Senior Cybersecurity Risk Analyst Job at State of Washington in Walla Walla

Join to apply for the Senior Cybersecurity Risk Analyst role at State of Washington.

Description

The Senior Cybersecurity Analyst – Risk Manager is a key contributor to the AOC’s Information Security Program. The role leads cybersecurity risk management activities that support the secure operation of Washington’s Judicial Branch systems and services. The analyst collaborates with internal teams, external partners, and court stakeholders to identify risks, recommend mitigation strategies, and strengthen the overall security posture of the agency.

Position Details

• Job #: 2025-99
• Status: Regular, Full-Time
• Location: Olympia, Washington
• Salary Range: $93,804 – $123,084 per year (DOQ)
• Opens: December 11, 2026
• Closes: January 1, 2026

Primary Responsibilities

Risk Management & Governance

• Lead the development, implementation, and ongoing maintenance of the AOC’s cybersecurity risk management program.
• Identify, evaluate, and document cybersecurity risks affecting applications, infrastructure, data, and business processes.
• Maintain and oversee the enterprise risk register, ensuring risks are prioritized, assigned, tracked, and remediated.
• Develop, update, and maintain cybersecurity policies, standards, procedures, and guidelines aligned with NIST CSF, CIS Controls, NIST SP 800-53, StateRAMP, and FedRAMP.
• Provide clear, actionable risk-based recommendations to leadership and program owners to guide security decisions and resource allocation.

Application & System Security Assessments

• Conduct security assessments and reviews of new and existing systems, services, and applications—including court-specific applications—to identify security gaps or areas for improvement.
• Evaluate secure architecture design, data flows, authentication models, and access controls using threat modeling and secure development best practices (including OWASP).
• Coordinate with development teams using Azure DevOps to ensure security requirements and controls are incorporated early in the system lifecycle.
• Develop and document Plans of Action and Milestones (POA&Ms) and ensure timely remediation of identified risks.

Cloud Security & Enterprise Security Tools

• Participate in governance and validation of security configurations for cloud and hybrid environments, including Microsoft Azure, Microsoft 365, Azure DevOps, and Microsoft Defender.
• Participate in the oversight and validation of Tenable vulnerability management activities, including scan scoping, asset coverage, findings analysis, and remediation tracking.

Compliance & Audit

• Assess AOC systems and processes for compliance with applicable state and federal laws, Judicial Branch policies, and industry standards (e.g., NIST, CJIS, PCI, StateRAMP, FedRAMP).
• Coordinate internal and external audits related to cybersecurity controls and documentation.
• Conduct compliance gap analyses and work with technical teams to develop and implement mitigation strategies.
• Prepare compliance reports and maintain documentation to satisfy audit and oversight requirements.

Vulnerability & Threat Management

• Oversee the vulnerability management program, ensuring vulnerabilities are identified, validated, analyzed, scored, prioritized, and remediated.
• Lead the integration of Tenable vulnerability data, Microsoft Defender alerts, threat intelligence, and system logs to produce meaningful risk insights.
• Provide ongoing reporting of vulnerability trends and risk impacts to leadership and stakeholders.

Incident Response & Preparedness

• Serve as an active member of the AOC Enterprise Incident Response Team.
• Provide risk-based guidance during cybersecurity incidents, including impact assessment, containment strategies, and identification of contributing control weaknesses.
• Support post-incident reviews and ensure lessons learned are incorporated into risk management practices and documentation.

Security Documentation & Reporting

• Create, maintain, and publish risk assessment reports, POA&Ms, audit findings, system security documentation, and threat models.
• Prepare executive-level briefings, dashboards, and metrics that communicate risk posture and remediation progress.
• Ensure documentation is clear, accurate, and accessible to relevant stakeholders within the Judicial Branch.

Collaboration, Leadership & Communication

• Build strong working relationships across AOC teams, court partners, external vendors, and other state entities to promote a coordinated approach to cybersecurity.
• Serve as a subject matter expert for cybersecurity risk topics, providing guidance, training, mentorship, and support to AOC staff.
• Promote a culture of security awareness and continuous improvement consistent with AOC values of integrity, inclusion, accountability, and teamwork.
• Perform other duties as assigned.

Qualifications

• A Bachelor’s degree in Computer Science, Cybersecurity, Software/Computer Engineering, or a closely allied field.
• Seven (7) years of progressively responsible experience in a combination of:
  • Maintaining security standards for a medium or large government agency or organization (state or federal).
  • Addressing complex issues such as application security, access management, risk analysis, security assessments, and vulnerability analysis.
• Acceptable professional IT certifications that are current can be substituted for up to three (3) years of experience with each certification equivalent to one (1) year of experience.

Acceptable Certifications

• (ISC)2 – CISSP, CCSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CSSLP
• ISACA – CISA, CISM, CSX-P
• CompTIA – Security+ CE, CySA+, CASP+, PenTest+
• SANS – GIAC advanced certifications

Ideal Applicant Attributes

• Excellent verbal and written communication skills with the ability to translate technical concepts into clear and compelling messaging for diverse audiences.
• In-depth experience with conducting audits or risk assessments, implementing controls, and managing remediation efforts.
• In-depth knowledge of cybersecurity frameworks such as NIST, CIS, etc.
• Familiarity with systems and network infrastructure security technologies, including application/OS hardening techniques, network protocols, firewalls, intrusion detection systems, etc.
• Basic understanding of fundamental security and network concepts (Windows security: OS lockdown, logging and monitoring, application security, user access, perimeter protection principles, network communication rules, intrusion detection and analysis methods).
• Experienced working with risk assessment, vulnerability management, threat modeling, network analysis tools, etc.

Legal EEO Statement

The AOC is an equal opportunity employer and does not discriminate based on gender, pregnancy, race, color, national origin, ancestry, religion, creed, physical, mental or sensory disability (actual or perceived), use of a service animal, marital status, sexual orientation, gender identity or expression, veteran or military status, age, HIV or Hepatitis C status, or any other basis protected by federal or state law. Persons of disability needing assistance in the application process, or those needing this announcement in an alternative format, please contact the AOC Human Resource Office, at (360) 704-4143, or fax (360) 586-4409, or via email to Recruitment@courts.wa.gov.

Additional Employment Notes

Candidates who are offered a job with AOC must possess work authorization that does not require sponsorship by the employer for a visa now or in the future. AOC complies with the employment eligibility verification requirements of the federal government eligibility verification form I-9. The selected candidate must be able to provide proof of identity and eligibility to work in the United States consistent with the requirements for that form. AOC does not use E-verify; therefore we are not eligible to extend STEM-Optional Practice Training (OPT). For information, please visit www.uscis.gov. Persons legally authorized to work in the U.S. under federal law, including Deferred Action for Childhood Arrivals recipients, are eligible for employment unless prohibited by other state or federal law.