Overview
On Site
USD 75.00 - 78.00 per hour
Full Time
Skills
Mergers and Acquisitions
Issue Tracking
JIRA
RBAC
Cloud Security
Encryption
Management
Information Security Management
ISO 9000
ITIL
COBIT
Risk Assessment
Operating Systems
Network Security
Identity Management
Malware Analysis
Network Design
Routers
Switches
Firewall
Network Protocols
Analytical Skill
Cloud Computing
SaaS
Financial Software
Auditing
Regulatory Compliance
Microsoft
Snow Flake Schema
SLA
Security Operations
Business Analysis
Facilitation
Communication
Documentation
Leadership
Application Development
Risk Management
Data Security
Security Controls
Security Management
Access Control
Provisioning
Authorization
Incident Management
Information Security
Microsoft Azure
Active Directory
Workflow
TCM
DICE
Job Details
JOB TITLE: Security Analyst
JOB LOCATION: Boston MA
WAGE RANGE*: $75-$78
JOB NUMBER: ITS77 - RFR-FY26-007 - BEST Program Security Analyst
REQUIRED EXPERIENCE:
Providing operational security support to end users Experience working with modern issue tracking systems (JIRA) Understanding of enterprise security best practices, including but not limited to IAM, RBAC, Network Security, SaaS, Cloud Security, Data Security, Encryption, and File transfer management. In depth exposure to defining and implementing end user security protocols in a large public or private sector entity comparable in size to the Commonwealth. Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST. Understanding of information risk concepts and principles as a means of relating business needs to security controls. Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks. In-depth knowledge of risk assessment methods and technologies. Good understanding of financial systems security requirements. Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools. Extensive experience in developing, documenting, and maintaining security policies, processes, procedures, and standards. Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives. Demonstratable written and verbal communication skills. Preferred Qualifications Experience with Software-as-a-Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options. Demonstrated operational security support experience in a Software as a Service (SAAS) solution. Exposure to operating end user security protocols, policies, and other in a large public or private sector entity comparable in size to the Commonwealth. Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST. Audit, compliance, or governance experience is preferred. Demonstrated exposure to financial systems security requirements. Experience with Audit, compliance, or governance actions. Experience with Microsoft security tools and functions Experience with Snowflake security functions
JOB DESCRIPTION
The Security Analyst will work with the BEST Team, agencies, and SI and product vendors to identify the end-user roles and permissions that will be needed to implement the new Financials solution in multiple agencies and across multiple user types in a manner that ensures appropriate access to data by these parties. Procedures for rolling out user security will be developed in conjunction with the SI and product vendors, CTR, EOTSS, and agency staff currently responsible for provisioning and de-provisioning users of the Mosaic application. Specific Duties Works with the BEST Team, SI, and product vendors, CTR and EOTSS to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to: o Providing operational support as defined by SLA requirements agreed to by the Commonwealth and the product vendor. o Implementation of Commonwealth IT policies related to data security. o Working with the Commonwealth Risk Management Office in their assessments and recommended controls regarding data security and security operations. o Conducting additional business system analysis as needed. o Facilitating Communication between users and vendors using issue management software. o Building operational support playbook for day 2 operations Ensure the completion of information security operations documentation. Works with BEST information security leadership to develop strategies, procedures and recommended roles and responsibilities to enforce security requirements and address identified risks related to the use of the new Mosaic solution. Performs a configuration update and execution role in application development and implementation related to security requirements and controls, ensures that security controls are implemented as planned and that security and access needs are addressed throughout the User life cycle. Works with BEST, CTR's, and EOTSS' CSOs, CIOs, and the Commonwealth's Risk Management Office to identify, select and implement technical controls related to data security and to implement security processes and procedures that ensure security controls are managed and maintained both centrally through the new solution, and within agencies if certain security management tasks are decentralized. Advises the BEST Team and SI and product vendors regarding end user security roles and groups, data access controls and security role provisioning and de-provisioning protocols to ensure that data are accessed appropriately in the new Financials solution. Supports the BEST Team and agencies in the tasks required to identify approved end users of the new solution and coordinate provisioning of users for Day One go live. Advises security administrators on normal and exception-based processing of security authorization requests including the use of SI or product vendor provided tools that monitor system use and data access irregularities. Assists security administrators and IT staff in the resolution of reported security incidents. Acts as a liaison between incident response leads and subject matter experts. Monitors daily or weekly reports and security logs for unusual events. Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes. Researches and assesses new threats and security alerts and recommends remedial actions. Supports the implementation of Mosaic complete security profile, including, but not limited to: Azure Active Directory (AD) entry o Mosaic User Security Role o Mosaic User Business Role o Mosaic User Workflow Role o Mosaic Transaction Workflow
Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.
#Dice
JOB LOCATION: Boston MA
WAGE RANGE*: $75-$78
JOB NUMBER: ITS77 - RFR-FY26-007 - BEST Program Security Analyst
REQUIRED EXPERIENCE:
Providing operational security support to end users Experience working with modern issue tracking systems (JIRA) Understanding of enterprise security best practices, including but not limited to IAM, RBAC, Network Security, SaaS, Cloud Security, Data Security, Encryption, and File transfer management. In depth exposure to defining and implementing end user security protocols in a large public or private sector entity comparable in size to the Commonwealth. Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST. Understanding of information risk concepts and principles as a means of relating business needs to security controls. Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks. In-depth knowledge of risk assessment methods and technologies. Good understanding of financial systems security requirements. Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools. Extensive experience in developing, documenting, and maintaining security policies, processes, procedures, and standards. Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives. Demonstratable written and verbal communication skills. Preferred Qualifications Experience with Software-as-a-Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options. Demonstrated operational security support experience in a Software as a Service (SAAS) solution. Exposure to operating end user security protocols, policies, and other in a large public or private sector entity comparable in size to the Commonwealth. Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST. Audit, compliance, or governance experience is preferred. Demonstrated exposure to financial systems security requirements. Experience with Audit, compliance, or governance actions. Experience with Microsoft security tools and functions Experience with Snowflake security functions
JOB DESCRIPTION
The Security Analyst will work with the BEST Team, agencies, and SI and product vendors to identify the end-user roles and permissions that will be needed to implement the new Financials solution in multiple agencies and across multiple user types in a manner that ensures appropriate access to data by these parties. Procedures for rolling out user security will be developed in conjunction with the SI and product vendors, CTR, EOTSS, and agency staff currently responsible for provisioning and de-provisioning users of the Mosaic application. Specific Duties Works with the BEST Team, SI, and product vendors, CTR and EOTSS to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to: o Providing operational support as defined by SLA requirements agreed to by the Commonwealth and the product vendor. o Implementation of Commonwealth IT policies related to data security. o Working with the Commonwealth Risk Management Office in their assessments and recommended controls regarding data security and security operations. o Conducting additional business system analysis as needed. o Facilitating Communication between users and vendors using issue management software. o Building operational support playbook for day 2 operations Ensure the completion of information security operations documentation. Works with BEST information security leadership to develop strategies, procedures and recommended roles and responsibilities to enforce security requirements and address identified risks related to the use of the new Mosaic solution. Performs a configuration update and execution role in application development and implementation related to security requirements and controls, ensures that security controls are implemented as planned and that security and access needs are addressed throughout the User life cycle. Works with BEST, CTR's, and EOTSS' CSOs, CIOs, and the Commonwealth's Risk Management Office to identify, select and implement technical controls related to data security and to implement security processes and procedures that ensure security controls are managed and maintained both centrally through the new solution, and within agencies if certain security management tasks are decentralized. Advises the BEST Team and SI and product vendors regarding end user security roles and groups, data access controls and security role provisioning and de-provisioning protocols to ensure that data are accessed appropriately in the new Financials solution. Supports the BEST Team and agencies in the tasks required to identify approved end users of the new solution and coordinate provisioning of users for Day One go live. Advises security administrators on normal and exception-based processing of security authorization requests including the use of SI or product vendor provided tools that monitor system use and data access irregularities. Assists security administrators and IT staff in the resolution of reported security incidents. Acts as a liaison between incident response leads and subject matter experts. Monitors daily or weekly reports and security logs for unusual events. Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes. Researches and assesses new threats and security alerts and recommends remedial actions. Supports the implementation of Mosaic complete security profile, including, but not limited to: Azure Active Directory (AD) entry o Mosaic User Security Role o Mosaic User Business Role o Mosaic User Workflow Role o Mosaic Transaction Workflow
Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.
#Dice
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.