Security Analyst II at Computer Consultants International
DNR IT Information and Data Security section is looking for a Security Analyst II for our Continuous Diagnostics and Mitigation (CDM) Program with a strong focus on identifying cybersecurity vulnerabilities on an ongoing basis, supporting automated assessment methods and monitoring of implemented security controls.
Responsibilities: Provide guidance and technical assistance to system administrators in securing the systems and networks under DNR IT areas of responsibility.
Ensure and assess the entire DNR network is continually monitored for security vulnerabilities and compromises.
Conduct security self-assessments (e.g., Penetration Testing) to evaluate the processes, procedures and tools used to review, assess, and test information systems controls and security across DNR managed systems.
Report security status, vulnerabilities, and issues to management.
Work with the Department of Administration Division of Enterprise Technology pre- and post-implementation audits of new systems to ensure secure integration.
Periodic review and analysis of system integrity, data integrity and data flows.
Assurance of quality and consistency of all DNR information technology-related activities including standards, policies and procedures.
Audit access rights and ensure alignment to policies.
Requirements: Strong understanding of Modern Authentication, Authorization, and Accounting including Role-based and attribute-based access controls (RBAC and ABAC) (5+ years).
Strong understanding of Security information and event management (SIEM) methods and tools (5+ years).
Understand the purpose and structure of the National Vulnerability Database (NVD), Common Vulnerability Database (CVE), Common Weaknesses and Enumeration (CWE) and Common Attack Pattern Enumeration and Classification Database (CAPEC) (5+ years).
Strong understanding of Directory Services including Active Directory.
Understanding of Identity access systems (IAM) and network access control (NAC).
Basic understanding of Transact and ANSI Structured Query Language (SQL).
Knowledge of NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF).
ZScaler Administration.
Incident Response Life Cycle.
Cyber Security Risk Management Principles.
Location: Madison, WI
*This is a hybrid position. Candidate MUST be a WI resident or willing to relocate to WI prior to starting the role at their own expense. DNR is currently 60% remote and 40% in the office.
#J-18808-Ljbffr