

A bachelor’s degree from an accredited college or university in computer science, information systems, engineering, or a related field is preferred (a degree with a focus on information security is a plus) and three years of professional level information technology technical and operational support with an emphasis in cybersecurity is desirable with prior experience or education in information security, disaster recovery, and incident response. 

Licenses; Certificates; Special Requirements:

Possession of or the ability to obtain a valid California Class C driver’s license and the ability to maintain insurability under the District’s vehicle insurance program. 

One or more of the following certifications is desirable:

  • Certified Penetration Tester (CPT) and Certified Ethical Hacker (CEH)
  • Certified Expert Penetration Tester (CEPT)
  • Cisco CCNP (Cisco Certified Network Professional) Security
  • Microsoft MSCE (Microsoft System Certified Engineer) Server Infrastructure
  • CompTIA Security+ (PLUS)
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Industrial Cyber Security Professional (GICSP)
  • GIAC Critical Infrastructure Protection (GCIP)
  • GIAC Response and Industrial Defense (GRID)

Software and Hardware Experience

Experience with the following technologies is preferred:

  • Microsoft Windows Server and Workstation OS
  • Microsoft Active Directory
  • Microsoft System Center
  • Powershell & Python Scripting
  • Data Encryption (both in transit & at rest) – TLS, TDE etc.
  • Vulnerability Scanning & Remediation (Nessus, OpenVAS, InsightVM or other)
  • SANS Sift, DEFT Zero, Kali Linux or other similar
  • Application Layer Management
  • Certificate Authority / Public Key Infrastructure
  • Network Mapping (NMAP)
  • Encrypted DNS Security
  • Wireshark
  • Intrusion Detection and Prevention Systems (IDS/IPS)
  • Security Information and Event Management (SIEM)
  • Network Switches, Router, and Firewall Configuration
  • Microsoft SQL Server

Physical Demands

Employees must meet the following requirements, which are necessary to successfully perform the essential functions of this class: sit at a desk on a continuous basis for long periods of time; intermittently twist, reach, bend, and stoop; lift or carry weight up to 25 pounds, and have hearing and vision within normal ranges. The employee is regularly required to sit, walk and stand; talk and hear; use hands to finger, handle, feel or operate objects, tools or controls; reach with hands and arms; perform repetitive movements of hands or wrists; stoop, kneel, bend at the waist. Specific vision abilities required for this job include close vision, color vision and the ability to adjust focus.

Mental Demands

While performing the duties of this class, an employee uses written and oral communication skills; reads and interprets data, information and documents; analyzes and solves problems; uses math and mathematical reasoning; observes and interprets people and situations; learns and applies new information and skills; performs highly detailed work; deals with changing deadlines, constant interruptions and multiple concurrent tasks; and interacts with others encountered in the course of work.


The employee works in an office environment around other equipment where the noise level is usually quiet.

Please visit our job opportunities page to apply at: