RCQC Senior Security Specialist

OverviewThe Office of Secretary of State (OSOS) offers diverse opportunities in state government. Its responsibilities include: ensuring a fair and accurate elections process; connecting Washingtonians through libraries; protecting government records; and registering corporations and charities. The Secretary of State administers community programs that inspire giving, document history, and assist crime survivors. This independent office operates from the Olympia area and statewide.OSOS seeks top-performing employees who embody its core values of integrity, service excellence, visionary leadership, collaboration and teamwork. The office is committed to employee growth and work-life balance. Benefits include potential eligibility for the federal Public Service Loan Forgiveness program.Division contextThe Information Security & Response (ISR) Division protects against cybersecurity threats and provides strategic elections messaging to enhance security and public confidence. The ISR Division has 15 employees based in the Olympia-area facility and the Digital Archives, including a Chief Information Security Officer, InfoSec Project Manager, VoteWA Development Manager, two InfoSec team supervisors, and four InfoSec systems administrators. The Risk Compliance & Quality Control (RCQC) Security Analyst is part of a three-person information security team and reports to the RCQC Manager.ResponsibilitiesForecast, define and influence information security improvement efforts.Collaborate with peers in other divisions to reduce risk and improve security.Advise and consult business and information owners on threat modeling to identify, communicate, and understand threats and mitigations.Perform analysis of systems and data to identify applicable security controls; provide requirements for design, configuration, and implementation of security-related features in system solutions.Participate in design reviews to champion changes that maintain or enhance security; analyze risk to inform preventative and contingency vestigate and assess the effectiveness of security controls and practices; determine system susceptibility to cyber incidents; simulate effects using real-world tactics and procedures.Test systems, applications and staff using proactive cybersecurity methods (e.g., penetration testing, red teaming, social engineering).Assess or anticipate the impact of risk events on the agency's mission and stakeholders; provide recommendations to refine security policies and procedures; work with the CISO and agency staff on prevention, identification, and response activities.Evaluate SDLC products for security and compliance; verify development products meet industry standards and regulations; use static and dynamic analysis to identify vulnerabilities; analyze legacy code for security risks and debt.Advise and train agency staff in information security and cyber hygiene; develop and deliver IT security training and presentations; communicate risk scope and impact.Maintain technical and communication skills by attending conferences, reading technical publications, conducting research, and maintaining relevant security certifications.Other duties as assigned.Required QualificationsEight years of information technology experience with security technologies (e.g., Web Proxies, DLP, SIEM, IDS, Incident Response & Investigation, Vulnerability Management, Endpoint Defense).Ability to efficiently use a PC and applicable software to perform essential job functions.Ability to read and write English.Desired QualificationsStrong communications, teamwork, and interpersonal skills.At least 15 quarter hours of study in computer science or a related field.Experience with programming or scripting languages (PowerShell, JavaScript, Python, C#, VBA, etc.).Experience developing and implementing information security controls and procedures.Understanding of advanced protocols and standards; ability to perform complex analysis and metrics.Knowledge of information security frameworks and regulations (NIST, PCI, HIPAA, CSC).Knowledge of state laws and regulations (RCWs and WAC) related to IT and the Public Records Act.Knowledge of federal programs such as the National Infrastructure Protection Program and related government sector formation security certifications (e.g., GIAC, CompTIA, ISC^2, ISACA).PLEASE READ: If you have gotten this far and think you do not qualify, reconsider. Studies show that women and people of color are less likely to apply unless they clearly meet every qualification. OSOS is committed to a diverse and authentic workforce with belonging. If you are excited about this role and have relevant experience and skills, apply regardless— you may be the ideal candidate.Working ConditionsThe position is primarily in an office setting, with the ability to sit or stand for extended periods. Standard hours are Monday–Friday 8am–5pm, but work outside these hours may be required, including evenings, weekends, and holidays. Regular travel to local offices is required, with potential travel for meetings and training. Must present professionally and communicate ideas clearly in writing and verbally, and work effectively with a wide variety of people in a team environment. Ability to work under pressure and meet deadlines is needed to coordinate with other operational areas for security response.Employer and applyThis position is in a bargaining unit represented by the Washington Federation of State Employees (WFSE) and is subject to the terms of the Collective Bargaining Agreement between the State of Washington, the Office of the Secretary of State, and the WFSE.How to ApplyTo be considered for this position you must attach:Current ResumeLetter of InterestThree Professional references (Personal references will not be considered).Complete the supplemental questions at the end of this application. Incomplete responses such as see resume will not be considered. If an employer is not identified in the additional information or not listed on your resume, credit may not be given.All veterans must include a copy of DD214 for preference. Black out your social security number before attaching it.Prior to hire, a background check including criminal record history will be conducted.Must have a current Washington state driver's license or have requested an appropriate accommodation.The Office of the Secretary of State is an equal opportunity employer (EOE). We do not discriminate on the basis of religion, age, sex, marital status, color, creed, national origin, political affiliation, military status, sexual orientation, or any real or perceived disability. All interested candidates are encouraged to apply. For assistance in the application process or alternative formats, call (360) 704-5211. #J-18808-Ljbffr

Created: 2025-10-03