Security Analyst 2

The Office of the Attorney General's (OAG) IT Enterprise Information Security division is seeking a technically proficient Security Analyst 2 to support the Security Engineering Management Team. The selected candidate will focus on implementing, configuring, and maintaining security tools and services across OAG's enterprise infrastructure. This includes conducting hands-on deployment of security technologies (e.g., CASB, endpoint detection, SIEM, DLP), integrating security controls into IT systems, and troubleshooting complex security issues across heterogeneous environments.

The Security Analyst 2 will collaborate with system administrators, developers, and project managers to ensure that security configurations align with organizational policies and compliance frameworks (e.g., CJIS, TAC 202, NIST 800-53). The role will also support secure transitions for major IT projects, including modernization efforts and the phased decommissioning of the OAG's legacy mainframe system, to ensure appropriate data protection and risk mitigation throughout the system's lifecycle.

Candidates who do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. 5 Years - Required

o Expert-level proficiency in designing, engineering, and optimizing Splunk-based security solutions, including advanced SPL query development, dashboard/report creation, alerting, and reusable knowledge objects.

o Onboarding and normalizing diverse data sources through field extractions, event types, tags, and custom source types; configuring Splunk for correlation searches, notable event frameworks, and risk-based alerting.

o Integrating with enterprise security tools and IT infrastructure; performing SIEM tuning, threat detection engineering, SOC workflow integration, development of security policies, and hardening procedures.

o Establishing baseline configurations to ensure consistent, compliant, and effective security operations. 3 Years - Required

o Proven experience in information security architecture, enterprise cybersecurity operations, regulatory compliance, cloud security compliance, and formal risk assessments.

o Strong background in Endpoint Detection & Response (EDR) platforms, including deployment, tuning, and threat investigation.

o Proficiency in security assessment techniques, including vulnerability scanning, penetration testing, and remediation planning.

o In-depth knowledge of cloud security principles and experience securing workloads in AWS and Microsoft Azure environments. 1 Year - Preferred

o Experience in AWS and Azure cloud security and IT governance, risk, and compliance (GRC) advisory services, including control frameworks, ISPRB/IRM, data classification, and policy violation management.

o Security exception handling, sensitive data handling (SDHA), data privacy and governance, Purview data classification, JIRA/ServiceNow, and internal/external audit support.