Security Analyst
Novalink Solutions
Job Description
Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability. This position assesses, documents, and provides guidance to other IT staff and non-IT areas on how to align IT operational and technology processes based on information technology risk assessments and/or with regulatory compliance/audit functions. This position will also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in forensic investigations, and contributing to ongoing vulnerability management efforts. The role may also include supporting cloud security initiatives, assisting with tabletop exercises, and developing security response procedures. The incumbent will work collaboratively with internal stakeholders across DOC, as well as external partners including the Department of Administration's Division of Enterprise Technology (DOA/DET). The role will utilize a variety of enterprise security tools and platforms. This position may be assigned to focus areas such as incident response, phishing mitigation, threat detection, security awareness, vulnerability scanning, or forensic analysis, depending on organizational needs. The analyst will represent the DOC Information Security Section (ISS) team in technical discussions, project work, and collaborative efforts to improve DOC's cybersecurity posture. The position requires strong communication and problem-solving skills, the ability to work independently on complex tasks, and a commitment to upholding the security and privacy standards of DOC. Clients and collaborators include information technology (IT) staff, application developers, infrastructure teams, business units, vendor, and external governmental partners. The work environment is dynamic, requiring adaptability, initiative, and a proactive mindset. This position shall comply with the Department's administrative rules and the agency's policies and procedures including those related to the Department's overall Reentry philosophy of using evidence-based strategies, practices and programs which target an offender's individual criminogenic needs and risk level. TIME % GOALS AND WORKER ACTIVITIES 60% A. Support cybersecurity policy execution, operational standards, and governance activities. A1. Review policy, procedures, controls, and standards to ensure DOC and regulatory standards are met. A2. Address compliance issues with IT security standards; identifying deficiencies and recommending control and risk mitigation measures. A3. Review documentation to ensure it meets standards and applicable regulatory requirements, standards, or industry best practices. A4. Assist with the creation of new and updates to policy, process, and technical controls to determine if they are sufficient and functioning as intended. A5. Report on risks and mitigations as well as following up to verify that adjustments were made. A6. Interpret NIST or other standards to recommend and implement best practices. A7. Contribute to the maintenance and operationalization of information security policies, procedures, and response playbooks. A8. Review new IT projects, systems, and vendor solutions for security risk, documenting and escalating concerns as needed. A9. Provide technical consulting and security recommendations aligned with DOC standards and DOA/DET architecture. A10. Participate in enterprise-level risk assessments and contribute data to compliance, audit, or risk reporting needs. A11. Assist in threat modeling exercises or tabletop simulations designed to improve preparedness and resiliency. 20% B. Monitor, detect, respond to, and investigate cybersecurity threats across DOC's enterprise environment. B1. Triage, analyze, and respond to cybersecurity alerts using current technologies and tools. B2. Conduct forensic investigations into suspected security incidents, including phishing, account compromise, and endpoint breaches. B3. Coordinate with internal teams and DOA/DET to contain, eradicate, and recover from security incidents. B4. Analyze logs, threat intelligence, and user behavior to identify indicators of compromise (IOCs) and prevent recurrence. B5. Document incident response actions and create post-incident reports with recommended improvements. B6. Participate in phishing mitigation, email threat response, and takedown coordination with third-party providers. B7. Assist in vulnerability validation and risk triage based on vendor and tool security recommendations. B8. Support the tuning, configuration, and enhancement of security technologies used in DOC's environment. B9. Assist with employee forensics, HR/legal investigations, and eDiscovery requests through log and artifact analysis. B10. Assist with continuous improvement of detection logic, alerts, and response workflows in current technologies and tools. 15% C. Contribute to the configuration, deployment, and lifecycle management of security technologies. C1. Collaborate with internal teams and DOA/DET to implement, monitor, and maintain endpoint security, network protection, and access control systems. C2. Assist in the deployment or refinement of security technologies and tools. C3. Test and validate new use cases or configurations in existing tools and platforms, reporting anomalies or conflicts. C4. Maintain technical documentation and inventories related to security tooling, integrations, and metrics. 5% D. Maintain current expertise in cybersecurity tools, trends, and techniques. D1. Participate in professional development opportunities such as conferences, technical training, and webinars. D2. Track emerging threats, vulnerabilities, and technology trends through vendor briefings, information sharing groups, and security communities. D3. Contribute to internal knowledge sharing and cross-training within the security team. KNOWLEDGE, SKILLS AND ABILITIES 1. Experience in effective methods of written and oral communication, meeting facilitation, and presenting to both technical and non-technical staff appropriate to audience and scenario 2. Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards. 3. Experience with techniques used to establish and maintain effective working relationships with peers and customers 4. Experience in development, approval, and implementation of security documents (policies, standards, etc.) 5. Knowledge of information security risk activities to include risk assessments, risk registers, and risk management 6. Knowledge of state and federal laws regarding information security (Ex.HIPAA Security Rule) as well as experience with audit and compliance activities in conjunction with state and federal partners/regulators such as, but not limited to, the WI Legislative Audit Bureau and the U.S. Department of Justice 7. Experience and working knowledge of common security frameworks and control theories to include current applicable NIST , CJIS, and ISO standards 8. Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools. 9. Strong knowledge of threat detection, incident response, and log analysis techniques. 10. Familiarity with phishing mitigation strategies and email threat analysis. 11. Working knowledge of vulnerability management practices, technologies, and tools. 12. Ability to analyze threat intelligence and apply it to strengthen detection and response mechanisms. 13. Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidelity. 14. Excellent technical writing and documentation skills, including incident reports and playbook development. 15. Ability to collaborate with cross-functional teams, including DOA/DET, infrastructure, and development staff. 16. Commitment to continuous learning, professional development, and information sharing. Requirements Top Skills & Years of Experience: At least 2 year's of experience required in the following:
-Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards. -Experience and working knowledge of common security frameworks and control theories to include current applicable NIST, CJIS, and ISO standards -Experience with creating and leading discussions around the implementation and artifact collection of NIST 800-53 controls -Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools. -Familiarity with phishing mitigation strategies and email threat analysis. -Incident Response Forensics and Remediation (i.e. Crowdstrike, Sandbox evaluation & detonation, Phish evaluation, Malicious Website and Malicious Intent Identification) -Customer service as it pertains to security incident management and communication with end user about dangerous behavior. -Excellent technical writing and documentation skills, including incident reports and playbook development. -Ability to work independently and as part of a distributed team to achieve shared objectives. Nice to have skills: - Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidelity. - Strong interpersonal communication skills with the ability to explain complex topics to non-technical audiences. - Experience working as a team member on projects to improve business needs. - Experience supporting endpoint, network, and cloud-based security controls in large-scale environments. - Demonstrated ability to adapt to emerging threats, technologies, and evolving operational needs. Project Details: Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability. This position assesses, documents, and provides guidance to other IT staff and non-IT areas on how to align IT operational and technology processes based on information technology risk assessments and/or with regulatory compliance/audit functions. This position will also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in forensic investigations, and contributing to ongoing vulnerability management efforts. The role may also include supporting cloud security initiatives, assisting with tabletop exercises, and developing security response procedures.
Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability. This position assesses, documents, and provides guidance to other IT staff and non-IT areas on how to align IT operational and technology processes based on information technology risk assessments and/or with regulatory compliance/audit functions. This position will also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in forensic investigations, and contributing to ongoing vulnerability management efforts. The role may also include supporting cloud security initiatives, assisting with tabletop exercises, and developing security response procedures. The incumbent will work collaboratively with internal stakeholders across DOC, as well as external partners including the Department of Administration's Division of Enterprise Technology (DOA/DET). The role will utilize a variety of enterprise security tools and platforms. This position may be assigned to focus areas such as incident response, phishing mitigation, threat detection, security awareness, vulnerability scanning, or forensic analysis, depending on organizational needs. The analyst will represent the DOC Information Security Section (ISS) team in technical discussions, project work, and collaborative efforts to improve DOC's cybersecurity posture. The position requires strong communication and problem-solving skills, the ability to work independently on complex tasks, and a commitment to upholding the security and privacy standards of DOC. Clients and collaborators include information technology (IT) staff, application developers, infrastructure teams, business units, vendor, and external governmental partners. The work environment is dynamic, requiring adaptability, initiative, and a proactive mindset. This position shall comply with the Department's administrative rules and the agency's policies and procedures including those related to the Department's overall Reentry philosophy of using evidence-based strategies, practices and programs which target an offender's individual criminogenic needs and risk level. TIME % GOALS AND WORKER ACTIVITIES 60% A. Support cybersecurity policy execution, operational standards, and governance activities. A1. Review policy, procedures, controls, and standards to ensure DOC and regulatory standards are met. A2. Address compliance issues with IT security standards; identifying deficiencies and recommending control and risk mitigation measures. A3. Review documentation to ensure it meets standards and applicable regulatory requirements, standards, or industry best practices. A4. Assist with the creation of new and updates to policy, process, and technical controls to determine if they are sufficient and functioning as intended. A5. Report on risks and mitigations as well as following up to verify that adjustments were made. A6. Interpret NIST or other standards to recommend and implement best practices. A7. Contribute to the maintenance and operationalization of information security policies, procedures, and response playbooks. A8. Review new IT projects, systems, and vendor solutions for security risk, documenting and escalating concerns as needed. A9. Provide technical consulting and security recommendations aligned with DOC standards and DOA/DET architecture. A10. Participate in enterprise-level risk assessments and contribute data to compliance, audit, or risk reporting needs. A11. Assist in threat modeling exercises or tabletop simulations designed to improve preparedness and resiliency. 20% B. Monitor, detect, respond to, and investigate cybersecurity threats across DOC's enterprise environment. B1. Triage, analyze, and respond to cybersecurity alerts using current technologies and tools. B2. Conduct forensic investigations into suspected security incidents, including phishing, account compromise, and endpoint breaches. B3. Coordinate with internal teams and DOA/DET to contain, eradicate, and recover from security incidents. B4. Analyze logs, threat intelligence, and user behavior to identify indicators of compromise (IOCs) and prevent recurrence. B5. Document incident response actions and create post-incident reports with recommended improvements. B6. Participate in phishing mitigation, email threat response, and takedown coordination with third-party providers. B7. Assist in vulnerability validation and risk triage based on vendor and tool security recommendations. B8. Support the tuning, configuration, and enhancement of security technologies used in DOC's environment. B9. Assist with employee forensics, HR/legal investigations, and eDiscovery requests through log and artifact analysis. B10. Assist with continuous improvement of detection logic, alerts, and response workflows in current technologies and tools. 15% C. Contribute to the configuration, deployment, and lifecycle management of security technologies. C1. Collaborate with internal teams and DOA/DET to implement, monitor, and maintain endpoint security, network protection, and access control systems. C2. Assist in the deployment or refinement of security technologies and tools. C3. Test and validate new use cases or configurations in existing tools and platforms, reporting anomalies or conflicts. C4. Maintain technical documentation and inventories related to security tooling, integrations, and metrics. 5% D. Maintain current expertise in cybersecurity tools, trends, and techniques. D1. Participate in professional development opportunities such as conferences, technical training, and webinars. D2. Track emerging threats, vulnerabilities, and technology trends through vendor briefings, information sharing groups, and security communities. D3. Contribute to internal knowledge sharing and cross-training within the security team. KNOWLEDGE, SKILLS AND ABILITIES 1. Experience in effective methods of written and oral communication, meeting facilitation, and presenting to both technical and non-technical staff appropriate to audience and scenario 2. Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards. 3. Experience with techniques used to establish and maintain effective working relationships with peers and customers 4. Experience in development, approval, and implementation of security documents (policies, standards, etc.) 5. Knowledge of information security risk activities to include risk assessments, risk registers, and risk management 6. Knowledge of state and federal laws regarding information security (Ex.HIPAA Security Rule) as well as experience with audit and compliance activities in conjunction with state and federal partners/regulators such as, but not limited to, the WI Legislative Audit Bureau and the U.S. Department of Justice 7. Experience and working knowledge of common security frameworks and control theories to include current applicable NIST , CJIS, and ISO standards 8. Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools. 9. Strong knowledge of threat detection, incident response, and log analysis techniques. 10. Familiarity with phishing mitigation strategies and email threat analysis. 11. Working knowledge of vulnerability management practices, technologies, and tools. 12. Ability to analyze threat intelligence and apply it to strengthen detection and response mechanisms. 13. Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidelity. 14. Excellent technical writing and documentation skills, including incident reports and playbook development. 15. Ability to collaborate with cross-functional teams, including DOA/DET, infrastructure, and development staff. 16. Commitment to continuous learning, professional development, and information sharing. Requirements Top Skills & Years of Experience: At least 2 year's of experience required in the following:
-Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards. -Experience and working knowledge of common security frameworks and control theories to include current applicable NIST, CJIS, and ISO standards -Experience with creating and leading discussions around the implementation and artifact collection of NIST 800-53 controls -Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools. -Familiarity with phishing mitigation strategies and email threat analysis. -Incident Response Forensics and Remediation (i.e. Crowdstrike, Sandbox evaluation & detonation, Phish evaluation, Malicious Website and Malicious Intent Identification) -Customer service as it pertains to security incident management and communication with end user about dangerous behavior. -Excellent technical writing and documentation skills, including incident reports and playbook development. -Ability to work independently and as part of a distributed team to achieve shared objectives. Nice to have skills: - Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidelity. - Strong interpersonal communication skills with the ability to explain complex topics to non-technical audiences. - Experience working as a team member on projects to improve business needs. - Experience supporting endpoint, network, and cloud-based security controls in large-scale environments. - Demonstrated ability to adapt to emerging threats, technologies, and evolving operational needs. Project Details: Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability. This position assesses, documents, and provides guidance to other IT staff and non-IT areas on how to align IT operational and technology processes based on information technology risk assessments and/or with regulatory compliance/audit functions. This position will also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in forensic investigations, and contributing to ongoing vulnerability management efforts. The role may also include supporting cloud security initiatives, assisting with tabletop exercises, and developing security response procedures.
Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the Security Analyst in Madison, WI vacancy
- ...The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure...SuggestedSummer holidayFlexible hours
- ...Our client, a government agency in the public sector, is seeking a Security Analyst to join their team. As a Security Analyst, you will be part of the cybersecurity support team supporting the Wisconsin Department of Correction. The ideal candidate will demonstrate strong...SuggestedWeekly payTemporary workWork at officeRemote workFlexible hours
$124.2k - $186.2k
...About the team: The Information Security organization advances the overall state of security at Rubrik through purposeful initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams...SuggestedLocal areaRemote work- ...Job Description POSITION SUMMARY -Security Analyst II (Compliance) Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin...SuggestedWork at officeRelocation
- ...Our client is seeking a Security Analyst to join their team. As a Security Analyst, you will be part of the Cybersecurity Department supporting compliance, risk assessment, and incident response functions. The ideal candidate will demonstrate strong analytical skills,...SuggestedRemote work
- ...Title: Security Analyst II *Local to WI Job Descripiton: Under general supervision of the Security & Accounts Management Manager, this position works as a part of the Security & Accounts Management team and is responsible for provisioning and de-provisioning...Local area
- ...starting the role at their own expense. 100% remote within the State of Wisconsin. Our direct client is looking for a Security Analyst 141236 This position is for up to 12 months with the option of extension, and the client is in Madison, WI. Please send...Remote workRelocation
$40 per hour
A cybersecurity AI training company is seeking experienced cybersecurity professionals to help evaluate AI-generated security content. This remote position requires hands-on experience in cybersecurity, including areas like penetration testing and malware analysis. Candidates...Hourly payRemote workFlexible hours$85k - $100k
...performance; manage connector integrations and remain current with relevant Microsoft releases. Maintain documentation and triage/escalate security alerts. Requirements Bachelor’s degree (or equivalent experience) in Information Security/IT/CS or related field. 3+ years in...- ...Job Description Job Description Position Summary: The Senior SAP Security Analyst will work on business systems design and configuration, as well as upgrades and improvements for assigned technology platforms. As a primary support contact for SAP application end...Work at office
- ...Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards. Experience and working knowledge of common... ...of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity...Work at officeRemote workRelocation
$78.9k - $123.3k
...system authorization and continuous monitoring activities within a Federal environment. This role is responsible for managing the security authorization lifecycle for one or more information systems, ensuring compliance with Federal cybersecurity requirements, and maintaining...Permanent employmentFull timePart timeWork at officeLocal areaRemote work$74k - $111.5k
...Cyber Security Analyst The Cyber Security Analyst is a key member of QBE's Global Security Operations team, responsible for protecting enterprise systems, data, and services in an evolving threat landscape. This is a hands-on, technically focused role supporting advanced...Full timePart timeWork at officeWork from home$65k - $80k
...innovators who are collaborating to bring new therapies to patients in need. The Position We’re seeking an Information Security Analyst with a foundational background in IT support, system administration, or security operations and an interest in growing their...Full time$24.66 per hour
...training, but all work must be done within Wisconsin. Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions. Core responsibilities include providing...Hourly payContract workTemporary workWork experience placementWork at officeRemote workRelocation$50 - $60 per hour
DataAnnotation is committed to creating high-quality AI. Enjoy the flexibility of remote work and the freedom to set your own schedule. This is an opportunity to work with us as an independent contractor. We're currently expanding into an exciting new area – teaching...Hourly payContract workFor contractorsWork experience placementRemote work$50 - $60 per hour
...A technology company specializing in AI is seeking an Investment Operations Analyst to evaluate AI models' outputs and enhance their correctness. This role offers the flexibility of remote work, allowing individuals to set their own schedules. Ideal candidates will have...Hourly payFull timePart timeRemote workFlexible hours- ...percent of SWIB's investment professionals are Chartered Financial Analyst (CFA) charterholders. The City of Madison, the state capitol... ...703,000 WRS beneficiaries, SWIB is driven by a clear mission: securing the financial future of those who serve Wisconsin. When you...Work at officeRemote workRelocation
$56.5k - $75.5k
...Job Overview: Secure your next opportunity at Marvin! We’re looking for a Security Systems Administrator to join our team and support the administration and maintenance of enterprise physical security systems. In this role, you’ll deliver technical system support for...Temporary workRelocationRelocation package$50 - $60 per hour
DataAnnotation is committed to creating high-quality AI. Enjoy the flexibility of remote work and the freedom to set your own schedule. This is an opportunity to work with us as an independent contractor. We're currently expanding into an exciting new area – teaching...Hourly payContract workFor contractorsWork experience placementRemote work$100k - $160k
...Job Summary The Security Solutions Advisor is responsible for the acquisition of net-new security business within a given territory. They will proactively leverage SHI data, alongside partner information, to identify and generate sales opportunities and meetings with...Work experience placementFlexible hours$84.5k - $187k
...Job Description Principal Financial Analyst to support Capital expenditure for Oracle Cloud Infrastructure Oracle Cloud Infrastructure (OCI) is growing rapidly, and we are looking for a financial leader to support our capital expenditure and Supply Chain organization...Temporary workFlexible hours$84.5k - $187k
Job Description As OCI’s power portfolio evolves beyond traditional grid procurement into onsite generation, renewable PPAs, battery storage, and hedging structures, this role will be at the center of modeling those emerging commercial arrangements and quantifying their...Contract workTemporary workLocal areaFlexible hours$40 per hour
...A cybersecurity firm in the United States seeks experienced professionals to evaluate AI-generated security content and solve cybersecurity problems. This remote role offers flexibility to choose projects and work on your schedule. Candidates should have a minimum of...Hourly payRemote work$65k
...Job Description The Financial Analyst will provide financial and analytical support to Senior Financial Management, Group Logistics Managers... ...things, or status as a qualified individual with disability. Security Notice for Applicants Ryder will only communicate with an...Remote work$80k - $110k
...what’s next. Summary/Purpose: TekniPlex is hiring a Sr. Financial Analyst. This is an on-site role based in either Madison, WI, Eatontown... ...offer you and your family health care coverage and financial security. You can take advantage of life insurance, disability coverage...Daily paidTemporary workFlexible hours$81.91k
...Academic Staff Employment Type: Regular Job Profile: Financial Analyst II Job Summary: The Department of Radiology is seeking a Financial... ...will be released. See Wis. Stat. sec. 19.36(7). The Annual Security and Fire Safety Report contains current campus safety and disciplinary...Hourly payOngoing contractPermanent employmentTemporary workImmediate startRemote workMonday to Friday- Starion Bank is looking for an experienced Banker in Madison! Join Our Team as a Business Banking Officer, VP! Are you a customer-focused, disciplined, and ethical individual with a passion for inspiring others? If so, we want you on our team at Starion Bank! Why Starion...Local area
$80.2k - $111.3k
...responders, shapes incident response governance, and influences broader security architecture and operations based on emerging threats and... ...technical and procedural coaching to incident handlers and SOC analysts, elevating investigative techniques, documentation quality, and...Contract workWork experience placementWork at office- ...requires relocation to the area. We recruit nationally and provide financial relocation assistance. We're looking for a financial analyst interested in improving how Epic does business. At Epic, you'll have the chance to work in a creative environment and collaborate with...RelocationVisa sponsorshipRelocation package
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Analyst. Be the first to apply!
Related searches
- security analyst remote Madison, WI
- information security compliance analyst Madison, WI
- cloud security analyst Madison, WI
- rate analyst Madison, WI
- senior information security analyst Madison, WI
- entry level information security analyst Madison, WI
- security analyst intern Madison, WI
- security analyst Madison, WI
- security operations analyst Madison, WI
- entry level security analyst Madison, WI




