Security Analyst

Novalink Solutions LLC•Madison, WI

About The Position

The analyst will report directly to the Security Supervisor in the Enterprise Security Section and will also work with application development sections. This position is a hands-on technical position performing a variety of tasks. This Security Analyst will specialize in securing web applications developed and supported by the Department of Children and Families (DCF). Key Responsibilities • Research and implementation of cyber threat preventative designs and standards. This role includes developing processes to follow during a cyber-attack and taking an active role during a cyber-attack. • Working with application teams to coordinate vulnerability testing and management for web based applications • Vulnerability testing and management for desktops, laptops, VDI, and other hardware • Working with several areas of DCF BITS and with the State of Wisconsin data center specialists, the analysist will advise on policies and procedures to implement web application security into application designs and also to identify and implement secure infrastructure design and configurations. • This security analyst will work with the DCF BITS IT Security officer, application team managers and technical leads, and business partners to respond to and document controls in order to meet various audit requirements. • Designs and coordinates implementation of security controls. • Monitors compliance with security policies and procedures. • The security analyst will coordinate and collaborate with multiple BITS sections, business partners, and other State Agencies. • Create compelling presentations to share effective practices, process improvements to BITS, business partners, and executives as requested. • Mentors development teams on how to implement security controls. • Lead a culture change to actively integrate security controls into the current SDLC at DCF Qualifications • Experience with and understanding of the State of Wisconsin technical infrastructure • Relies on extensive experience and judgment to plan and accomplish goals • Must remain abreast of the ever evolving and new cyber security trends and preventative methods, current technology, emerging technology, and industry trends • Must have experience with a variety of the security concepts, practices, and procedures • Must have excellent communication skills, facilitation skills, mentoring skills and ability to work under pressure • Security Analyst capabilities with 8 or more years of web application security experience. • Experience using SAST and DAST tools • Proficiency with a wide variety of security concepts, practices, and procedures • Skill creating compelling presentations to share effective practices, process improvements to IT and business partners • Must have web application development experience and web application infrastructure experience • Ability to become a trusted process advisor, with a high level of operational thinking and ability to analyze IT systems • Experience in development and facilitation of planning, orientation and training sessions with executives, management and other agencies desired • Strong analytical and systemic thinking skills, with ability to synthesize information from many sources to develop technical and business recommendations • Effective communication skills including excellent listening skills and the ability to communicate technically and professionally with all levels of staff both verbally and in writing

Requirements

Experience with and understanding of the State of Wisconsin technical infrastructure
Relies on extensive experience and judgment to plan and accomplish goals
Must remain abreast of the ever evolving and new cyber security trends and preventative methods, current technology, emerging technology, and industry trends
Must have experience with a variety of the security concepts, practices, and procedures
Must have excellent communication skills, facilitation skills, mentoring skills and ability to work under pressure
Security Analyst capabilities with 8 or more years of web application security experience.
Experience using SAST and DAST tools
Proficiency with a wide variety of security concepts, practices, and procedures
Skill creating compelling presentations to share effective practices, process improvements to IT and business partners
Must have web application development experience and web application infrastructure experience
Ability to become a trusted process advisor, with a high level of operational thinking and ability to analyze IT systems
Strong analytical and systemic thinking skills, with ability to synthesize information from many sources to develop technical and business recommendations
Effective communication skills including excellent listening skills and the ability to communicate technically and professionally with all levels of staff both verbally and in writing
A working knowledge of the State of Wisconsin technical infrastructure
Working with several areas of the Department of Children and Families (DCF) Bureau of Information Technology Services (BITS) and with the State of Wisconsin data center specialists, the analysist will advise on policies and procedures to implement web application security into application designs and also to identify and implement secure infrastructure design and configurations
In depth knowledge of vulnerability scanning and management tools including SAST, DAST
Research and implementation of cyber threat preventative designs and standards. This role includes developing processes to follow during a cyber-attack and taking an active role during a cyber-attack.
Experience with and understanding of State of Wisconsin technical infrastructure
Knowledge of OWSAP Top 10
WAF support
Configuring and using vulnerability management tools
Knowledge of NIST Cybersecurity Framework
Analytical/problem solving skills
In-Depth Knowledge of System Development Life Cycle Deliverables for each phase of development
IT Technologies Skills and Concepts
Web API / REST Web Services
C Sharp
.Net and/or .Net Core programming
.Net (MS)
Java
JEE application server support
SQL

Nice To Haves

Experience in development and facilitation of planning, orientation and training sessions with executives, management and other agencies desired
Certified Information System Security Professional (CISSP)
Global Information Assurance Certification
JEE programming
Apache and Tomcat
WebSphere
DBMS experience

Responsibilities

Research and implementation of cyber threat preventative designs and standards. This role includes developing processes to follow during a cyber-attack and taking an active role during a cyber-attack.
Working with application teams to coordinate vulnerability testing and management for web based applications
Vulnerability testing and management for desktops, laptops, VDI, and other hardware
Working with several areas of DCF BITS and with the State of Wisconsin data center specialists, the analysist will advise on policies and procedures to implement web application security into application designs and also to identify and implement secure infrastructure design and configurations.
This security analyst will work with the DCF BITS IT Security officer, application team managers and technical leads, and business partners to respond to and document controls in order to meet various audit requirements.
Designs and coordinates implementation of security controls.
Monitors compliance with security policies and procedures.
The security analyst will coordinate and collaborate with multiple BITS sections, business partners, and other State Agencies.
Create compelling presentations to share effective practices, process improvements to BITS, business partners, and executives as requested.
Mentors development teams on how to implement security controls.
Lead a culture change to actively integrate security controls into the current SDLC at DCF