The Allegheny County Airport Authority [ACAA] invites you aboard our mission to create meaningful travel experiences in the aviation industry. As Pittsburgh’s gateway to the world, both Pittsburgh International Airport and Allegheny County Airport serve as beacons of change and connectivity for our region. As a member of our crew, you will directly serve, inspire, and advance our community in significant ways that impact the daily lives of others and the future of our organization. Whether you have a passion for travel, an appreciation for aeronautics and aviation, or an unparalleled love for the city of Pittsburgh, ACAA provides the opportunity for the next chapter of your career to take flight.

Our culture is one that emphasizes high performance, innovation, and learning. We know that those things only happen when everyone who works in an organization is properly empowered, equipped, and enabled in their roles to make an impact. At ACAA success is a shared responsibility, and we look forward to supporting and developing the unique strengths you could bring to our team.

Job Summary

The ACAA’s Cyber Security Analyst assumes responsibility for using data collected from various cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments to mitigate threats.

Here is how the Cyber Security Analyst will help:

• Develop content for cyber defense tools.
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Plan and recommend modifications or adjustments based on exercise results or system environment.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
• Examine network topologies to understand data flows through the network.
• Recommend computing environment vulnerability corrections.
• Identify and analyze anomalies in network traffic using metadata.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
• Isolate and remove malware.
• Identify applications and operating systems of a network device based on network.
• Perform additional duties as assigned.

The successful candidate for the role of Cyber Security Analyst will demonstrate the following key competencies needed in our culture:

• Communication - Proactively conveys a clear, convincing, and timely message; Communicates effectively using two-way communication through strong verbal, written, and listening skills
• Strategic Thinking - Thinks “big picture”; Forward thinking and adept at seeing future outcomes and results; Commits to a course of action to accomplish individual, team and organizational goals
• Team Builder - Recognizes the value of teamwork and being an effective contributor to the team that drives desired results
• Customer Centricity - Aware of customer needs and the prioritization of our customers both internal and external; Makes decisions with customer in mind; Builds strong customer relationships

Qualifications

Requirements to apply for role of Cyber Security Analyst are:

• Bachelor’s degree in information science, computer science, or a related field.
• Five (5) years of professional experience in cyber security in an enterprise environment.
• Broad knowledge of cybersecurity architecture, industry standards, procedures, and guidelines.
• Experience with complex, multi-platform environments, including SCADA and ICS.
• Familiarity with ITIL, NIST CSF, NIST SP800-82 & SP800-53.
• A relevant cybersecurity certification, including but not limited to GIAC Global Essentials (GSEC), GIAC Certified Cyber Threat Intelligence (GCTI), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP).

We also expect that candidates will demonstrate the following knowledge, skills, and abilities in most cases:

• Strong ability to analyze malware.
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
• Considerable knowledge of:

- determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

- evaluating the adequacy of security designs.

- using incident handling methodologies.

- using protocol analyzers.

- collecting data from a variety of cyber defense resources.

- recognizing and categorizing types of vulnerabilities and associated attacks.

- and interpreting signatures (e.g., snort).

- assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).

- performing packet-level analysis.

Don’t meet every requirement?

Studies have shown that women and people of color are less likely to apply to jobs if they don’t meet every single qualification. As a Smarter Airport, we recognize that talent is not always related job history and skills come from valuable experiences that aren’t always shown on a resume. If you are excited to make a positive change for our region, but your experience doesn’t align perfectly, we encourage you to apply. You may be the right candidate for our organization, whether it be this role or another.

Caring For Our Crew

At ACAA, we’ve got you covered. That applies to how we equip, empower, and enable our people to do their jobs. It also applies to our benefits, which are broader and more valuable than what many other employers offer:

• We offer two plan options for healthcare coverage from high-quality insurance carriers, as well as an ACAA-funded Health Reimbursement Account (HRA) that will help offset the cost of many medical expenses.

- ACAA employees pay almost $1,200 less per year in healthcare payroll contributions than the average employee in other companies, according to market surveys.

- When HRA funding is included, the health-plan deductibles paid by ACAA employees are about $1,200 lower on average than the costs paid by employees of other companies.

- ACAA does not require that employees meet a separate deductible for pharmacy expenses before prescription-drug coverage kicks in.

• ACAA’s dental plans (included with healthcare coverage) offer an option covering children’s orthodontia.
• Employees also can take advantage of a Flexible Spending Account (FSA) to help pay for health care and dependent care expenses on a pre-tax basis.
• All eligible full-time ACAA employees participate in the Allegheny County Employees Pension Plan, a defined-benefit plan that vests after 10 years of service.
• Employees also may participate in a Deferred Compensation Plan, which allows them to contribute part of their pay on a pre-tax basis into long-term retirement investments.
• A robust Employee Assistance Program (including access to free counselling sessions, financial guidance, and care coordination), life insurance options, a wellness program, and eligibility for the Public Service Loan Forgiveness program round out ACAA’s exemplary benefits.

About Allegheny County Airport Authority

Allegheny County Airport Authority, which manages Pittsburgh International Airport (PIT) and Allegheny County Airport (AGC), is committed to transforming Pittsburgh’s airports to reflect and serve the community, inspire the industry, and advance the region’s role as a world leader.

Pittsburgh International Airport serves nearly 10 million passengers annually on 17 carriers and was named by Fast Company magazine as One of the Most Innovative Companies in the World as well as a finalist in its World Changing Ideas awards, both in 2020. PIT’s first-of-its-kind microgrid – which completely powers the airport campus through natural gas and solar energy – has won numerous awards for resiliency and sustainability.

PIT is in the midst of an ambitious terminal modernization that will make the passenger experience more efficient and deliver real opportunity for the region. The $1.4 billion new terminal program will construct a smarter, greener airport, inspired by the best of our region. The updated terminal lands in 2025 and will be the first airport terminal in the U.S. to be built from the ground-up post-pandemic, designed and constructed with the highest public health standards in mind.

EEO

PI210320493