Note: The job is a remote job and is open to candidates in USA. ATC is looking for a Cyber Security Analyst to support compliance and cybersecurity functions for the Wisconsin Department of Correction. The role involves risk assessment, incident response, and collaboration with internal and external partners to enhance cybersecurity posture.
Responsibilities
- Review policy, procedures, controls, and standards to ensure DOC and regulatory standards are met
- Address compliance issues with IT security standards; identifying deficiencies and recommending control and risk mitigation measures
- Review documentation to ensure it meets standards and applicable regulatory requirements, standards, or industry best practices
- Assist with the creation of new and updates to policy, process, and technical controls to determine if they are sufficient and functioning as intended
- Report on risks and mitigations as well as following up to verify that adjustments were made
- Interpret NIST or other standards to recommend and implement best practices
- Contribute to the maintenance and operationalization of information security policies, procedures, and response playbooks
- Review new IT projects, systems, and vendor solutions for security risk, documenting and escalating concerns as needed
- Provide technical consulting and security recommendations aligned with DOC standards and DOA/DET architecture
- Participate in enterprise-level risk assessments and contribute data to compliance, audit, or risk reporting needs
- Assist in threat modeling exercises or tabletop simulations designed to improve preparedness and resiliency
- Triage, analyze, and respond to cybersecurity alerts using current technologies and tools
- Conduct forensic investigations into suspected security incidents, including phishing, account compromise, and endpoint breaches
- Coordinate with internal teams and DOA/DET to contain, eradicate, and recover from security incidents
- Analyze logs, threat intelligence, and user behavior to identify indicators of compromise (IOCs) and prevent recurrence
- Document incident response actions and create post-incident reports with recommended improvements
- Participate in phishing mitigation, email threat response, and takedown coordination with third-party providers
- Assist in vulnerability validation and risk triage based on vendor and tool security recommendations
- Support the tuning, configuration, and enhancement of security technologies used in DOC’s environment
- Assist with employee forensics, HR/legal investigations, and eDiscovery requests through log and artifact analysis
- Assist with continuous improvement of detection logic, alerts, and response workflows in current technologies and tools
- Collaborate with internal teams and DOA/DET to implement, monitor, and maintain endpoint security, network protection, and access control systems
- Assist in the deployment or refinement of security technologies and tools
- Test and validate new use cases or configurations in existing tools and platforms, reporting anomalies or conflicts
- Maintain technical documentation and inventories related to security tooling, integrations, and metrics
- Participate in professional development opportunities such as conferences, technical training, and webinars
- Track emerging threats, vulnerabilities, and technology trends through vendor briefings, information sharing groups, and security communities
- Contribute to internal knowledge sharing and cross-training within the security team
Skills
- 2+ years of experience applying NIST Cybersecurity Framework, NIST RMF, and other common security standards
- 2+ years of experience in development, approval, and implementation of security documents (policies, standards, etc.)
- 2+ years of experience in triaging and analyzing cybersecurity alerts
- 2+ years of experience and working knowledge of common security frameworks and control theories, including current applicable NIST, CJIS, and ISO standards
- 2+ years of experience creating and leading discussions around the implementation and artifact collection of NIST 800-53 controls
- Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools
- Familiarity with phishing mitigation strategies and email threat analysis
- Incident response forensics and remediation, including CrowdStrike, sandbox evaluation and detonation, phishing evaluation, malicious website identification, and malicious intent identification
- Customer service as it pertains to security incident management and communication with end users about dangerous behavior
- Excellent technical writing and documentation skills, including incident reports and playbook development
- Ability to work independently and as part of a distributed team to achieve shared objectives
- Experience in effective methods of written and oral communication, meeting facilitation, and presenting to both technical and non-technical staff appropriate to audience and scenario
- Experience with techniques used to establish and maintain effective working relationships with peers and customers
- Knowledge of information security risk activities, including risk assessments, risk registers, and risk management
- Knowledge of state and federal laws regarding information security, such as HIPAA Security Rule, and experience with audit and compliance activities in conjunction with state and federal partners/regulators such as the WI Legislative Audit Bureau and the U.S. Department of Justice
- Strong knowledge of threat detection, incident response, and log analysis techniques
- Working knowledge of vulnerability management practices, technologies, and tools
- Ability to analyze threat intelligence and apply it to strengthen detection and response mechanisms
- Ability to collaborate with cross-functional teams, including DOA/DET, infrastructure, and development staff
- Commitment to continuous learning, professional development, and information sharing
- 2+ years of experience in technical writing and documentation skills, including incident reports and playbook development
- 2+ years of experience in phishing mitigation strategies and email threat analysis
- 2+ years of experience supporting endpoint, network, and cloud-based security controls in large-scale environments
- Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidelity
- Strong interpersonal communication skills with the ability to explain complex topics to non-technical audiences
- Experience working as a team member on projects to improve business needs
- Demonstrated ability to adapt to emerging threats, technologies, and evolving operational needs
Company Overview