Lansing MI - IT - DTMB - Agency Services - MDOT - IT Security Analyst 1

Job Title: IT Security Analyst 1
Location: Lansing MI. Hybrid Role with 2 days onsite per week from day 1 The first six months in person days must be Tuesday/Wednesday.

Local candidates ONLY

Duration: 12 Months

Top Skills with Years of Experience:

Experience in the IT industry analyzing and applying information security principles and practices Required: 1 Year

Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems Required: 1 Year

Experience analyzing the applicable NIST Special Publications 80037 Revision 1 80053 Revision 34 or 5 and 80053A Revision 1. Required: 1 Year

CISSP CISA PMP and/or Security certification Nice to have Security certification will be required within 6 weeks of starting.

Position Description: IT Security Analyst I with the Department of Technology Management and Budget
(DTMB) Agency Services supporting the Michigan Department of Transportation (MDOT).
Detailed Job Duties:
The IT Security Analyst is responsible for completing and maintaining system security plans (SSP) for new and
existing systems. This requires close coordination with IT project teams business and enterprise security
representatives and product owners to establish and maintain processes and controls for security vulnerability
remediation.
Responsibilities:
Create system security plans (SSP) for new applications in alignment with the Secure Application
Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP).
Maintain SSPs for existing applications requiring authority to operate (ATO) and those facing software
and/or hardware enhancements.
Continuously monitor plans of action and milestones (POA&M) and corrective action plans (CAP) as they
relate to the SSPs in collaboration with the MDOT Enterprise Information Management (EIM) office.
Validate respective SSPs to ensure NIST control requirements are met.
Author recommendations associated with your findings on how to improve the customers security posture
in accordance with SOM PSP & NIST controls.
Assist team members and vendors with proper Artifact collection to satisfy assessment requirements.
Skillsets Required:
Experience in the IT industry analyzing and applying information security principles and practices
Required: 1 Years Experience reviewing IT systems/applications plus basic knowledge of networking components and
various operating systems Required: 1 Years Experience analyzing the applicable NIST Special Publications 80037 Revision 1 80053 Revision 34
or 5 and 80053A Revision 1. Required: 1 Years Experience with other Security Frameworks (ISO NIST COBIT HIPAA/HITECH etc.) and regulatory
requirements is a plus Nice to have: 2 years
CISSP CISA PMP and/or Security certification Nice to have
Experience working with software vendors to implement security controls Nice to have
Experience working independently and in a team environment
Strong written and verbal communication skills including the ability to explain technical matters to a
nontechnical audience
Ability to collaborate on multiple projects/efforts at a given time
Flexibility to adjust quickly to multiple demands shifting priorities ambiguity and rapid change