Washington State ESD
IT Security Analyst (IT Security - Senior/Specialist)
Washington State ESD, Seattle, Washington, us, 98127
WSLCB Vision
Safe communities for Washington State.
Mission Promote public safety, public health and trust through fair administration, education, and enforcement of liquor, cannabis, tobacco, and vapor laws.
Recruitment closes December 22, 2025. Please submit an application on or before December 21, 2025. The hiring authority reserves the right to make a hiring decision at any time and encourages all to apply as early as possible.
Work Arrangement This position is currently eligible to telework and is expected to work in the office up to 2 days a week with some flexibility.
Who we are The mission of the Washington State Liquor and Cannabis Board (WSLCB) is to promote public safety and trust through fair administration, education, and enforcement of liquor, cannabis, tobacco, and vapor laws. At the WSLCB we build a culture of excellence in customer service, open communication, transparency, accountability, data‑driven decisions, and continuous process improvement. We strive to be a great place to work by fostering a safe, open, inclusive, and healthy work environment that welcomes diversity.
Your opportunity at a glance The WSLCB Information Technology Services Division is announcing an opportunity for an IT Security Analyst (IT Security - Senior/Specialist) position in Olympia, WA. This position reports directly to the Chief Information Security Officer (CISO) and manages a security program that establishes standards and practices impacting statewide staff and applications that manage revenue for the state.
We look for candidates who can build, secure, test, maintain, and improve security and DR/COOP solutions within infrastructure, applications, and databases, collaborate across agencies and teams, and drive accountability for secure technical standards at every level of the agency.
Benefits
A comprehensive benefits package (Medical/Dental/Vision, Long Term Disability, Life Insurance, etc.)
Paid Vacation, Leave, and Holidays
Tuition Waiver for courses at state universities/colleges on a space‑availability basis; state employees may receive tuition/fees waived.
Tuition reimbursement for courses taken with prior approval to further career development.
Training and career development programs (incl. online courses and LinkedIn Learning)
Healthy work/life balance with flexible scheduling and telework/remote options, when possible
Employee Assistance Program—confidential support for health, safety, and well‑being of public service employees.
Generous wellness program—reimbursements for fitness‑related activities.
Onsite exercise facility (for employees working at the WSLCB headquarters in Olympia)
Infants at Work Program—eligible employees may bring their infants (six weeks to six months) when returning to work, subject to job duties, location, and supervisor approval.
Free parking
Duties you will perform
Lead Vulnerability and Threat Management strategic planning and roadmap development for agency‑wide cybersecurity initiatives.
Conduct comprehensive vulnerability assessments across enterprise applications, hardware, network infrastructure, cloud services, and critical systems to ensure compliance with agency security policies, Washington State standards, and applicable regulatory frameworks.
Lead vulnerability remediation and risk mitigation efforts by collaborating with infrastructure teams, application development groups, cloud operations, and business unit stakeholders to implement effective and sustainable corrective actions.
Lead threat management efforts by correlating security telemetry, threat intelligence, and environmental context to identify emerging attack patterns, assess risk exposure, and prioritize response actions.
Detect and respond to advanced cybersecurity threats through real‑time monitoring, behavioral analysis, and automated alerting to rapidly contain incidents and minimize operational impact.
Conduct proactive threat hunting and in‑depth log analysis using available tools to identify indicators of compromise, anomalous behavior, lateral movement attempts, and potential vulnerabilities within the agency’s environment prior to incident escalation.
Serve as a senior incident responder, performing forensic investigation, evidence preservation, root‑cause analysis, comprehensive documentation, and coordination of remediation efforts with impacted teams.
Lead comprehensive internal security risk assessments to identify, evaluate, and mitigate technology‑related risks affecting agency systems, data, and operations.
Conduct quantitative and qualitative risk analyses to support data‑driven decision‑making by IT leadership and executive management.
Lead formal Security Design Reviews in collaboration with enterprise architects, development teams, and cybersecurity staff to ensure new systems, applications, and infrastructure align with agency and WaTech enterprise security architecture standards, policy requirements, and secure design principles throughout the planning, development, and implementation phases.
Manage the tracking, coordination, and remediation of security audit findings resulting from external assessments, compliance reviews, and regulatory examinations.
Lead agency‑wide Governance, Risk, and Compliance (GRC) initiatives, providing senior‑level technical expertise to strengthen cybersecurity oversight, accountability, and risk‑management practices across the organization.
Drive the development and refinement of cybersecurity policies, procedures, and standards, ensuring they remain aligned with Washington State requirements, evolving threat landscapes, and operational realities.
Required Qualifications Option 1:
Seven (7) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis.
AND
at least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management.
AND
at least 2 years of working knowledge of MS Sentinel (SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and RiskSense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
AND
familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to cybersecurity within the agency.
Option 2:
An Associate’s degree in an IT program or closely related field.
AND
Five (5) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis.
AND
at least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management.
AND
at least 2 years of working knowledge of MS Sentinel (SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and RiskSense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
AND
familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to cybersecurity within the agency.
Option 3:
A Bachelor’s degree or above in an IT program or closely related field.
AND
Three (3) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis.
AND
at least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management.
AND
at least 2 years of working knowledge of MS Sentinel (SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and RiskSense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
AND
familiarity with Washington State Security Policies, NIST Framework, CJIS and other regulatory frameworks relevant to cybersecurity within the agency.
ALSO
The following professional IT certifications can substitute 1 year of experience for each certificate: CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
Preferred/Desired Qualifications
CISSP - Certified Information Systems Security Professional Certification.
Working level knowledge of Cloud, MS Azure, and Google.
Experience with security tools not listed above (e.g., Splunk, CrowdStrike, Tenable, Qualys, Palo Alto, Fortinet).
If you are excited about this role but not sure if your experience aligns perfectly with every qualification, we encourage you to apply. At the Washington State Liquor and Cannabis Board, we are dedicated to building a diverse and authentic workplace centered in belonging. You may just be the needed candidate for this or other roles.
How to apply PLEASE READ THE FOLLOWING INFORMATION CAREFULLY TO ENSURE YOU HAVE SUBMITTED THE REQUIRED MATERIALS TO BE CONSIDERED.
Completed online application.
Current resume.
Letter of interest describing how you meet the specific qualifications for the position.
Three professional references, including a current or recent supervisor with email addresses and phone numbers.
A resume will not substitute for completing the work experience section of the application.
The information provided in your application and supplemental questionnaire must support your selected answers. Responses not supported in your application will disqualify you for consideration of employment from this recruitment.
Prior to a new hire, a background check including criminal record history will be conducted. The information from the background check may be considered in determining the applicant’s suitability and competence to perform in the position.
Applicants for employment with the Washington State Liquor and Cannabis Board should also be aware of RCW 66.08.080, which states that no employee of the board shall have any interest, directly or indirectly, in the manufacture of liquor sold under this title, or derive any profit or remuneration from the sale of liquor, other than the salary or wages payable to him in respect of his office or position, and shall receive no gratuity from any person in connection with such business.
RCW 69.50.351 requires that no member of the state liquor and cannabis board and no employee of the state liquor and cannabis board shall have any interest, directly or indirectly, in the producing, processing, or sale of cannabis, usable cannabis, or cannabis‑infused products, or derive any profit or remuneration from the sale of cannabis, usable cannabis, or cannabis‑infused products other than the salary or wages payable to him or her in respect of her or his office or position, and shall receive no gratuity from any person in connection with the business.
The Washington State Liquor and Cannabis Board is an equal opportunity employer and encourages applications from job seekers with diverse backgrounds. Honoring diversity, equity and inclusion means that as an agency, and as individuals, we are committed to ensuring that all employees enjoy a respectful, safe, and supportive working environment.
All qualified applicants will receive consideration for employment without discrimination based on sex, race, creed, religion, color, national origin, age, honorably discharged veteran or military status, sexual orientation including gender expression or identity, the presence of any sensory, mental, or physical disability, or the use of a trained dog guide or service animal by a person with a disability. You are welcome to include your name and gender pronouns in your application to ensure we address you appropriately throughout the application process.
For questions about this recruitment, or to request reasonable accommodation in the application process, please email hrjobs@lcb.wa.gov or call (360) 664‑1674. For TTY service, please call the Washington Relay Service at 7‑1‑1 or 1‑800‑833‑6384.
#J-18808-Ljbffr
Mission Promote public safety, public health and trust through fair administration, education, and enforcement of liquor, cannabis, tobacco, and vapor laws.
Recruitment closes December 22, 2025. Please submit an application on or before December 21, 2025. The hiring authority reserves the right to make a hiring decision at any time and encourages all to apply as early as possible.
Work Arrangement This position is currently eligible to telework and is expected to work in the office up to 2 days a week with some flexibility.
Who we are The mission of the Washington State Liquor and Cannabis Board (WSLCB) is to promote public safety and trust through fair administration, education, and enforcement of liquor, cannabis, tobacco, and vapor laws. At the WSLCB we build a culture of excellence in customer service, open communication, transparency, accountability, data‑driven decisions, and continuous process improvement. We strive to be a great place to work by fostering a safe, open, inclusive, and healthy work environment that welcomes diversity.
Your opportunity at a glance The WSLCB Information Technology Services Division is announcing an opportunity for an IT Security Analyst (IT Security - Senior/Specialist) position in Olympia, WA. This position reports directly to the Chief Information Security Officer (CISO) and manages a security program that establishes standards and practices impacting statewide staff and applications that manage revenue for the state.
We look for candidates who can build, secure, test, maintain, and improve security and DR/COOP solutions within infrastructure, applications, and databases, collaborate across agencies and teams, and drive accountability for secure technical standards at every level of the agency.
Benefits
A comprehensive benefits package (Medical/Dental/Vision, Long Term Disability, Life Insurance, etc.)
Paid Vacation, Leave, and Holidays
Tuition Waiver for courses at state universities/colleges on a space‑availability basis; state employees may receive tuition/fees waived.
Tuition reimbursement for courses taken with prior approval to further career development.
Training and career development programs (incl. online courses and LinkedIn Learning)
Healthy work/life balance with flexible scheduling and telework/remote options, when possible
Employee Assistance Program—confidential support for health, safety, and well‑being of public service employees.
Generous wellness program—reimbursements for fitness‑related activities.
Onsite exercise facility (for employees working at the WSLCB headquarters in Olympia)
Infants at Work Program—eligible employees may bring their infants (six weeks to six months) when returning to work, subject to job duties, location, and supervisor approval.
Free parking
Duties you will perform
Lead Vulnerability and Threat Management strategic planning and roadmap development for agency‑wide cybersecurity initiatives.
Conduct comprehensive vulnerability assessments across enterprise applications, hardware, network infrastructure, cloud services, and critical systems to ensure compliance with agency security policies, Washington State standards, and applicable regulatory frameworks.
Lead vulnerability remediation and risk mitigation efforts by collaborating with infrastructure teams, application development groups, cloud operations, and business unit stakeholders to implement effective and sustainable corrective actions.
Lead threat management efforts by correlating security telemetry, threat intelligence, and environmental context to identify emerging attack patterns, assess risk exposure, and prioritize response actions.
Detect and respond to advanced cybersecurity threats through real‑time monitoring, behavioral analysis, and automated alerting to rapidly contain incidents and minimize operational impact.
Conduct proactive threat hunting and in‑depth log analysis using available tools to identify indicators of compromise, anomalous behavior, lateral movement attempts, and potential vulnerabilities within the agency’s environment prior to incident escalation.
Serve as a senior incident responder, performing forensic investigation, evidence preservation, root‑cause analysis, comprehensive documentation, and coordination of remediation efforts with impacted teams.
Lead comprehensive internal security risk assessments to identify, evaluate, and mitigate technology‑related risks affecting agency systems, data, and operations.
Conduct quantitative and qualitative risk analyses to support data‑driven decision‑making by IT leadership and executive management.
Lead formal Security Design Reviews in collaboration with enterprise architects, development teams, and cybersecurity staff to ensure new systems, applications, and infrastructure align with agency and WaTech enterprise security architecture standards, policy requirements, and secure design principles throughout the planning, development, and implementation phases.
Manage the tracking, coordination, and remediation of security audit findings resulting from external assessments, compliance reviews, and regulatory examinations.
Lead agency‑wide Governance, Risk, and Compliance (GRC) initiatives, providing senior‑level technical expertise to strengthen cybersecurity oversight, accountability, and risk‑management practices across the organization.
Drive the development and refinement of cybersecurity policies, procedures, and standards, ensuring they remain aligned with Washington State requirements, evolving threat landscapes, and operational realities.
Required Qualifications Option 1:
Seven (7) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis.
AND
at least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management.
AND
at least 2 years of working knowledge of MS Sentinel (SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and RiskSense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
AND
familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to cybersecurity within the agency.
Option 2:
An Associate’s degree in an IT program or closely related field.
AND
Five (5) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis.
AND
at least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management.
AND
at least 2 years of working knowledge of MS Sentinel (SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and RiskSense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
AND
familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to cybersecurity within the agency.
Option 3:
A Bachelor’s degree or above in an IT program or closely related field.
AND
Three (3) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis.
AND
at least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management.
AND
at least 2 years of working knowledge of MS Sentinel (SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and RiskSense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
AND
familiarity with Washington State Security Policies, NIST Framework, CJIS and other regulatory frameworks relevant to cybersecurity within the agency.
ALSO
The following professional IT certifications can substitute 1 year of experience for each certificate: CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar.
Preferred/Desired Qualifications
CISSP - Certified Information Systems Security Professional Certification.
Working level knowledge of Cloud, MS Azure, and Google.
Experience with security tools not listed above (e.g., Splunk, CrowdStrike, Tenable, Qualys, Palo Alto, Fortinet).
If you are excited about this role but not sure if your experience aligns perfectly with every qualification, we encourage you to apply. At the Washington State Liquor and Cannabis Board, we are dedicated to building a diverse and authentic workplace centered in belonging. You may just be the needed candidate for this or other roles.
How to apply PLEASE READ THE FOLLOWING INFORMATION CAREFULLY TO ENSURE YOU HAVE SUBMITTED THE REQUIRED MATERIALS TO BE CONSIDERED.
Completed online application.
Current resume.
Letter of interest describing how you meet the specific qualifications for the position.
Three professional references, including a current or recent supervisor with email addresses and phone numbers.
A resume will not substitute for completing the work experience section of the application.
The information provided in your application and supplemental questionnaire must support your selected answers. Responses not supported in your application will disqualify you for consideration of employment from this recruitment.
Prior to a new hire, a background check including criminal record history will be conducted. The information from the background check may be considered in determining the applicant’s suitability and competence to perform in the position.
Applicants for employment with the Washington State Liquor and Cannabis Board should also be aware of RCW 66.08.080, which states that no employee of the board shall have any interest, directly or indirectly, in the manufacture of liquor sold under this title, or derive any profit or remuneration from the sale of liquor, other than the salary or wages payable to him in respect of his office or position, and shall receive no gratuity from any person in connection with such business.
RCW 69.50.351 requires that no member of the state liquor and cannabis board and no employee of the state liquor and cannabis board shall have any interest, directly or indirectly, in the producing, processing, or sale of cannabis, usable cannabis, or cannabis‑infused products, or derive any profit or remuneration from the sale of cannabis, usable cannabis, or cannabis‑infused products other than the salary or wages payable to him or her in respect of her or his office or position, and shall receive no gratuity from any person in connection with the business.
The Washington State Liquor and Cannabis Board is an equal opportunity employer and encourages applications from job seekers with diverse backgrounds. Honoring diversity, equity and inclusion means that as an agency, and as individuals, we are committed to ensuring that all employees enjoy a respectful, safe, and supportive working environment.
All qualified applicants will receive consideration for employment without discrimination based on sex, race, creed, religion, color, national origin, age, honorably discharged veteran or military status, sexual orientation including gender expression or identity, the presence of any sensory, mental, or physical disability, or the use of a trained dog guide or service animal by a person with a disability. You are welcome to include your name and gender pronouns in your application to ensure we address you appropriately throughout the application process.
For questions about this recruitment, or to request reasonable accommodation in the application process, please email hrjobs@lcb.wa.gov or call (360) 664‑1674. For TTY service, please call the Washington Relay Service at 7‑1‑1 or 1‑800‑833‑6384.
#J-18808-Ljbffr