Security Analyst- II
Job ID:
CER 1817
Location: Madison, WI, 53703
Schedule: Hybrid (2-3 days/week in office)
Compensation: 1099: $45/hour
W2: $40/hour
(No C2C)
RFP Response Due: August 18th
Requirements
- This is a hybrid position. No WI residency required. Open to nationwide candidates.
- If selected hire is located in WI, they will follow the hybrid schedule of 2 days required onsite.
- If selected hire is out of state, there will be no onsite required.
Submission Instructions - Download & Complete Skills Matrix:
- Click here for SkillsMatrix and go to File > Select Download option > Select .doc version
- Apply Online:
- Go to CertecIncOpenJobs
- Look for the above Job ID & Click on EASY APPLY
- Fill the required details (Mandatory: Resume, SkillsMatrix, LinkedIn)
Note: Applications via LinkedIn, Indeed, or Dice will not be reviewed.
The Wisconsin Department of Natural Resources is looking for a Cyber Security Analyst with 5 - 7 years’ experience in a medium to large company with a diverse user base. The DNR is dedicated to the preservation, protection, effective management, and maintenance of Wisconsin's natural resources. DNR is responsible for implementing the laws of the state and, where applicable, the laws of the federal government that protect and enhance the natural resources of our state. DNR is charged with the responsibility for coordinating the many disciplines and programs necessary to provide a clean environment, and a full range of outdoor recreational opportunities for Wisconsin citizens and visitors.
The DNRIT Information and Data Security Section develops security strategy and ensures compliance of DNR, State and Federal security regulations by managing security governance, identifying, and mitigating risks, and assessing customer needs. Ensures awareness of DNR information, data, and cybersecurity requirements. Provides cybersecurity services through a portfolio which includes awareness, IT due diligence, risk management, incident response, vulnerability management, security compliance, Continuity of Operations (COOP), and disaster recovery. Provides services to review, properly plan and design modern security elements into applications and integrations between applications. Helps build secure, stable, and scalable technical data roadways across the DNR as well as integrated with the State enterprise and other agencies and partners by developing IT architectural frameworks and best practices.
The Cyber Security Analyst II will have many day-to-day activities ranging from proactive to reactive including but not limited to:
- Proactively determine use cases and policies to effectively manage threats (implement and test) as they emerge to optimize the DNR security posture.
- Work collaboratively with DNR IT Applications, Systems and End user device staff as well as the Department of Administration Division of Enterprise Technology (DET) to integrate and test security processes and controls.
- Respond to incidents involving DNR Systems, Desktops and Mobile devices and their applications.
- Report out on all activities to DNR IT Leadership so security priorities can be set.
Duties
DNR as an executive state agency shares responsibility with the Department of Administration, Division of Enterprise Technology that provides enterprise infrastructure (IaaS), platforms (PaaS) and applications (SaaS) as a service with the separations of duties roughly following the National Security Administration (NSA) Shared Responsibility model. DNR also is a consumer of many other Third-party service providers where DNR information is processed and stored that needs to be secure through its lifecycle.
The Cyber Security Analyst II will require a working knowledge of the following:
Secure Internet Access-Web Filter/proxy: (5+ yrs.)
- IPSec
- Network Segmentation
- Internet Access Protection
- Intrusion prevention system (IPS)
- Advanced Threat Protection
Endpoint Detection and Response -End User Device Management: (5+ yrs.)
- Trusted Platform Module
- System/Endpoint Encryption
- VPN
- Network Access Protection
- Securing Wireless LANs
- Patch Management
- Antivirus
- User Access Control (UAC)
- Session Zero/Baseboard Management/UEFI
- Active Directory Services
- Secure Application Deployment
- Information Rights Management
- Access Control Lists (ACLs)
- Host/Device Hardening
- Configuration/Audit/Compliance
- NVD, CVE, CAPEC
Incident Response: (5+ yrs.)
- Phishing
- Spear Phishing
- Man in the Middle (MITM) Attack
- Trojans
- Denial or Distributed Denial (DDoD) of Service Attack
- Ransomware
- Malware
- Social Engineering
Top Required Skills & Years Of Experience
- Secure Internet Access-Web Filter/proxy: (5+ yrs.)
- Endpoint Detection and Response -End User Device Management: (5+ yrs.)
- Incident Response: (5+ yrs.)