Senior Cybersecurity Analyst (Information Systems Specialist 7) - IT Modernization Project

State of Oregon

1d•Remote

About The Position

The Oregon Department of Justice is seeking to hire a highly skilled Senior Cybersecurity Analyst (Information Services Specialist 7) to join its Legal Tools Program Team. This position plays a critical role in safeguarding DOJ systems and data by performing advanced cybersecurity analysis, risk assessments, and implementing secure software development lifecycle (SDLC) practices. You will work hands-on with technical teams to ensure confidentiality, integrity, and availability of mission-critical systems. The Legal Tools Program is a major business and technology project currently underway to replace our core legal systems. Do you have skills that include information security management, risk analysis, expertise in Microsoft Power Platform, Purview, and SharePoint, planning, and related technical services? If so, we’re looking for you to be part of our team dedicated to ensuring that the Legal Tools Program delivers a product that meets the unique needs of the Department of Justice. At this time, the position is Limited Duration through June 30, 2027. Apply today! In exchange, we'll ensure you are paid well and equitable to your peers, we'll make work-life balance attainable, and we'll show you the door to professional development and job satisfaction. You will find that we embrace inclusive and supportive work environments and respect the diverse perspectives, knowledge, and experiences of our coworkers and those seeking to join the organization. We strive to build an inclusive and performance-oriented workplace where all individuals are welcomed and appreciated, leading to increasingly higher levels of fulfillment and success. This position may be offered as full time remote within Oregon. Remote work for out-of-state candidates may also be possible, however, a number of factors must be considered; at this time, we are unable to accommodate remote work in all 50 states.

Requirements

Six (6) years of information systems experience in managing security for both cloud and on-premises systems.
Education will be counted as experience if degree is in Computer Science, Information Technology, or related field, or if a two (2) year accredited vocational training program was completed in information technology or related field.
Work experience is based on a 40-hour work week. (Example: 20 hours a week for one year would equal six-months of work experience.)
Associate’s Degree (or 2-year vocational training) = Two (2) Years
Bachelor's Degree = Four (4) Years
Master's Degree = Six (6) Years
Finalists must pass a comprehensive employment reference check and fingerprint-based criminal background check.
A driver history check will be included for positions requiring state vehicle driving privileges.
Adverse findings will be evaluated to determine eligibility for the position.

Nice To Haves

Experience developing and implementing system security plans (SSP) within an information systems program.
Experience securing Power Platform and SharePoint Online.
Experience assessing and implementing security configurations for cloud solutions.
Effective communicator at all levels of the organization.
Experience creating presentations, and speaking in front of small, medium, and large groups comprised of managers and staff.
Knowledge and understanding of NIST Security and Privacy Frameworks and an understanding of NIST 800-53 r5, NIST 800-218 version 1.1, and 800-60 volume 1 and 2.
Desire and ability to learn and master new technical and business skills.
Keen understanding of information security management best practices and technology solutions.
Proactive troubleshooting, listening and problem-solving skills.
Ability to plan and perform assignments with minimal or no supervision.
Ability to meet deadlines while maintaining attention to detail and accuracy.
Ability to sort through multiple and, at times, conflicting needs and priorities is required.
Strong communication skills with the ability to communicate clearly, concisely and in a way that technical information is understood by all customers and users, both verbally and in writing.
Ability to work independently or on a team as a partner to collectively achieve goals.
Strong interpersonal skills with the ability to establish and maintain great working relationships with all levels of staff in the Department.
Strong organization skills with the ability to shift priorities quickly while continuing to make progress on all work assignments.
Certifications in ISP, CISSP, CCSP, GSEC, CISM, or equivalent (preference may be given to candidates who already have one or more of these).
Certifications in Microsoft Power Platform or Microsoft Azure

Responsibilities

Conduct risk assessments, threat modeling, and vulnerability analysis for DOJ systems.
Coordinate code reviews and coordinate static/dynamic application security testing (SAST/DAST).
Validate security configurations for cloud and on-premises environments.
Develop and maintain System Security Plans (SSPs) and compliance documentation.
Collaborate with developers to implement secure SDLC practices and remediate vulnerabilities.
Monitor compliance with DOJ, state, and federal security standards (NIST, CJIS, IRS 1075).
Stay current on emerging threats, tools, and best practices.