Splunk Security Analyst II

The Division of Enterprise Technology (DET) manages the state's information technology (IT) assets and uses technology to improve government efficiency and service delivery. DET administers enterprise solutions and consults on technology services for state agencies, local government and educational systems.

Under the general direction of the Security Audit and Compliance Supervisor, this position provides assistance in the assessment of operations and adequacy of security controls and compliance with federal and state regulations (e.g. Criminal Justice Information Services (CJIS), Family Educational Rights and Privacy Act (FERPA), Federal Information Security Management Act (FISMA), Federal Tax Information (FTI), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Social Security Administration (SSA), etc.) This position is responsible for:
determining whether electronic information systems operated and used by the DET are effectively managed and controlled
assisting in determining whether the application and general computer controls are adequate and functioning as intended, especially in the area of privacy and security
assisting in documenting improvements to existing or design-stage information systems to increase efficiency or adequacy of controls
maintaining policies and procedures related to the effective operation and control of the information systems
reviewing responses to external audit findings, and resolution of IT policy and procedural issues
performing self-assessments for compliance with regulatory and other industry standards for infrastructure services provided by DET

The position requires strong communications skills, both verbally and in writing, provides excellent customer service and assistance to internal and external stakeholders, and the ability to work with cross-functional teams.

MANDATORY REQUIREMENTS:
Splunk Cloud experience (5+ years)
SOC (Security Operations Center) experience (5+ years)
Knowledge of information technology controls
Skill and experience in IT systems, software and web-based applications
Knowledge of regulatory compliance requirements and assessment processes
Knowledge of security concepts, risk management and investigation techniques
Knowledge of practices of the Information Systems Audit and Control Association or any other applicable background for the audit of information systems.

NICE TO HAVE:
M365 Security experience
AI Security
Cloud Containers