Information Security Analyst

  • Posted 18 hours ago | Updated 18 hours ago

Overview

Remote
Depends on Experience
Full Time
No Travel Required
Unable to Provide Sponsorship

Skills

FISMA
FedRAMP
DoD
Firewall
ITIL
COBIT
NIST
Network
Network Security

Job Details

Information Security Analyst

Content Type (Read only)

Announcement

Date Posted (Read only)

1/7/2026

Request Status (Read only)

Open

Task Order # (Read only)

DESSA0126

Title (Read only)*

Information Security Analyst

Project (Read only)

OATS Security Team

Body (Read only)

Commonwealth Officeof Application and Technology Services

Job Title: Information Security Analyst

Job Description

Security Analyst

 

Remote

 

Office of Application and Technology Services Description

 

 

Commonwealth of Kentucky Overview:

 

Here at the Commonwealth of Kentucky, we are passionate about building and improving the community we live in. Devoted healthcare professionals and application specialists contribute to the safety and health of our residents. If you are searching for a purposeful role where you can make a tangible impact on healthcare and technological growth, we invite you to explore the rewarding job opportunities we present.

The Opportunity:

 

The Office of Application and Technology Services (OATS) is seeking a highly motivated candidate for the role of Security Analyst for the Commonwealth of Kentucky reporting to the Chief Information Security Officer. The Security Analyst is responsible for reporting on security breaches, installing software to protect sensitive information, monitoring the Commonwealth network to watch for and prevent breaches, creating, and implementing a security plan, as well as running regular simulated cyber-attacks to assess the strength and vulnerability of computer systems. This job is a mid-level position that requires an extremely responsible candidate to perform the duties. Other responsibilities include:

 

Required Experience

  • Monitor network resources for security issues.
  • Monitor a Security Information and Event Management (SIEM)system to enhance the overall cybersecurity of CHFS: Data Collection, Event Correlations, Incident Detection, Investigation and Analysis, Response and Mitigation, Tuning and Optimization, Compliance Monitoring
  • Investigate security breaches and other cybersecurity incidents.
  • Develop an audit to determine whether information systems are protected, controlled, and provide value to the organization.
  • Conduct audit follow-up to evaluate whether risks have been sufficiently addressed.
  • Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
  • Communicate audit progress, findings, results, and recommendations to stakeholders.
  • Document security breaches and assess the damage they cause.
  • Work with the security team to perform tests and uncover network vulnerabilities.
  • Fix detected vulnerabilities to maintain a high-security standard
  • Develop cabinet-wide best practices for IT security.
  • Help colleagues install security software and understand information security management.
  • Research security enhancements and make recommendations to management.
  • Stay up to date on information technology trends and security standards.
  • Maintain and update relevant system and process documentation and develop ad-hoc reports as needed.
  • Assist in the development of security tool requirements, trials, and evaluations, as well as security operations procedures and processes.
  • Provide off-hours support on an infrequent, but as-needed basis.
  • Work trouble tickets in the ticketing system
  • Conduct meetings and work closely with system owners and departmental leads in all business areas where ePHI and other confidential system data is found.
  • Assist with continuous monitoring activities documenting within the eGRC tool whether security and other related activities are consistently performed.
  • Perform various support activities for other projects including obtaining information and documentation to demonstrate policies, procedures, and

operational processes that adhere to various regulations, policies, standards, and other compliance requirements.

  • Collaborate with OATS Departmental and other cross-agency staff to disseminate and engage appropriate OATS Security Teams for any new projects, tasks, and/or initiatives.

 

  • Lead and coordinate any special projects and/or tasks as directed by management.
  • Prepare reports for management.

.

 

 

Preferred Education & Experience:

 

Bachelor’s degree in computer science, Software Engineering, or a related field (equivalent professional experience may be considered for substitution for the required degree on an exception basis).

 

Candidates with one or more of the following certifications is a plus:

 

  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Defensive Analysis (OSDA)*
  • Cybersecurity Analyst (CySA+)
  • CompTIA Security+
  • CompTIA Advanced Security Practitioner (CASP+
  • CompTIA Pen Test+
  • Certified Network Defender (CND)
  • GIAC Security Essentials (GSEC)
  • System Security Certified Practitioner (SSCP) Knowledge, Skills & Abilities.

This is a partial listing of the necessary knowledge, skills, and abilities required to perform the job successfully. It is not an exhaustive list.

 

  • Ability to set the tone for the organization and motivate management and team.
  • Understanding of information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL.
  • Maintaining security, assessing and evaluating security, and doing security incident forensic work. Knowledge of vendors and their products including:
  • Experience with Government agencies, particularly the Department of Defense (DoD) on information security matters. Experience with Government Classified systems and the associated security requirements.
  • Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; and participating in professional organizations.
  • Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc.)
  • Innovative and creative mindset
  • Basic network security knowledge (general principles)
  • Excellent documentation and communication skills.
  • Ability to organize tasks into milestones and successfully execute to project completion.
  • Can work independently with little direct supervision.
  • General cyber-security understanding

 

Please provide any SDS Vendor skill level testing and testing results along with the candidate's resume and RTR submission

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Sitek