Under the general supervision of the GRC Manager, this position serves as a Security Analyst
responsible for supporting a wide range of compliance and cybersecurity functions across the
Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment
and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for
specific areas, monitoring corrective actions, and drafting risk reports with metric charts and
ongoing effort accountability. This position assesses, documents, and provides guidance to other IT
staff and non-IT areas on how to align IT operational and technology processes based on information
technology risk assessments and/or with regulatory compliance/audit functions. This position will
also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in
forensic investigations, and contributing to ongoing vulnerability management efforts. The role may
also include supporting cloud security initiatives, assisting with tabletop exercises, and developing
security response procedures.
The incumbent will work collaboratively with internal stakeholders across DOC, as well as external
partners including the Department of Administration’s Division of Enterprise Technology
(DOA/DET). The role will utilize a variety of enterprise security tools and platforms.
This position may be assigned to focus areas such as incident response, phishing mitigation, threat
detection, security awareness, vulnerability scanning, or forensic analysis, depending on
organizational needs. The analyst will represent the DOC Information Security Section (ISS) team in
technical discussions, project work, and collaborative efforts to improve DOC’s cybersecurity
posture.
The position requires strong communication and problem-solving skills, the ability to work
independently on complex tasks, and a commitment to upholding the security and privacy standards
of DOC. Clients and collaborators include information technology (IT) staff, application developers,
infrastructure teams, business units, vendor, and external governmental partners. The work
environment is dynamic, requiring adaptability, initiative, and a proactive mindset.
This position shall comply with the Department’s administrative rules and the agency’s policies
and procedures including those related to the Department's overall Reentry philosophy of using
evidence-based strategies, practices and programs which target an offender’s individual
criminogenic needs and risk level.
TIME % GOALS AND WORKER ACTIVITIES
60% A. Support cybersecurity policy execution, operational standards, and
governance activities.
A1. Review policy, procedures, controls, and standards to ensure DOC and
regulatory standards are met.
A2. Address compliance issues with IT security standards; identifying deficiencies
and recommending control and risk mitigation measures.
A3. Review documentation to ensure it meets standards and applicable regulatory
requirements, standards, or industry best practices.
A4. Assist with the creation of new and updates to policy, process, and technical
controls to determine if they are sufficient and functioning as intended.
A5. Report on risks and mitigations as well as following up to verify that
adjustments were made.
A6. Interpret NIST or other standards to recommend and implement best practices.
A7. Contribute to the maintenance and operationalization of information security
policies, procedures, and response playbooks.
A8. Review new IT projects, systems, and vendor solutions for security risk,
documenting and escalating concerns as needed.
A9. Provide technical consulting and security recommendations aligned with DOC
standards and DOA/DET architecture.
A10. Participate in enterprise-level risk assessments and contribute data to
compliance, audit, or risk reporting needs.
A11. Assist in threat modeling exercises or tabletop simulations designed to
improve preparedness and resiliency.
20% B. Monitor, detect, respond to, and investigate cybersecurity threats across
DOC’s enterprise environment.
B1. Triage, analyze, and respond to cybersecurity alerts using current technologies
and tools.
B2. Conduct forensic investigations into suspected security incidents, including
phishing, account compromise, and endpoint breaches.
B3. Coordinate with internal teams and DOA/DET to contain, eradicate, and
recover from security incidents.
B4. Analyze logs, threat intelligence, and user behavior to identify indicators of
compromise (IOCs) and prevent recurrence.
B5. Document incident response actions and create post-incident reports with
recommended improvements.
B6. Participate in phishing mitigation, email threat response, and takedown
coordination with third-party providers.
B7. Assist in vulnerability validation and risk triage based on vendor and tool
security recommendations.
B8. Support the tuning, configuration, and enhancement of security technologies
used in DOC’s environment.
B9. Assist with employee forensics, HR/legal investigations, and eDiscovery
requests through log and artifact analysis.
B10. Assist with continuous improvement of detection logic, alerts, and response
workflows in current technologies and tools.
15% C. Contribute to the configuration, deployment, and lifecycle management
of security technologies.
C1. Collaborate with internal teams and DOA/DET to implement, monitor, and
maintain endpoint security, network protection, and access control systems.
C2. Assist in the deployment or refinement of security technologies and tools.
C3. Test and validate new use cases or configurations in existing tools and
platforms, reporting anomalies or conflicts.
C4. Maintain technical documentation and inventories related to security tooling,
integrations, and metrics.
5% D. Maintain current expertise in cybersecurity tools, trends, and techniques.
D1. Participate in professional development opportunities such as conferences,
technical training, and webinars.
D2. Track emerging threats, vulnerabilities, and technology trends through vendor
briefings, information sharing groups, and security communities.
D3. Contribute to internal knowledge sharing and cross-training within the
security team.
KNOWLEDGE, SKILLS AND ABILITIES
1. Experience in effective methods of written and oral communication, meeting facilitation, and
presenting to both technical and non-technical staff appropriate to audience and scenario
2. Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security
standards.
3. Experience with techniques used to establish and maintain effective working relationships
with peers and customers
4. Experience in development, approval, and implementation of security documents (policies,
standards, etc.)
5. Knowledge of information security risk activities to include risk assessments, risk registers,
and risk management
6. Knowledge of state and federal laws regarding information security (Ex.HIPAA Security
Rule) as well as experience with audit and compliance activities in conjunction with state and
federal partners/regulators such as, but not limited to, the WI Legislative Audit Bureau and
the U.S. Department of Justice
7. Experience and working knowledge of common security frameworks and control theories to
include current applicable NIST , CJIS, and ISO standards
8. Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and
tools.
9. Strong knowledge of threat detection, incident response, and log analysis techniques.
10. Familiarity with phishing mitigation strategies and email threat analysis.
11. Working knowledge of vulnerability management practices, technologies, and tools.
12. Ability to analyze threat intelligence and apply it to strengthen detection and response
mechanisms.
13. Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve
fidelity.
14. Excellent technical writing and documentation skills, including incident reports and playbook
development.
15. Ability to collaborate with cross-functional teams, including DOA/DET, infrastructure, and
development staff.
16. Commitment to continuous learning, professional development, and information sharing.
Requirements
Top Skills & Years of Experience: At least 2 year's of experience required in the following:
- Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards.
- Experience and working knowledge of common security frameworks and control theories to include current applicable NIST, CJIS, and ISO standards
- Experience with creating and leading discussions around the implementation and artifact collection of NIST 800-53 controls
- Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools.
- Familiarity with phishing mitigation strategies and email threat analysis.
- Incident Response Forensics and Remediation (i.e. Crowdstrike, Sandbox evaluation & detonation, Phish evaluation, Malicious Website and Malicious Intent Identification)
- Customer service as it pertains to security incident management and communication with end user about dangerous behavior.
- Excellent technical writing and documentation skills, including incident reports and playbook development.
- Ability to work independently and as part of a distributed team to achieve shared objectives.
Nice to have skills:
- Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidelity.
- Strong interpersonal communication skills with the ability to explain complex topics to non-technical audiences.
- Experience working as a team member on projects to improve business needs.
- Experience supporting endpoint, network, and cloud-based security controls in large-scale environments.
- Demonstrated ability to adapt to emerging threats, technologies, and evolving operational needs.
Project Details: Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability. This position assesses, documents, and provides guidance to other IT staff and non-IT areas on how to align IT operational and technology processes based on information technology risk assessments and/or with regulatory compliance/audit functions. This position will also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in forensic investigations, and contributing to ongoing vulnerability management efforts. The role may also include supporting cloud security initiatives, assisting with tabletop exercises, and developing security response procedures.