Security Analyst

Job DescriptionJob DescriptionThe analyst will report directly to the Security Supervisor in the Enterprise Security Section and will also work with application
development sections. This position is a hands-on technical position performing a variety of tasks. This Security Analyst will
specialize in securing web applications developed and supported by the Department of Children and Families (DCF).
Key Responsibilities
• Research and implementation of cyber threat preventative designs and standards. This role includes developing processes to
follow during a cyber-attack and taking an active role during a cyber-attack.
• Working with application teams to coordinate vulnerability testing and management for web based applications
• Vulnerability testing and management for desktops, laptops, VDI, and other hardware
• Working with several areas of DCF BITS and with the State of Wisconsin data center specialists, the analysist will advise on
policies and procedures to implement web application security into application designs and also to identify and implement
secure infrastructure design and configurations.
• This security analyst will work with the DCF BITS IT Security officer, application team managers and technical leads, and
business partners to respond to and document controls in order to meet various audit requirements.
• Designs and coordinates implementation of security controls.
• Monitors compliance with security policies and procedures.
• The security analyst will coordinate and collaborate with multiple BITS sections, business partners, and other State Agencies.
• Create compelling presentations to share effective practices, process improvements to BITS, business partners, and executives
as requested.
• Mentors development teams on how to implement security controls.
• Lead a culture change to actively integrate security controls into the current SDLC at DCF
Qualifications
• Experience with and understanding of the State of Wisconsin technical infrastructure
• Relies on extensive experience and judgment to plan and accomplish goals
• Must remain abreast of the ever evolving and new cyber security trends and preventative methods, current technology,
emerging technology, and industry trends
• Must have experience with a variety of the security concepts, practices, and procedures
• Must have excellent communication skills, facilitation skills, mentoring skills and ability to work under pressure
• Security Analyst capabilities with 8 or more years of web application security experience.
• Experience using SAST and DAST tools
• Proficiency with a wide variety of security concepts, practices, and procedures
• Skill creating compelling presentations to share effective practices, process improvements to IT and business partners
• Must have web application development experience and web application infrastructure experience
• Ability to become a trusted process advisor, with a high level of operational thinking and ability to analyze IT systems
• Experience in development and facilitation of planning, and training sessions with executives, management and
other agencies desired
• Strong analytical and systemic thinking skills, with ability to synthesize information from many sources to develop technical
and business recommendations
• Effective communication skills including excellent listening skills and the ability to communicate technically and professionally
with all levels of staff both verbally and in writing
List any special qualifications & years of experience: (List any specific skills, software, or requirements the position will require.
Optional format below)
Optional format: (Add as many lines as needed.)
Qualification Must Have/Nice to Have Experience
Experience with and understanding of State of
Wisconsin technical infrastructure Must Have 3 years
Knowledge of OWSAP Top 10 Must Have 5 years
WAF support Must Have 2 years
Certified Information System Security
Professional (CISSP) Nice to Have 3 years
Configuring and using vulnerability
management tools Must Have 5 years
Global Information Assurance Certification Nice to Have 3 years
Knowledge of NIST Cybersecurity Framework Must Have 5 years
Analytical/problem solving skills Must Have 8 years
In-Depth Knowledge of System Development
Life Cycle Deliverables for each phase of
development
Must Have
5 years
IT Technologies Skills and Concepts Must Have 8 years
Web API / REST Web Services Must Have 2 year
C Sharp Must Have 3 years
.Net and/or .Net Core programming Must Have 3 years
JEE programming Nice to Have 3 years
.Net (MS) Must have 2 years
Java Must have 1 year
Apache and Tomcat Nice to Have 2 years
WebSphere Nice to Have 2 years
JEE application server support Must have 2 years
DBMS experience Nice to Have 2 years
SQL Must have 5 year

RequirementsTOP SKILLS:
• A working knowledge of the State of Wisconsin technical infrastructure
• Working with several areas of the Department of Children and Families (DCF) Bureau of Information Technology Services (BITS) and with the State of Wisconsin data center specialists, the analysist will advise on policies and procedures to implement web application security into application designs and also to identify and implement secure infrastructure design and configurations
• In depth knowledge of vulnerability scanning and management tools including SAST, DAST
• Research and implementation of cyber threat preventative designs and standards. This role includes developing processes to follow during a cyber-attack and taking an active role during a cyber-attack.

INTERVIEW NOTES:
• Phone and web based interviews will be acceptable.
• However, an in--person interview may be required.
• Interviews will be set up shortly after the posting close date.
• MUST provide three (3) business references for the interview. (One reference must be a supervisory level.)

IMPORTANT NOTES:
• Candidate MUST be physically located in the United States. International candidates/phone numbers will not be accepted.
• Candidate must follow ALL DCF work rules
• Candidate must be available to perform all work during the Central Standard Time (CST) business hours 9:00 am – 3 pm (or CST hours as defined by the hiring manager)
• Candidate will be required to provide their own equipment for this position (See job description for required specifications.)