Posted Jul 10, 2026

Must be WI Resident Only || Security Analyst II (Compliance) || Will consider H1B Transfer***NoC2C

Apply Now
POSITION SUMMARY –Security Analyst II (Compliance) Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions across the Wisconsin Department of Correction (DOC). Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability. This position assesses, documents, and provides guidance to other IT staff and non-IT areas on how to align IT operational and technology processes based on information technology risk assessments and/or with regulatory compliance/audit functions. This position will also provide support in detecting, analyzing, and responding to cybersecurity threats, participating in forensic investigations, and contributing to ongoing vulnerability management efforts. The role may also include supporting cloud security initiatives, assisting with tabletop exercises, and developing security response procedures. The incumbent will work collaboratively with internal stakeholders across DOC, as well as external partners including the Department of Administration’s Division of Enterprise Technology (DOA/DET). The role will utilize a variety of enterprise security tools and platforms. This position may be assigned to focus areas such as incident response, phishing mitigation, threat detection, security awareness, vulnerability scanning, or forensic analysis, depending on organizational needs. The analyst will represent the DOC Information Security Section (ISS) team in technical discussions, project work, and collaborative efforts to improve DOC’s cybersecurity posture. The position requires strong communication and problem-solving skills, the ability to work independently on complex tasks, and a commitment to upholding the security and privacy standards of DOC. Clients and collaborators include information technology (IT) staff, application developers, infrastructure teams, business units, vendors, and external governmental partners. The work environment is dynamic, requiring adaptability, initiative, and a proactive mindset. This position shall comply with the Department’s administrative rules and the agency’s policies and procedures including those related to the Department's overall Reentry philosophy of using evidence-based strategies, practices and programs which target an offender’s individual criminogenic needs and risk level. TIME % GOALS AND WORKER ACTIVITIE S 60% A. Support cybersecurity policy execution, operational standards, a ndgovernance activitie s.A1. Review policy, procedures, controls, and standards to ensure DOC and regulatory standards are me t.A2. Address compliance issues with IT security standards; identifying deficiencies and recommending control and risk mitigation measure s.A3. Review documentation to ensure it meets standards and applicable regulatory requirements, standards, or industry best practice s.A4. Assist with the creation of new and updates to policy, process, and technical controls to determine if they are sufficient and functioning as intende d.A5. Report on risks and mitigations as well as following up to verify that adjustments were mad e.A6. Interpret NIST or other standards to recommend and implement best practice s.A7. Contribute to the maintenance and operationalization of information security policies, procedures, and response playbook s.A8. Review new IT projects, systems, and vendor solutions for security risk, documenting and escalating concerns as neede d.A9. Provide technical consulting and security recommendations aligned with DOC standards and DOA/DET architectur e.A10. Participate in enterprise-level risk assessments and contribute data to compliance, audit, or risk reporting need s.A11. Assist in threat modeling exercises or tabletop simulations designed to improve preparedness and resilienc y.20% B. Monitor, detect, respond to, and investigate cybersecurity threats acro ssDOC’s enterprise environmen t.B1. Triage, analyze, and respond to cybersecurity alerts using current technologies and tool s.B2. Conduct forensic investigations into suspected security incidents, including phishing, account compromise, and endpoint breache s.B3. Coordinate with internal teams and DOA/DET to contain, eradicate, and recover from security incident s.B4. Analyze logs, threat intelligence, and user behavior to identify indicators of compromise (IOCs) and prevent recurrenc e.B5. Document incident response actions and create post-incident reports with recommended improvement s.B6. Participate in phishing mitigation, email threat response, and takedown coordination with third-party provider s.B7. Assist in vulnerability validation and risk triage based on vendor and tool security recommendation s.B8. Support the tuning, configuration, and enhancement of security technologies used in DOC’s environmen t.B9. Assist with employee forensics, HR/legal investigations, and eDiscovery requests through log and artifact analysi s.B10. Assist with continuous improvement of detection logic, alerts, and response workflows in current technologies and tool s.15% C. Contribute to the configuration, deployment, and lifecycle manageme ntof security technologie s.C1. Collaborate with internal teams and DOA/DET to implement, monitor, and maintain endpoint security, network protection, and access control system s.C2. Assist in the deployment or refinement of security technologies and tool s.C3. Test and validate new use cases or configurations in existing tools and platforms, reporting anomalies or conflict s.C4. Maintain technical documentation and inventories related to security tooling, integrations, and metric s.5% D. Maintain current expertise in cybersecurity tools, trends, and technique s.D1. Participate in professional development opportunities such as conferences, technical training, and webinar s.D2. Track emerging threats, vulnerabilities, and technology trends through vendor briefings, information sharing groups, and security communitie s.D3. Contribute to internal knowledge sharing and cross-training within the security tea m. KNOWLEDGE, SKILLS AND ABILIT • IESExperience in effective methods of written and oral communication, meeting facilitation, and presenting to both technical and non-technical staff appropriate to audience and scena • rioUnderstanding of NIST Cybersecurity Framework, NIST RMF, and other common security standar • ds.Experience with techniques used to establish and maintain effective working relationships with peers and custom • ersExperience in development, approval, and implementation of security documents (policies, standards, et • c.)Knowledge of information security risk activities to include risk assessments, risk registers, and risk managem • entKnowledge of state and federal laws regarding information security (Ex.HIPAA Security Rule) as well as experience with audit and compliance activities in conjunction with state and federal partners/regulators such as, but not limited to, the WI Legislative Audit Bureau and the U.S. Department of Just • iceExperience and working knowledge of common security frameworks and control theories to include current applicable NIST, CJIS, and ISO standa • rdsProficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and too • ls.Strong knowledge of threat detection, incident response, and log analysis techniqu • es.Familiarity with phishing mitigation strategies and email threat analys • is.Working knowledge of vulnerability management practices, technologies, and too • ls.Ability to analyze threat intelligence and apply it to strengthen detection and response mechanis • ms.Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fideli • ty.Excellent technical writing and documentation skills, including incident reports and playbook developme • nt.Ability to collaborate with cross-functional teams, including DOA/DET, infrastructure, and development sta • ff.Commitment to continuous learning, professional development, and information shari ng. Top Skills & Years of Experience: At least 2 years of experience required in the follow • ing:Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standa • rds.Experience and working knowledge of common security frameworks and control theories to include current applicable NIST, CJIS, and ISO stand • ardsExperience with creating and leading discussions around the implementation and artifact collection of NIST 800-53 cont • rolsProficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and to • ols.Familiarity with phishing mitigation strategies and email threat analy • sis.Incident Response Forensics and Remediation (i.e. CrowdStrike, Sandbox evaluation & detonation, Phish evaluation, Malicious Website and Malicious Intent Identificat • ion)Customer service as it pertains to security incident management and communication with end user about dangerous behav • ior.Excellent technical writing and documentation skills, including incident reports and playbook developm • ent.Ability to work independently and as part of a distributed team to achieve shared objecti ves.Nice to have ski • lls:Capability to tune and optimize SIEM rules and detection logic to reduce noise and improve fidel • ity.Strong interpersonal communication skills with the ability to explain complex topics to non-technical audien • ces.Experience working as a team member on projects to improve business ne • eds.Experience supporting endpoint, network, and cloud-based security controls in large-scale environme • nts.Demonstrated ability to adapt to emerging threats, technologies, and evolving operational ne eds.