Cyber Risk Analyst
The Department of Corrections (DOC) is seeking a highly motivated and qualified individual to fill the role as a Cyber Risk Analyst – ITS6, within Information Technology, Administrative Operations Division. This position is located at DOC Headquarters in Tumwater, Washington.
If you are interested in applying and would like to be considered, please apply directly at careers.wa.gov and attach the following documents:
- Current Resume, (chronological, with relevant experience listed).
- Minimum of three (3) professional references, (including name, phone number and email address).
- Letter of Interest, (no more than two (2) pages), indicating your interest and why you believe you are the ideal candidate for this position.
- Any professional certifications that relate to the position.
Whether the work is inside a prison, in community corrections, or in an administrative office, the Washington State DOC professional staff experience a high degree of personal satisfaction knowing they are creating environments in which all offenders can learn to make choices that contribute to a safer society.
The DOC, as a partner in the criminal justice system, enhances public safety, administers criminal sanctions and programs in accordance with the law, and provides leadership for the future of corrections in Washington State. The DOC consists of the Office of the Secretary, the Office of the Deputy Secretary, Prisons Division, Offender Change Division, Community Corrections Division, Administrative Operations Division, Health Services Division, Correctional Industries Division, Reentry Division and the Indeterminate Sentence Review Board. The DOC employs over 8,300 staff and has a biennial budget of approximately $1.9 billion.
- Comprehensive compensation packages;
- Training and development opportunities; and
- The fulfillment of public service.
As a member of the Cyber Security Unit, you will work as the subject matter expert for Cyber Security for the Washington State Department of Corrections. You will use current policy, standards, and guidelines to evaluate projects and new and existing systems to assess risk. Additionally, you will make recommendations to senior level management for mitigating risk. This position requires high attention to detail to perform analysis and ensure cyber security controls are implemented into the early stages of the design and implementation process to protect the Agency from any cyber-attacks.
Specific job duties include, but are not limited to:
- Serve as Department Subject Matter Expert (SME) for reviewing, evaluating and analyzing application coding for .NET and Java.
- Develop methods to test .NET and Java based code.
- Evaluate and document DOC and Vendor applications for .NET and Java based code that has any of the Top 10 Open Web Application Security Project (OWASP) vulnerabilities.
- Verify that application software/network/system security postures are implemented in accordance with OCIO standards and industry best practices provides recommendations.
- Provide detailed Cyber Security risk analysis reports for each application evaluated listing the vulnerabilities, risk, and recommendations for remediation.
- Advise appropriate Senior Leadership or Authorizing Official of changes affecting the organization's information assurance posture.
- Cyber Security Project Management Consultant with other agency project managers and project stakeholders establishing the scale and scope of cyber security inputs and requirements for new projects.
- Develop specifications to ensure risk, compliance, and assurance efforts conform to security, resilience, and dependability requirements at the software application, system, and network environment level.
- Consults with agency project managers and stakeholders to ensure that cyber security inputs and requirements are considered/implemented in all phases of the project, from start to finish.
- Performs risk assessments to guide the project team and address project issues that are related to cyber security.
- Using in-depth knowledge of the Software/System Development Lifecycle, coordinate with project managers, team members and stakeholders ensuring that cyber security requirements are addressed to meet project milestones and timelines.
- Secure software/hardware list, data flow diagrams, network connectivity drawings, and vulnerability scans from the project manager and provide recommendations prior to systems going to production.
- Work with the Senior Enterprise Architect in developing tactical and strategic plans for the Department's IT cyber security infrastructure and provide expert guidance to IT executives to implement the plans.
- Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
- Research emerging IT cyber security trends.
- Document and address organization's information security, IA architecture, and systems security engineering requirements throughout the acquisition lifecycle.
- A minimum of four (4) years dedicated continuous work as an Information Technology Specialist.
- A minimum of two (2) years of IT security experience for Commercial Off the Shelf (COTS) or custom built .NET and Java application programming.
- An Associate degree in Computer Science, Information Assurance or related field from an accredited institution whose accreditation is recognized by the U.S. Department of Education or the Council for Higher Education Accreditation (CHEA), or a foreign equivalent.
- *One year, professional IT experience, in a cyber-security awareness role in addition to the aforementioned qualifications, may satisfy this educational requirement.
- Knowledge of the National Institute of Standards and Technology's Risk Management Framework requirements.
- Skill in evaluating .NET and Java code programming.
- Skill in creating policies that reflect system security objectives.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth).
- Bachelor's degree or higher in IT Management, Computer Science, or related field in Information Management, Information Security or Cyber Security from an accredited institution whose accreditation is recognized by the U.S. Department of education or the Council for Higher Education Accreditation (CHEA).
- At least one of the following professional Level-2 certification as defined by the Department of Defense 8570.01-M Information Assurance Workforce Improvement Program such as Security+, CISSP, GSEC, SCNP or SSCP.
- At least one of the following computer environmental certifications, Certified Risk and Information Systems Controls (CRISC), Global Information Assurance Certifications – Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), or EC-Council Certified Security Analyst (ECSA).
- Knowledge of new and emerging IT and information security technologies.
- Knowledge of relevant laws, policies, procedures or governance as they relate to work that may impact critical infrastructure.
- Knowledge of current emerging threats/threat vectors.
'The mission of DOC is to improve public safety.'
For additional information about the agency, please visit www.doc.wa.gov.
- All DOC employees are fingerprinted for a criminal history background check.
- Employees work with offenders in a potentially hazardous setting. Please consider this when deciding whether to apply.
- We are committed to maintaining a drug and alcohol free work environment, and our employees are expected to comply with all state and federal laws. A pre-employment drug test may be administered as part of the selection process, and applicants who test positive for any controlled substances, will be disqualified from consideration.
- Animal care projects are a common component of most Washington State prisons, including dog and cat programs. Applicants with animal sensitivities or allergies are encouraged to ask about the level of exposure they could expect in this position.
- Tuberculosis is a priority health issue for DOC employees. The successful candidate may be required to provide valid proof of a baseline TB skin test within 60 days from the date of hire. When positive tests result, further information, testing and treatment may also be required. Employment is not contingent upon test results.
- If this position is included in a Union Shop, employees will be required to become members within thirty (30) days of employment.
- Foster a positive attitude and openness toward the ever changing social and cultural makeup of the workplace.
- Work effectively with men and women of different perspectives, abilities, disabilities, races, religions, ages, lifestyle preferences and social, ethnic and cultural backgrounds.
- Respectfully acknowledge people's differences and recognize these differences as important and valuable.
- Promote inclusiveness.
- Be culturally sensitive and appropriate.
- Respect and value diverse backgrounds and traditions.
DOC is an equal opportunity employer and does not discriminate on the basis of race, creed, color, national origin, sex, marital status, sexual orientation, gender identity diversity, age, honorably discharged veteran, veteran status, genetic information, or the presence of any sensory, mental or physical disability or the use of a trained guide dog or service animal by a person with a disability.
For questions about this recruitment, or to request reasonable accommodation in the application process, please email Leticia Gomez-Esposito at firstname.lastname@example.org call us at (360) 725-8420. For TTY service, please call the Washington Relay Service at 7-1-1 or 1-800-833-6388.
- Foster the spirit of continuous improvement
- Enhance the conditions for job creation
- Prepare students for the future
- Value our environment, our health and our people
Join us in this mission by applying for a job in the Washington State government today.
Available jobs can be found here: http://careers.wa.gov/