Senior IT Security Analyst (Applications)

Salary : $88,416.00 – $116,016.00 Annually

Location : Olympia, WA

Job Type: .REGULAR: Full-Time

Remote Employment: Flexible/Hybrid

Job Number: 2023-91

Division: Information Services Division

Department: Policy & Planning-IT Security (I7B)

Opening Date: 10/04/2023

Closing Date: Continuous

Position Profile

As the Senior Information Security Analyst (SISA) (Applications), you will be responsible for providing security for all Administrative Office of the Courts (AOC) information technology applications with your main focus being on current and new in-house developed or 3rd party applications. You will work to ensure the confidentiality, integrity, and availability of applications and data.

The SISA conducts planning, analysis, development, implementation, maintenance and enhancement of information systems security programs, policies, procedures and tools. The SISA conducts comprehensive assessments on aspects of the information technology security environment, developing detailed reports, and planning and coordinating remediation operations. Additionally, the SISA is instrumental in developing procedures for, and serves as a member of, the enterprise Incident Response Team.

Washington Courts Employment Opportunity

Administrative Office of the Courts

Senior IT Security Analyst (Applications)

Information Services Division

Our Mission: Advance the efficient and effective operation of the Washington Judicial System.

The Administrative Office of the Courts (AOC) is looking for top-performing employees who embody its core values integrity, inclusion, accountability, and teamwork. It is committed to both employee growth and work-life balance.

Our diversity and inclusion efforts include embracing different cultures, backgrounds, and perspectives while fostering growth and advancement in the workplace.

POSITION DETAILS

Job #: 2023-91

Status: Regular, Full-Time*

Location: Olympia, Washington

Salary: Range 72: $88,416 – $116,016 per year (DOQ).

Opens: September 11, 2023

Closes: Open until filled. AOC reserves the right to close the recruitment at any time.

Note: Eligible employees who choose to provide proof of up-to-date COVID-19 vaccination as recommended by the at the point in time when proof is provided (between date of hire and December 31, 2023) will receive a one-time lump sum payment of $1000.

WASHINGTON STATE RESIDENCY AND TELEWORK INFORMATION

AOC requires employees to reside in Washington State. Any exceptions must be approved. If you are invited to interview and currently reside outside of Washington State, seek more information about residency requirements from the AOC hiring manager of this recruitment.

Position may be eligible for hybrid working; a combination of telework and working in-office.

Duties and Responsibilities

• Perform security reviews on current and new in-house developed or 3rdparty applications to identify security gaps. This includes the review of security controls and access permissions, threat models, vulnerabilities, and data protection measures, etc.
  • Develop short- and long-term prioritized remediation to address gaps.
• Work with the various teams to implement data protection measures, such as data loss prevention (DLP) policies, encryption, and backup strategies, to safeguard sensitive information stored in on-prem and cloud applications.
• Collaborate with the internal teams to review the security architecture of internal applications, including network configurations, identity and access management (IAM), and secure authentication methods.
• Create and maintain security documentation, such as risk assessments, specific to applications as well as Network diagrams, Threat models, Business Analysis, etc. This ensures that security practices are well-documented and accessible to relevant stakeholders.
• Provide guidance and education to developers that help prevent the authoring of vulnerabilities.
• Contribute to the development of the incident response plan and implement to address security incidents and breaches. This involves coordinating with cross-functional teams, external vendors and authorities, and implementing remediation measures.
• Assess compliance with relevant security standards, regulations, and frameworks (e.g., PCI DSS, Microsoft Cloud Security Benchmark (MCSB), NIST, OWASP, FISMA, StateRAMP and FedRAMP frameworks, etc.). This involves conducting audits, assessing compliance gaps, and implementing necessary controls.
• Collaborate with teams to ensure security activities are integrated into overall operations.
• Work cooperatively with others as an active member of a team, participates and fosters teamwork, and influences others within a team.
• Excellent verbal and written communication skills.
• Interpersonal skills to work across boundaries and to establish and maintain professional working relationships with co-workers, customers and clients.
• Ability to identify, analyze and resolve problems in a consultative manner bringing problems together with recommendations for solutions.
• Seek out industry knowledge and certifications to stay up-to-date with emerging security trends and threats.

Qualifications and Credentials

Education –

• Bachelor’s degree in Computer Science, Cybersecurity, Software/Computer Engineering, or a closely allied field; AND
• Seven (7) years of progressively responsible experience in a combination of the following:
  • Maintaining security standards for a medium or large government agency or organization (state or federal)
  • Addressing complex issues such as application security, access management, risk analysis, security assessments, and vulnerability analysis.

Certifications, Memberships, Licensure or Permits –

Acceptable professional IT certifications that are current can be substituted for up to three (3) years of experience with each certification equivalent to one year of experience.

Acceptable certification(s) include, but not limited to:

• (ISC)2 (CISSP, CCSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CSSLP)
• ISACA (CISA, CISM, CSX-P)
• CompTIA (Security+ CE, CySA+, CASP+, PenTest+)
• SANS (GIAC advanced certifications)

A combination of education, experience, and certifications demonstrating a working knowledge of the functions and work of the SISA may substitute for qualifications listed.

THE IDEAL APPLICANT WILL ALSO HAVE SOME OR ALL OF THE FOLLOWING EXPERIENCE, EDUCATION, KNOWLEDGE, SKILLS, AND ABILITIES

• Strong knowledge of web application security, secure coding and OWASP.
• Proficient in Scripting and/or programming languages such as Python, .Net, HTML, CSS, JavaScript, PHP, SQL, Lua, etc.
• Proficient in configuring and using the following technologies:

• pentesting tools,
• secure code application development and testing tools,
• vulnerability management tools,
• packet sniffers and analysis tools, etc.

• Strong working knowledge of network topologies and protocols (such as TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS and DHCP).
• Solid understanding of cloud security, experience with Azure being a plus.

Supplemental Information

• The workweek may fluctuate depending on workload or agency needs.
• Overnight travel may be required based on business needs.
• This position is not overtime eligible.

The AOC is an equal opportunity employer and does not discriminate based on gender, pregnancy, race, color, national origin, ancestry, religion, creed, physical, mental or sensory disability (actual or perceived), use of a service animal, marital status, sexual orientation, gender identity or expression, veteran or military status, age, HIV or Hepatitis C status, or any other basis protected by federal or state law. Persons of disability needing assistance in the application process, or those needing this announcement in an alternative format, please contact the AOC Human Resource Office, at (360) 705-5337, or fax (360) 586-4409, or via email to Recruitment@courts.wa.gov.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and complete the required employment eligibility verification form upon hire.

SPECIAL NOTE: Before a new hire, a background check, including criminal history, will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant’s suitability and competence to perform in the job.

The AOC is a team-oriented culture, and a balance of family and work-life in a wonderful community. We offer a family-friendly package of pay, benefits, paid time off, and workplace opportunities to help you get the most out of your career and life.

Our compensation plan includes:

• Health, Dental, and Vision Plans
• Retirement Plan Options
• Deferred Compensation Plan
• Paid Time Off (Vacation, Sick Leave and Holidays)
• Paid Basic Life Insurance Policy and Long Term Disability Insurance
• Employee Assistance Program
• Flexible Spending Account and Dependent Care Assistance Program
• Public Service Loan Forgiveness

Part-time employees will receive benefits on a pro-rated basis.

To learn more details about all we have to offer, visit the benefits page at

01

Are you legally authorized to work in the United States?

• Yes
• No

02

Will you require sponsorship for employment visa status (e.g., H-1B visa status, etc.) to work legally for our agency in the United States?

• Yes
• No

03

Do you have a Bachelor’s degree in Computer Science, Cybersecurity, Software/Computer Engineering, or a closely allied field?

• Yes
• No

04

Do you have seven (7) years of progressively responsible experience in a combination of the following: Maintaining security standards for a medium or large government agency or organization (state or federal) and addressing complex issues such as application security, access management, risk analysis, security assessments, and vulnerability analysis?

• Yes
• No

Required Question