Information Technology Security Analyst

NFORMATION TECHNOLOGY SECURITY ANALYST

LOCATION: Capital Judicial Center, Augusta

General Summary

The IT Security Analyst is responsible for helping to safeguard the court's digital infrastructure by analyzing, implementing, monitoring, and maintaining security measures to protect sensitive data and critical systems. This position involves developing and enforcing security policies, conducting risk assessments, responding to security incidents, and helping to ensure compliance with state and federal cybersecurity regulations. The position will oversee firewall compliance, intrusion detection systems, encryption protocols, and access controls to mitigate potential threats. Additionally, this position will collaborate with IT staff, court officials, and external agencies to enhance security awareness and resilience against cyber threats. Strong analytical skills, knowledge of emerging security technologies, and the ability to respond swiftly to cybersecurity incidents are essential for this position. Statewide travel is required.

Salary Range:

Salary grade 18: $82,721.20 - $111,966.40 annually.

What We Offer:

At the Maine Judicial Branch, we value our employees, which is why we offer great benefits. In addition to competitive pay, we provide:

• Work-life balance: 13 paid holidays, 2+ weeks of vacation leave, and 12 paid sick days every year.
• Paid Parental Leave: 4 weeks
• Gym membership and childcare reimbursement programs
• Public Service Student Loan Forgiveness Program
• Health insurance coverage (85%-100% employer-paid for employee-only plan)
• Health insurance premium credit (5% decrease in employee premiums)
• Dental insurance (100% employer-paid for employee-only plan)
• Health and dependent care flexible spending accounts
• Defined Benefit Pension plan contributions
• Voluntary deferred compensation (retirement savings 457 Plan)
• Up to $1000 Tuition Reimbursement each year
• Employer-paid life insurance (1x annual salary)
• Additional wellness benefits

ESSENTIAL JOB FUNCTIONS*

• Responsible for security governance and compliance. Develops, implements, and enforces cybersecurity policies while helping to ensure compliance with CJIS and other applicable regulations where required.
• Responsible for risk assessment and vulnerability management. Conducts regular security audits, risk assessments, and vulnerability scans to identify and mitigate potential security threats.
• Responsible for threat detection and incident response. Monitors systems for threats, analyzes security logs, investigates incidents, and coordinates responses and remediation efforts.
• Responsible for network and system security administration. Manages firewall rules in coordination with other state entities, intrusion detection and prevention systems, endpoint security, and encryption protocols to safeguard IT infrastructure.
• Responsible for access control and identity management. Implements and maintains user authentication, role-based access control, and multi-factor authentication to ensure proper system access.
• Responsible for security awareness and training. Develops and conducts cybersecurity training programs for court employees to promote security best practices and phishing awareness.
• Responsible for collaboration and coordination with IT staff, court leadership, law enforcement, and external security agencies to coordinate cybersecurity efforts and share threat intelligence.
• Responsible for business continuity and disaster recovery efforts by assisting in developing and maintaining disaster recovery and business continuity plans to ensure court operations can quickly resume after security incidents or system failures. Plans, schedules, and oversees Disaster Recovery Drills to include a post drill report with recommended improvement plans.
• Leads, plans, schedules, runs, and take notes and next actions for regularly scheduled Security Team meetings.

EDUCATION, EXPERIENCE, AND QUALIFICATIONS REQUIRED TO BE CONSIDERED FOR THE POSITION:

• Bachelor s Degree: A degree in Cybersecurity, Information Technology, Computer Science, or a related field is required. A combination of related post-secondary education and/or technology-related security work experience totaling at least 10 years may be considered in lieu of a bachelor's degree.
• Professional Experience: A minimum of 3 years of work experience relating to direct IT security work is required. Preference will be given to those who have IT security experience for a government or medium to large corporation.
• Certifications: Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker, Microsoft, Apple, or CompTIA Security+ are preferred.
• Demonstrated seven or more (7+) years of experience supporting computers, servers, and devices in an enterprise environment (multi-platform experience is a plus (e.g. Windows, OSX, Google, Unix, Android, IOS, etc.).
• Experience with videoconferencing equipment and audiovisual equipment a plus.
• Must have and maintain a valid driver s license.

KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED TO PERFORM THE JOB:

• Understanding of cybersecurity principles, including security frameworks, risk management, and best practices for protecting IT systems.
• Knowledge of network security and architecture, including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and encryption protocols.
• Knowledge of state and federal cybersecurity regulations, such as CJIS (Criminal Justice Information Services) compliance, NIST publications, and other judicial security standards.
• Knowledge of operating systems and software security and proficiency in securing Windows, Linux, and cloud-based environments (Azure, AWS, or Google Cloud).
• Knowledge of threat intelligence and incident response and ability to assess, detect, and respond to cyber threats, malware, phishing, and ransomware attacks.
• Knowledge of role-based access control (RBAC), multi-factor authentication (MFA), and privileged account management.
• Knowledge of and skill using carious security information tools, such as:
  • Microsoft Defender Suite (e.g. Defender for Endpoint, Defender for Cloud Apps, Defender for Identity)
  • SIEM & SOAR Platforms (e.g. Sentinel, Splunk, QRadar) to monitor logs, analyze security events, and detect anomalies.
  • EDR/XDR Solutions (e.g. CrowdStrike, SentinelOne, Microsoft Defender)
  • IAM (Identity and Access Management) Solutions (e.g. Azure AD, Okta, Ping Identity)
  • Cloud Security Tools (e.g. Azure Security Center, AWS Security Hub)
• Knowledge of disaster recovery and business continuity strategies to understand data backup, system restoration, and incident response planning.
• Ability to identify vulnerabilities and implement security controls to assess mitigate risks.
• Ability to troubleshoot technical issues ad strong diagnostic skills for identifying and resolving security issues and system vulnerabilities.
• Ability to educate and train users on cybersecurity best practices and phishing prevention.
• Strong project management skills and ability to plan and execute security initiatives, upgrades, and compliance projects.
• Strong verbal and written communication and collaboration skills to coordinate with IT staff, court officials, and law enforcement agencies.
• Ability to demonstrate analytical thinking by assessing security threats, analyzing data, and implementing effective security strategies.
• Ability to stay up to date with evolving cybersecurity trends, technologies, and regulatory requirements, and to adapt to emerging threats.
• Ability to quickly assess security incidents and develop effective response strategies and demonstrate critical thinking and problem solving skills.
• Ability to maintain the highest level of discretion in handling sensitive court and law enforcement data.
• Ability to manage and prioritize multiple security projects and incident responses while maintaining court system operations.
• Ability to develop, implement, and enforce security policies that align with state judicial IT requirements.
• Ability to quickly learn and understand MJB software applications and business practices and policies.

How to Apply:

This position will close at the end of business on December 5, 2025.

Cover letter, resume, and online application must be submitted online at _R25-01198-1

The Judicial Branch is an EEO/AA employer.

If you have any questions about the online application process, please contact the Judicial Branch Human Resources Department