Initial Posting Date:
12/16/2024
Application Deadline:
01/05/2025
Agency:
Department of Justice
Salary Range:
$6,268 - $9,472
Position Type:
Employee
Position Title:
Security Analyst (Information Systems Specialist 7) - IT Modernization Project
Job Description:
The Oregon Department of Justice is seeking to hire a Security Analyst (Information Systems Specialist 7) to serve on its Legal Tools Program Team. This role will be responsible to lead and support information security management, analysis, and best practices for Secure Software Development Lifecycle (SSDLC) of the Legal Tools Replacement (LTR) Program. This senior level position has the highest level of responsibility to provide information security management, analysis, expertise, planning, advice, and related technical services and support for all LTR Program managed data, systems, and processes. This position is part of a team dedicated to ensuring that the Legal Tools Program delivers a product that meets the unique needs of the Department of Justice.
At this time, the position is Limited Duration through June 30, 2025, but is likely to be extended or changed to permanent in the future. A rotational opportunity may be possible if the best candidate is internal, and a rotation won’t negatively impact the business. You must have your current managers approval for a rotation to be eligible.
Apply today! In exchange, we'll ensure you are paid well and equitable to your peers, we'll make work-life balance attainable, and we'll show you the door to professional development and job satisfaction. You will find that we embrace inclusive and supportive work environments and respect the diverse perspectives, knowledge, and experiences of our coworkers and those seeking to join the organization. We strive to build an inclusive and performance-oriented workplace where all individuals are welcomed and appreciated, leading to increasingly higher levels of fulfillment and success.
This position may be offered as full time remote within Oregon. Remote work for out-of-state candidates may also be possible, however, a number of factors must be considered; at this time, we are unable to accommodate remote work in all 50 states.
WHAT YOU WILL DO (in part)
- Validate that software products and services are designed, architected, implemented, configured, deployed, and operated securely by providing technical staff information, education, guidance, and hands-on support. Provide hands-on risk remediation guidance to technical teams.
- Manage, plan, and coordinate security audits, risk assessments, threat modeling, abuse case modeling, secure code reviews, static application secure testing and dynamic application secure testing in collaboration with DOJ and contracted services. Analyze and review designs and solutions for their ability to maintain confidentiality, integrity, and availability of DOJ managed systems, services, and data.
- Lead the LTR Program in adhering to secure system security lifecycle best practices by informing Program, DOJ, and contractor staff of those practices, designing the processes and procedures for implementation, and assisting and/or leading the execution of those practices.
- Provide professional expertise in information security governance, risk, and compliance activities for the Program and determine the best approach to respond to and remediate security issues, findings, or misconfigurations. Report recommendations to Program and DOJ leadership in response to audits or security vulnerability findings and manage the implementation of approved recommendation plans. Participate and/or provide oversight as requested or required as an information security advisor to the LTR Program in collaboration with the DOJ Information Security Officer.
- Communicate mandatory information security and compliance requirements from federal, state, local and Department laws, rules, policies, and standards with local, state, and federal partners working with the Program and DOJ.
- Evaluate potential software solutions, including cloud based, off-the-shelf, open-source, and hybrid model systems, and their security to ensure that they meet DOJ’s security and compliance requirements and technology standards.
- Develop DOJ system security plans (SSP), policies, standards, procedures, and guidelines in collaboration with business and technical teams; LTR Program security and compliance requirements; Requests for Proposals (RFP) and Statements of Work (SOW) for external products and services.
- Develop cost benefit analysis, configuration, security, and compatibility requirements with current systems as part of the planning process.
- Manage, plan, and implement information security measures for the protection of agency, client, and customer data. Evaluate, conceptualize, and recommend to LTR Program and DOJ leadership mechanisms to protect systems and data.
- Maintain knowledge of current and emerging security practices, technologies and innovations through training, blogs, professional journals and publications, contact with other IT and security professionals, and self-initiated study.
- Develop and maintain effective working relationships with other external organizations, DOJ Program and Project staff, DOJ divisions, and DOJ personnel.
- Other program related duties as assigned.
WHAT'S IN IT FOR YOU
When you become a DOJ team member, you join an agency that values loyal and enthusiastic employees by providing a competitive salary and great benefits, including excellent medical, vision, dental, pension and retirement programs. You also get paid Sick Leave, Vacation, Personal Business Leave, and 10 paid holidays a year. The position is represented by the Service Employees International Union (SEIU). For more information about our benefits, you can learn here.
REQUIRED EXPERIENCES AND ATTRIBUTES
Research suggests that women and people of color are less likely to apply unless they are confident they meet 100% of the listed qualifications. We welcome members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, and all interested individuals to apply, and allow us to evaluate the knowledge, skills, and abilities that you demonstrate, using an intentional equity lens.
Six (6) years of information systems experience in managing security for both cloud and on-premises systems. Education will be counted as experience if degree is in Computer Science, Information Technology, or related field, or if a two (2) year accredited vocational training program was completed in information technology or related field. Work experience is based on a 40-hour work week. (Example: 20 hours a week for one year would equal six-months of work experience.)
- Associate’s Degree (or 2-year vocational training) = Two (2) Years
- Bachelor's Degree = Four (4) Years
- Master's Degree = Six (6)
AND
- Experience developing and implementing system security plans within an information systems program.
- Served as a mentor and resource for expert guidance to personnel in creating procedures that support information security policies, standards, procedures, and guidelines.
- Contributed to the development of information security policies, standards, procedures, and guidelines.
- Effective communicator at all levels of the organization.
- Experience creating presentations, and speaking in front of small, medium, and large groups comprised of managers and staff.
- Knowledge and understanding of NIST Security and Privacy Frameworks and an understanding of NIST 800-53 r5, NIST 800-218 version 1.1, and 800-60 volume 1 and 2.
- Finalists must pass a comprehensive employment reference check and fingerprint-based criminal background check. A driver history check will be included for positions requiring state vehicle driving privileges. Adverse findings will be evaluated to determine eligibility for the position.
OUR IDEAL CANDIDATE WILL HAVE
- Desire and ability to learn and master new technical and business skills.
- Keen understanding of information security management best practices and technology solutions.
- Proactive troubleshooting, listening and problem-solving skills.
- Ability to plan and perform assignments with minimal or no supervision.
- Ability to meet deadlines while maintaining attention to detail and accuracy.
- Ability to sort through multiple and, at times, conflicting needs and priorities is required.
- Strong communication skills with the ability to communicate clearly, concisely and in a way that technical information is understood by all customers and users, both verbally and in writing.
- Ability to communicate effectively to both business and information technology staff both verbally and written.
- Ability to work independently or on a team as a partner to collectively achieve goals.
- Strong interpersonal skills with the ability to establish and maintain great working relationships with all levels of staff in the Department.
- Strong organization skills with the ability to shift priorities quickly while continuing to make progress on all work assignments.
- Certifications in ISP, CISSP, CCSP, GSEC, Security+, or equivalent (preference may be given to candidates who already have one or more of these).
APPLICATION PROCESS
- Click "Apply" and complete the online application and all supplemental questions.
- Attach your resume.
- Attach your cover letter.
ALL APPLICANTS: You will only have one opportunity to upload the required resume and cover letter. Drag and drop both resume and cover letter into Workday when prompted to upload your resume. If you are concerned that one or both documents didn't attach to your application, if you need an accommodation under the Americans with Disabilities Act (ADA), have questions, or need assistance with the application process, please contact oregon.gov. Any materials emailed will be associated on your behalf if received before the posting deadline.
CURRENT STATE EMPLOYEES: Login to Workday using your state-issued login and apply via the Jobs Hub Worklet located on your home page. Using a private account disrupts the hiring process for all internal candidates. Prior to clicking "Apply", update your employee profile to reflect your Education, Skills, and Job History (including your current job).
For more information about working for the Department of Justice and application assistance, you can learn here.
Candidates from diverse backgrounds are encouraged to apply. The Department of Justice is an equal opportunity employer, does not discriminate based on race, color, national origin, ethnicity, veteran status, gender, sexual orientation, religion, age, or disability, and is committed to workplace diversity.
Oregon Department of Justice
1162 Court St NE
Salem OR, 97301
DOJ.recruitment@doj.oregon.gov
Phone: (503) 947-4328
Fax: (503) 373-0367