Senior Cybersecurity Risk Analyst

Administrative Office Of The Courts

Job Location:

Olympia, WA - USA

Yearly Salary: $ 93804 - 123084

Posted on: 10 hours ago

Vacancies: 1 Vacancy

Job Summary

Position Profile

The Senior Cybersecurity Analyst - Risk Manager is a key contributor to the AOCs Information Security Program and is responsible for leading cybersecurity risk management activities that support the secure operation of Washingtons Judicial Branch systems and services. This position works collaboratively with internal teams external partners and court stakeholders to identify risks recommend mitigation strategies and strengthen the overall security posture of the agency.

The primary duties of this position consist of addressing cybersecurity risk and analyzing the potential business and customer risk aligning processes and controls to the relevant frameworks and providing resolution and mitigation recommendations. Additional responsibilities include assisting with vulnerability management application security and Information Security awareness programs.

Also the incumbent serves as a member of the organizations Incident Response Team.

Washington Courts Employment Opportunity

Administrative Office of the Courts

Senior Cybersecurity Risk Analyst

Information Services Division Cyber Security Unit

Our Mission: Advance the efficient and effective operation of the Washington Judicial System.

The Administrative Office of the Courts (AOC) is looking for top-performing employees who embody its core values integrity inclusion accountability and teamwork.It is committed to both employee growth and work-life balance.

Our diversity and inclusion efforts include embracing different cultures backgrounds and perspectives while fostering growth and advancement in the workplace.

POSITION DETAILS

Job #:2025-99

Status:Regular Full-Time*

Location: Olympia Washington

Salary:Range 72: $93804 - $123084 per year (DOQ).

Opens: December 11 2026

Closes:January 1 2026. AOC reserves the right to close the recruitment at any time.

WASHINGTON STATE RESIDENCY AND TELEWORK INFORMATION

AOC requires employees to reside in Washington State. Any exceptions must be approved. If you are invited to interview and currently reside outside of Washington State seek more information about residency requirements from the AOC hiring manager of this recruitment.

This position requires at least 2 days per week working onsite at AOC facilities

Duties and Responsibilities

Risk Management & Governance

Lead the development implementation and ongoing maintenance of the AOCs cybersecurity risk management program.
Identify evaluate and document cybersecurity risks affecting applications infrastructure data and business processes.
Maintain and oversee the enterprise risk register ensuring risks are prioritized assigned tracked and remediated.
Develop update and maintain cybersecurity policies standards procedures and guidelines aligned with NIST CSF CIS Controls NIST SP 800-53 StateRAMP and FedRAMP.
Provide clear actionable risk-based recommendations to leadership and program owners to guide security decisions and resource allocation.

Application & System Security Assessments

Conduct security assessments and reviews of new and existing systems services and applicationsincluding court-specific applicationsto identify security gaps or areas for improvement.
Evaluate secure architecture design data flows authentication models and access controls using threat modeling and secure development best practices (including OWASP).
Coordinate with development teams using Azure DevOps to ensure security requirements and controls are incorporated early in the system lifecycle.
Develop and document Plans of Action and Milestones (POA&Ms) and ensure timely remediation of identified risks.

Cloud Security & Enterprise Security Tools

Participate in governance and validation of security configurations for cloud and hybrid environments including Microsoft Azure Microsoft 365 Azure DevOps and Microsoft Defender.
Participate in the oversight and validation of Tenable vulnerability management activities including scan scoping asset coverage findings analysis and remediation tracking.

Compliance & Audit

Assess AOC systems and processes for compliance with applicable state and federal laws Judicial Branch policies and industry standards (e.g. NIST CJIS PCI StateRAMP FedRAMP).
Coordinate internal and external audits related to cybersecurity controls and documentation.
Conduct compliance gap analyses and work with technical teams to develop and implement mitigation strategies.
Prepare compliance reports and maintain documentation to satisfy audit and oversight requirements.

Vulnerability & Threat Management

Oversee the vulnerability management program ensuring vulnerabilities are identified validated analyzed scored prioritized and remediated.
Lead the integration of Tenable vulnerability data Microsoft Defender alerts threat intelligence and system logs to produce meaningful risk insights.
Provide ongoing reporting of vulnerability trends and risk impacts to leadership and stakeholders.

Incident Response & Preparedness

Serve as an active member of the AOC Enterprise Incident Response Team.
Provide risk-based guidance during cybersecurity incidents including impact assessment containment strategies and identification of contributing control weaknesses.
Support post-incident reviews and ensure lessons learned are incorporated into risk management practices and documentation.

Security Documentation & Reporting

Create maintain and publish risk assessment reports POA&Ms audit findings system security documentation and threat models.
Prepare executive-level briefings dashboards and metrics that communicate risk posture and remediation progress.
Ensure documentation is clear accurate and accessible to relevant stakeholders within the Judicial Branch.

Collaboration Leadership & Communication

Build strong working relationships across AOC teams court partners external vendors and other state entities to promote a coordinated approach to cybersecurity.
Serve as a subject matter expert for cybersecurity risk topics providing guidance training mentorship and support to AOC staff.
Promote a culture of security awareness and continuous improvement consistent with AOC values of integrity inclusion accountability and teamwork.
Performs other duties as assigned.

Qualifications and Credentials

A combination of education experience and certifications demonstrating a working knowledge of the functions and work of the SISA may substitute for qualifications listed.

A Bachelors degree in Computer Science Cybersecurity Software/Computer Engineering or a closely allied field; AND:

Seven (7) years of progressively responsible experience in a combination of the following:

Maintaining security standards for a medium or large government agency or organization (state or federal)
Addressing complex issues such as application security access management risk analysis security assessments and vulnerability analysis.

Certifications Memberships Licensure or Permits:

Acceptable professional IT certifications that are current can be substituted for up to three (3) years of experience with each certification equivalent to one (1) year of experience.

Acceptable certification(s) include but are not limited to:

(ISC)² CISSP CCSP CISSP-ISSAP CISSP-ISSEP CISSP-ISSMP CSSLP

ISACA CISA CISM CSX-P

CompTIA Security CE CySA CASP PenTest

SANS GIAC advanced certifications

THE IDEAL APPLICANT WILL ALSO HAVE SOME OR ALL OF THE FOLLOWING EXPERIENCE EDUCATION KNOWLEDGE SKILLS AND ABILITIES

Excellent verbal and written communication skills with the ability to translate technical concepts into clear and compelling messaging for diverse audiences.
In depth experience with conducting audits or risk assessments implementing controls and managing remediation efforts.
In-depth knowledge of cybersecurity frameworks such as NIST CIS etc.
Familiarity with systems and network infrastructure security technologies including application/OS hardening techniques network protocols firewalls intrusion detection systems etc.
Basic understanding of fundamental security and network concepts (Windows security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles network communication rules; intrusion detection and analysis methods; etc.)
Experienced working with the following tools risk assessment vulnerability management threat modeling network analysis tools etc.

Supplemental Information

The workweek may fluctuate depending on workload or agency needs.
Overnight travel may be required based on business needs.
This position is not overtime eligible.

The AOC is an equal opportunity employer and does not discriminate based on gender pregnancy race color national origin ancestry religion creed physical mental or sensory disability (actual or perceived) use of a service animal marital status sexual orientation gender identity or expression veteran or military status age HIV or Hepatitis C status or any other basis protected by federal or state law. Persons of disability needing assistance in the application process or those needing this announcement in an alternative format please contact the AOC Human Resource Office at or fax or via email to.

Candidates who are offered a job with AOC must possess work authorization that does not require sponsorship by the employer for a visa now or in the future.

AOC complies with the employment eligibility verification requirements of the federal government eligibility verification form I-9. The selected candidate must be able to provide proof of identify and eligibility to work in the United States consistent with the requirements for that form.

AOC does not use E-verify; therefore we are not eligible to extend STEM-Optional Practice Training (OPT). For information please visit

Persons legally authorized to work in the U.S. under federal law including Deferred Action for Childhood Arrivals recipients are eligible for employment unless prohibited by other state or federal law.

SPECIAL NOTE: Before a new hire a background check including criminal history will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicants suitability and competence to perform in the job.

Required Experience:

Senior IC

Position ProfileThe Senior Cybersecurity Analyst - Risk Manager is a key contributor to the AOCs Information Security Program and is responsible for leading cybersecurity risk management activities that support the secure operation of Washingtons Judicial Branch systems and services. This position w...