SCADA Security Analyst II

Johnson County Government is seeking a skilled and experienced Security Analyst II to join our team. In this role, you will play a critical part in maintaining and enhancing our security posture, with a strong emphasis on securing SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems) environments. You will assist with security projects, support the continuous improvement of our security practices, and safeguard our valuable information assets by designing, implementing, and monitoring information protection activities. This position bridges the gap between traditional IT security and the unique challenges of securing Operational Technology (OT) environments. The ideal candidate will possess a deep understanding of both domains and be capable of applying cybersecurity principles across converged IT/OT infrastructures.

This position is currently eligible to work in a hybrid work environment with both onsite and remote work. Residency within the Kansas City-Overland Park-Kansas City, MO-KS Combined Statistical Area, which generally includes the Kansas counties of Johnson, Wyandotte, Leavenworth, Miami, and Linn, and the Missouri counties of Jackson, Clay, Platte, Cass, and Ray, is required.

Key Responsibilities

Strengthen Johnson County's security posture through technology evaluation, process improvement, and secure architecture design.
• Assist in threat identification and analysis for current and evolving risks and vulnerabilities and work to minimize or neutralize security weaknesses.
• Conduct and analyze penetration tests and vulnerability scans, taking corrective action as needed to address security weaknesses efficiently and effectively.
• Perform risk assessments and security reviews of SCADA/ICS systems and propose changes to ensure operational continuity and compliance.
• Support the deployment of new technologies and coordinate security projects.
• Monitor, analyze, and respond to security incidents, advisories, and alerts affecting both enterprise and industrial networks.
• Conduct reporting and auditing of Identity and Access Management.
• Work with end users and operational teams to ensure secure functionality and promote security awareness.
• Maintain technical documentation of security procedures, standards, and strategies.
• Utilize forensic tools to collect and analyze data related to security events.
• Participate in on-call rotation.
• Collaborate with both IT and OT teams to develop and implement unified security strategies that protect enterprise and industrial control systems.
• Design and enforce security controls that are tailored to the distinct needs of OT environments (e.g., availability and safety) while aligning with IT governance and compliance standards.
• Serve as a liaison between IT security, SCADA engineers, and operational stakeholders to ensure cohesive risk management and incident response across all technology layers.

Required Experience

• Bachelor's degree in Information Technology or a related field*
• 4+ years of experience in information technology.
• 2+ years of experience in information security, including risk analysis and management.
• 2+ years of hands-on experience securing SCADA and ICS environments, with a focus on threat mitigation, system hardening, and operational continuity.

*Experience may be substituted for education. Education may be substituted for experience.

Special Knowledge & Skills Required

• Hands-on experience with SCADA and ICS systems, including knowledge of their unique security challenges and best practices for securing OT environments.
• Analytical skills, including the ability to research, interpret data, conceptualize data, analyze information, and write formal recommendations based on findings.
• Understanding of and experience with routing/networking protocols as well as encryption methods and technology.
• Demonstrated ability to navigate the cultural and technical differences between IT and OT teams, fostering collaboration and shared security ownership.
• Experience with converged network architectures, including segmentation strategies for IT/OT environments.
• Comprehensive understanding and substantive experience in two or more of the following IT disciplines:
  • Endpoint management
  • Systems administration
  • Network design and administration
  • Software applications development
  • Security management

Soft Skills Required

• Strong interpersonal and collaboration skills.
• Curiosity and a proactive approach to problem-solving.
• Written communication skills, including business writing, report writing, summarizing, and editing skills.
• Oral communication skills, including presentations to individuals, as well as small and large groups.
• Facilitation skills, including ability to use group decision making to gain commitment/consensus and ability to encourage participation.

Preferred Qualifications

• 1+ years of experience in project management.
• Familiarity with IT security standards (ISO, NIST) and regulatory frameworks (CJIS, HIPAA, PCI).
• Experience implementing security control frameworks such as the Center for Internet Security (CIS) Benchmarks and/or Security Technical Implementation Guides (STIGs) to ensure system hardening and compliance.
• Experience supporting Microsoft business applications (Active Directory, Exchange, Azure, Entra, Purview, Defender for Office365).
• Experience using network analysis tools, scripting languages including UNIX command line utilities, software vulnerabilities, exploits and malware.
• Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or similar certification.
• Experience implementing security frameworks that span both IT and OT, such as NIST SP 800-82 or ISA/IEC 62443.

Johnson County Government requires reference/background screening for all positions. Specified criteria may vary by Department/Agency.