Cybersecurity Risk Analyst (Infrastructure Specialist Associate - PN 20098627)

About The Position

Requirements

• 18 months combined work exp. &/or trg. In any combination of the following: installing, monitoring/maintaining, configuring, upgrading, &/or administering/operating a single technology domain.
• Or successful completion of IT Apprenticeship program at designated agency.
• Or completion of associate core program in computer science or information systems.

Nice To Haves

• Undergraduate or advanced degree in Computer Science or Information Systems
• Experience with security event response (review and triage security events, respond to appropriate parties, assist with remediation and documentation efforts)
• Experience with Vulnerability Management Tools (e.g. Qualys)
• Experience with cybersecurity platforms for endpoint detection, threat intelligence, and incident response (e.g., Crowdstrike)
• Experience with Security Information and Event Management (SIEM) platform (e.g., Google SecOps+)
• Experience with Governance, Risk, and Compliance (GRC) tools (e.g., OneTrust, Bitsight)
• Experience with vendor IT security analysis (e.g., reviewing documentation, comparing vendor responses to agency/state IT security policies, providing feedback and recommendations to higher-level staff on policy/procedure adherence)
• Experience collaborating with IT teams to support vulnerability remediation efforts (i.e., tracking vulnerabilities, support basic risk assessment activities by gathering information, reviewing scan results, and confirming vulnerability details)

Responsibilities

• Assist higher level security staff with security operations
• Monitor enterprise security tools such as Security Information and Event Management platforms, endpoint detection systems, and vulnerability management solutions
• Research security events by gathering additional context from logs, threat intelligence sources, and internal systems
• Review and triage security alerts to identify potential threats, suspicious behavior, or policy violations
• Support risk management activities by helping identify, assess, and track technology and security risks, ensuring they are logged and escalated according to organizational processes
• Assist with privacy compliance efforts by reviewing systems and data flows for potential privacy impacts and ensuring security controls align with relevant policies and regulations
• Collaborate with IT teams to support broader security initiatives
• Develop and maintain ad-hoc utilities or reports to automate processes