Washington State ESD is hiring: Senior Cybersecurity Risk Analyst in Seattle

The Senior Cybersecurity Analyst - Risk Manager is a key contributor to the AOC’s Information Security Program and is responsible for leading cybersecurity risk management activities that support the secure operation of Washington’s Judicial Branch systems and services. This position works collaboratively with internal teams, external partners, and court stakeholders to identify risks, recommend mitigation strategies, and strengthen the overall security posture of the agency.

The primary duties of this position consist of addressing cybersecurity risk and analyzing the potential business and customer risk, aligning processes and controls to the relevant frameworks and providing resolution and mitigation recommendations. Additional responsibilities include assisting with vulnerability management, application security and Information Security awareness programs.

Also, the incumbent serves as a member of the organization’s Incident Response Team.

Washington Courts Employment Opportunity

Administrative Office of the Courts

Senior Cybersecurity Risk Analyst

Information Services Division – Cyber Security Unit

Our Mission

Advance the efficient and effective operation of the Washington Judicial System.

The Administrative Office of the Courts (AOC) is looking for top-performing employees who embody its core values integrity, inclusion, accountability, and teamwork. It is committed to both employee growth and work-life balance.

Our diversity and inclusion efforts include embracing different cultures, backgrounds, and perspectives while fostering growth and advancement in the workplace.

POSITION DETAILS

Job #: 2025-99

Status: Regular, Full-Time*

Location: Olympia, Washington

Salary: Range 72: $93,804 - $123,084 per year (DOQ).

Opens: December 11, 2026

Closes: January 1, 2026. AOC reserves the right to close the recruitment at any time.

WASHINGTON STATE RESIDENCY AND TELEWORK INFORMATION

AOC requires employees to reside in Washington State. Any exceptions must be approved. If you are invited to interview and currently reside outside of Washington State, seek more information about residency requirements from the AOC hiring manager of this recruitment.

This position requires at least 2 days per week working onsite at AOC facilities

Risk Management & Governance

• Lead the development, implementation, and ongoing maintenance of the AOC’s cybersecurity risk management program.
• Identify, evaluate, and document cybersecurity risks affecting applications, infrastructure, data, and business processes.
• Maintain and oversee the enterprise risk register, ensuring risks are prioritized, assigned, tracked, and remediated.
• Develop, update, and maintain cybersecurity policies, standards, procedures, and guidelines aligned with NIST CSF, CIS Controls, NIST SP 800-53, StateRAMP, and FedRAMP.
• Provide clear, actionable risk-based recommendations to leadership and program owners to guide security decisions and resource allocation.

Application & System Security Assessments

• Conduct security assessments and reviews of new and existing systems, services, and applications—including court-specific applications—to identify security gaps or areas for improvement.
• Evaluate secure architecture design, data flows, authentication models, and access controls using threat modeling and secure development best practices (including OWASP).
• Coordinate with development teams using Azure DevOps to ensure security requirements and controls are incorporated early in the system lifecycle.
• Develop and document Plans of Action and Milestones (POA&Ms) and ensure timely remediation of identified risks.

Cloud Security & Enterprise Security Tools

• Participate in governance and validation of security configurations for cloud and hybrid environments, including Microsoft Azure, Microsoft 365, Azure DevOps, and Microsoft Defender.
• Participate in the oversight and validation of Tenable vulnerability management activities, including scan scoping, asset coverage, findings analysis, and remediation tracking.

Compliance & Audit

• Assess AOC systems and processes for compliance with applicable state and federal laws, Judicial Branch policies, and industry standards (e.g., NIST, CJIS, PCI, StateRAMP, FedRAMP).
• Coordinate internal and external audits related to cybersecurity controls and documentation.
• Conduct compliance gap analyses and work with technical teams to develop and implement mitigation strategies.
• Prepare compliance reports and maintain documentation to satisfy audit and oversight requirements.

Vulnerability & Threat Management

• Oversee the vulnerability management program, ensuring vulnerabilities are identified, validated, analyzed, scored, prioritized, and remediated.
• Lead the integration of Tenable vulnerability data, Microsoft Defender alerts, threat intelligence, and system logs to produce meaningful risk insights.
• Provide ongoing reporting of vulnerability trends and risk impacts to leadership and stakeholders.

Incident Response & Preparedness

• Serve as an active member of the AOC Enterprise Incident Response Team.
• Provide risk-based guidance during cybersecurity incidents, including impact assessment, containment strategies, and identification of contributing control weaknesses.
• Support post-incident reviews and ensure lessons learned are incorporated into risk management practices and documentation.

Security Documentation & Reporting

• Create, maintain, and publish risk assessment reports, POA&Ms, audit findings, system security documentation, and threat models.
• Prepare executive-level briefings, dashboards, and metrics that communicate risk posture and remediation progress.
• Ensure documentation is clear, accurate, and accessible to relevant stakeholders within the Judicial Branch.

Collaboration, Leadership & Communication

• Build strong working relationships across AOC teams, court partners, external vendors, and other state entities to promote a coordinated approach to cybersecurity.
• Serve as a subject matter expert for cybersecurity risk topics, providing guidance, training, mentorship, and support to AOC staff.
• Promote a culture of security awareness and continuous improvement consistent with AOC values of integrity, inclusion, accountability, and teamwork.
• Perform other duties as assigned.

A combination of education, experience, and certifications demonstrating a working knowledge of the functions and work of the SISA may substitute for qualifications listed.

A Bachelor’s degree in Computer Science, Cybersecurity, Software/Computer Engineering, or a closely allied field; AND:

• Seven (7) years of progressively responsible experience in a combination of the following: Maintaining security standards for a medium or large government agency or organization (state or federal) and Addressing complex issues such as application security, access management, risk analysis, security assessments, and vulnerability analysis.

Certifications, Memberships, Licensure or Permits

Acceptable professional IT certifications that are current can be substituted for up to three (3) years of experience with each certification equivalent to one (1) year of experience.

Acceptable certification(s) include, but are not limited to:

• (ISC)2 – CISSP, CCSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CSSLP
• ISACA – CISA, CISM, CSX-P
• CompTIA – Security+ CE, CySA+, CASP+, PenTest+
• SANS – GIAC advanced certifications

THE IDEAL APPLICANT WILL ALSO HAVE SOME OR ALL OF THE FOLLOWING EXPERIENCE, EDUCATION, KNOWLEDGE, SKILLS, AND ABILITIES

• Excellent verbal and written communication skills with the ability to translate technical concepts into clear and compelling messaging for diverse audiences.
• In depth experience with conducting audits or risk assessments, implementing controls, and managing remediation efforts.
• In-depth knowledge of cybersecurity frameworks such as NIST, CIS, etc.
• Familiarity with systems and network infrastructure security technologies, including application/OS hardening techniques, network protocols, firewalls, intrusion detection systems, etc.
• Basic understanding of fundamental security and network concepts (Windows security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
• Experienced working with the following tools, risk assessment, vulnerability management, threat modeling, network analysis tools, etc.

HOW TO APPLY

For more information about the position, to review the job description, application submission requirements, supplemental questions, inquire about benefits, or to apply for the position: CLICK HERE TO APPLY

IMPORTANT INFORMATION

• The workweek may fluctuate depending on workload or agency needs.
• Overnight travel may be required based on business needs.
• This position is not overtime eligible.

The AOC is an equal opportunity employer and does not discriminate based on gender, pregnancy, race, color, national origin, ancestry, religion, creed, physical, mental or sensory disability (actual or perceived), use of a service animal, marital status, sexual orientation, gender identity or expression, veteran or military status, age, HIV or Hepatitis C status, or any other basis protected by federal or state law. Persons of disability needing assistance in the application process, or those needing this announcement in an alternative format, please contact the AOC Human Resource Office, at (360) 704-4143, or fax (360) 586-4409, or via email to Recruitment@courts.wa.gov.

Candidates who are offered a job with AOC must possess work authorization that does not require sponsorship by the employer for a visa now or in the future.

AOC complies with the employment eligibility verification requirements of the federal government eligibility verification form I-9. The selected candidate must be able to provide proof of identify and eligibility to work in the United States consistent with the requirements for that form.

AOC does not use E-verify; therefore we are not eligible to extend STEM-Optional Practice Training (OPT). For information, visit www.uscis.gov

Persons legally authorized to work in the U.S. under federal law, including Deferred Action for Childhood Arrivals recipients, are eligible for employment unless prohibited by other state or federal law.

SPECIAL NOTE

Before a new hire, a background check, including criminal history, will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the job.