Security Analyst II

Cyber Security Incident Management Analyst

Candidates MUST be WI residents or willing to relocate to WI at their own expense prior to starting. This position can work 100% remotely (within the state of WI).

Job Description:

The Division of Enterprise Technology (DET) manages the state's information technology (IT) assets and uses technology to improve government efficiency and service delivery. DET administers enterprise solutions and consults on technology services for state agencies, local government and educational systems.

Under the general direction of the Security Operations Supervisor, this position functions as an expert technical analyst in cyber security incident management for the enterprise ensuring incidents are properly identified, analyzed, communicated, actioned/defended, investigated and reported. This position is responsible for:

• Gaining situational awareness through continuous monitoring of networks and other IT assets for signs of attack, anomalies, and inappropriate activities
• Determining the cause, scope, and impact of incidents to stop unwanted activity, limit damage, and prevent recurrence
• Continuously identifying and remediating vulnerabilities before they can be exploited
• Separating and controlling access to different networks with different threat levels and sets of users to reduce the number of successful attacks
• Protecting information on computers that routinely interact with untrusted devices on the internet or may be prone to loss or theft
• This position is expected to lead and/or participate in information technology security initiatives as directed by the division. The incumbent is expected to lead cross-functional teams in needs assessment, gathering business requirements, design, testing, implementation and post production support and evaluation. The position requires strong communications skills, both verbally and in writing, provides excellent customer service and consulting to internal and external stakeholders, and the ability to work with cross-functional teams.

Goals and Worker Activities

30% A. Provide advanced-level technical support and analysis for security of systems.

• Research, install, test, and implement enterprise security software and hardware.
• Maintain installed enterprise security systems on an ongoing basis to remain at recommended release level and to resolve problems in order to maintain system stability.
• Use advanced-level knowledge of security and problem determination techniques to troubleshoot and solve customer or system security problems. Use available documentation and work with vendors or agency staff as needed for security problem resolution.
• Develop, maintain, and communicate implementation schedules for the application of corrective software maintenance, to resolve known problems and maintain overall security systems stability.
• Provide oversight, contract monitoring and direction to vendors providing security hardware and software management to ensure procedures are being followed and program goals are achieved.
• Maintain records of tuning changes made to security systems and their effect on total resource utilization.
• Establish metrics to measure and evaluate security systems and usage.
• Perform research and analysis and provide feedback on physical security of the data centers as requested.

30% B. Security Incident Management Identification, Prevention and Remediation

• Triage security incidents received from managed security services, the Enterprise Service Desk, and other federal, state and local agencies.
• Evaluate the severity of the incident reported and escalate information about the event to the Security Operations Supervisor, Security Bureau Director and/or other DET Management as necessary.
• Identify and communicate root cause of security incident with the affected customer.
• Communicate the remediation steps to stop the incident.
• Recommend improved methods and technologies to manage the security infrastructure and to become more efficient and effective.

20% C. Lead and/or participate in information technology security initiatives

• Lead and/or participate in cross-functional teams in needs assessment, design, or implementation projects to address security needs.
• Review internal project study requests and project plans for compliance with IT security strategic goals.
• Evaluate customer requirements to determine which security solutions best meet needs. Provide cost-benefit analyses as needed and solicit funding to develop and implement new projects and services.
• Provide information technology security expertise to system developers, system administrators, project managers and other IT professionals to ensure adequate security controls in IT systems.

15% D. Serve as DET Security liaison with other federal, state and local agency security professionals

• Meet with agency customers to review and understand their requirements as they relate to enterprise security. Develop plans to raise security awareness.
• Perform penetration and vulnerability testing on all applications and systems, evaluate results, and make recommendations regarding secure solutions for those systems and applications to enable customers to meet security needs and requirements.
• Provide advanced technical analysis and security advice to customers to allow them to successfully plan for security needs in enterprise shared IT infrastructure systems.
• Analyze agency service requests and develop detailed technical designs, as needed and within standards and budgets, to meet their objectives.
• Participate in, and as needed, lead, statewide or enterprise task forces or committees working on security related issues. Raise security awareness.
• Plan for, research and recommend security changes to the enterprise server hardware and software configurations based upon agency needs, industry innovations, and cost effectiveness.
• Develop bid specifications, if required, for the procurement of new security, software or other facilities.
• Meet with agency customers to understand their security requirements and recommend alternatives that relate to the enterprise shared IT Infrastructure systems security strategies.
• Participate in, and as needed, lead, statewide or enterprise incident response teams working on security related issues.
• Investigate security related issues for the enterprise and agencies as requested.

5% E. Professional Development

• Maintain familiarity with activities and trends in the field of security and other related technologies.
• Attend appropriate training courses, conferences, and seminars.
• Read technical publications to maintain a high level of technical knowledge concerning security with particular emphasis on shared infrastructure technology.
• Participate in activities of professional and technical associations to contribute to the development in the data processing industry and in various agencies of government.

Knowledge, Skills and Abilities

• Ability to deliver quality service and maintain positive working relationships with customers.
• Ability to function as a team member, including the open sharing of information and willingness to help out wherever needed.
• Ability to communicate clearly and effectively with technical peers, vendors and less technical customers both verbally and in writing.
• Knowledge of and ability to apply IT service-delivery management best practices and procedures.
• Understanding of project management concepts and tools.
• Resourceful in identifying and obtaining information sources needed to perform duties effectively.
• Ability to learn quickly; synthesize complex information, identify key points and communicate results accurately and effectively.
• Knowledge of and ability to perform technology and product research, testing, installation, customization, troubleshooting, and support.
• Advanced-level knowledge of server hardware and software infrastructure design.
• Knowledge of server systems such as blade centers, SANs, storage devices, and server operation systems such as Windows, Unix, and Linux.
• Knowledge of TCP/IP, DNS, DHCP, WINS and other common network protocols.
• Advanced-level knowledge of security concepts, tools, and investigation techniques.
• Advanced-level knowledge of database software such as Oracle, IBM DB2, and MySQL.
• Ability to provide advanced-level security consulting to customers.

Required Skills: Network Security, Project Management. Additional Skills: Security Analyst, Business Analyst. This is a high priority requisition.