The State of Wisconsin DOA is looking for one (1) Security Analyst II
Top Required Skills & Years of Experience:
Splunk Cloud experience (5+ years)
SOC (Security Operations Center) experience (5+ years)
Nice to Have Skills:
M365 Security experience
AI Security
Cloud Containers
Interview Process: Via TEAMS
Duration of the Contract: Until 6/30/25 with extension likely.
Onsite or Remote? Candidate MUST be a CURRENT WI resident. No relocation is allowed. 100% remote within the State of WI. Onsite if desired.
Project details (project overview, who the contractor will work with, soft skills needed, etc.):
Candidate should have excellent time management skills, communication skills, and project management. Over the course of the project, the candidate will work on the following: optimizing logs sources, onboarding new logs, troubleshooting issues with ingestion or services, status reports, alerts/reports/dashboards, data models, knowledge objects, and correlation searches.
The Division of Enterprise Technology (DET) manages the state's information technology (IT)
assets and uses technology to improve government efficiency and service delivery. DET
administers enterprise solutions and consults on technology services for state agencies, local
government and educational systems.
Under the general direction of the Security Audit and Compliance Supervisor, this position
provides assistance in the assessment of operations and adequacy of security controls and
compliance with federal and state regulations (e.g. Criminal Justice Information Services (CJIS),
Family Educational Rights and Privacy Act (FERPA), Federal Information Security
Management Act (FISMA), Federal Tax Information (FTI), Health Insurance Portability and
Accountability Act (HIPAA), Payment Card Industry (PCI), Social Security Administration
(SSA), etc.) This position is responsible for:
? determining whether electronic information systems operated and used by the DET are
effectively managed and controlled
? assisting in determining whether the application and general computer controls are
adequate and functioning as intended, especially in the area of privacy and security
? assisting in documenting improvements to existing or design-stage information systems
to increase efficiency or adequacy of controls
? maintaining policies and procedures related to the effective operation and control of the
information systems
? reviewing responses to external audit findings, and resolution of IT policy and
procedural issues
? performing self-assessments for compliance with regulatory and other industry standards
for infrastructure services provided by DET
The position requires strong communications skills, both verbally and in writing, provides
excellent customer service and assistance to internal and external stakeholders, and the ability to
work with cross-functional teams.
Goals and Worker Activities
30% A. Provide technical assistance on IT audit, security, and compliance requirements
to internal and external customers
A1.Research, review and keep current on federal and state regulatory compliance
requirements and security best practices.
A2.Maintain productive relations with supervisor and staff as a means of providing
assistance with audit and compliance needs and areas of potential risk.
A3.Provide technical assistance, as requested, to Department managers in appropriate IT
areas, such as development and implementation of internal control systems;
development of policies and procedures; establishing benchmarks to measure the
6/30/2015
PD_333654_IS ENTERPRISE SVCS SENIOR
effectiveness of an IT application or function; and enhancing security features
governing access to applications, LAN’s and physical IT operations.
A4.Identify audit topics that should be considered for audit or limited review, based on
indicators of any significant system changes, risks faced by the department and/or
possible benefits of conducting such assessments.
A5.Assist Department and agency managers in developing responses to audits by
external (state and federal) auditors, and in tracking responses to ensure that
corrective actions are taken.
A6.Conduct follow-up reviews to determine whether recommendations have been
implemented to adequately address the findings.
50% B. Serve as DET resource for documenting and assessing the adequacy of security
controls for information systems
B1.Meet with internal customers to review and understand their requirements as they
relate to enterprise security.
B2.Perform appropriate tests of general IT controls and specific application controls to
verify that controls being audited are functioning as intended.
B3.Recommend to management changes necessary to improve the design and operating
effectiveness IT security controls.
B4.Draft correspondence to management for audit results that clearly explain the
findings and conditions disclosed during the audit, the basis for the audit conclusions
and specific recommendations for corrective action.
B5.Develop an audit or limited review work plan detailing specific audit objectives,
audit tasks to be performed, the criteria to be reviewed by management in assessing
whether the IT system, function or activity being reviewed is performing effectively
and timelines for completing planned tasks.
B6. Investigate security and compliance related issues for the enterprise and agencies as
requested by management.
6/30/2015
PD_333654_IS ENTERPRISE SVCS SENIOR
15% C. Participate in information technology security initiatives
C1. Participate in cross-functional teams in needs assessment, design, or implementation
projects to address security audit and compliance needs.
C2. Review internal project study requests and project plans for compliance with IT
security strategic goals.
C3. Evaluate customer requirements to determine if security solutions meet federal and
state audit and compliance controls. Provide cost-benefit analyses as needed and
solicit funding to develop and implement new projects and services.
C4. Provide information technology security expertise to system developers, system
administrators, project managers and other IT professionals to ensure adequate
security controls in IT systems.
5% D. Professional Development
D1.Maintain familiarity with activities and trends in the field of security and other
related technologies.
D2.Attend appropriate training courses, conferences, and seminars.
D3.Read technical publications to maintain a high level of technical knowledge
concerning security with particular emphasis on shared infrastructure technology.
D4.Participate in activities of professional and technical associations to contribute to the
development in the data processing industry and in various agencies of government.
Knowledge, Skills and Abilities
1\. Ability to deliver quality service and maintain positive working relationships with
customers.
2\. Ability to function as a team member, including the open sharing of information,
and willingness to help out wherever needed.
3\. Ability to communicate clearly and effectively to both technical peers and less
technical customers in person and via written media such as email, reports, and
project charters.
4\. Knowledge of and ability to apply IT service-delivery management best practices
and procedures.
6/30/2015
PD_333654_IS ENTERPRISE SVCS SENIOR
5\. Ability to learn quickly; synthesize complex information, identify key points and
communicate results accurately and effectively.
6\. Knowledge and skill in standard audit procedures, including preparing an audit
guide and identifying the steps taken in conducting the audit.
7\. Knowledge of information technology controls.
8\. Skill and experience in IT systems, software and web-based applications.
9\. Knowledge of regulatory compliance requirements and assessment processes.
10\. Knowledge of security concepts, risk management and investigation techniques.
11\. Knowledge of practices of the Information Systems Audit and Control
Association or any other applicable background for the audit of information
systems.
12\. Skill in writing technical, management and analysis reports and papers.