IT Security Analyst (IT Security - Senior/Specialist)

WSLCB Vision Safe communities for Washington State. Mission Promote public safety, public health and trust through fair administration, education, and enforcement of liquor, cannabis, tobacco, and vapor laws. This recruitment will close on December 22nd, 2025, please submit an application on or before December 21st, 2025. The hiring authority reserves the right and may exercise the option to make a hiring decision at any time. We encourage all to apply as early as possible. This position is currently eligible to telework. This position is expected to work in the office up to 2 days a week, there is some flexibility with this requirement. Who we are The mission of the Washington State Liquor and Cannabis Board (WSLCB) is to promote public safety and trust through fair administration, education and enforcement of liquor, cannabis, tobacco, and vapor laws. At the WSLCB we pride ourselves on creating the "wow" factor in everything we do. We search for people who demonstrate a strong work ethic, excellence in customer service, partnering and teamwork, and quality performance. We strive to be a great place to work by fostering a safe, open, inclusive and healthy work environment. We want to ensure that our organization is as diverse and inclusive as our great State of Washington. We want to create a culture that fosters excellence in customer service, open and honest communication, transparency and accountability, data driven decisions, and business initiated process improvement. Your opportunity at a glance The WSLCB Information Technology Services Division is announcing an exciting opportunity for an IT Security Analyst (IT Security - Senior/Specialist) position in Olympia, WA. This position reports directly to the Chief Information Security Officer (CISO) in the WSLCB's Information Technology Services Division. The position serves and complements the WSLCB's mission and goals by managing a security program that establishes standards and practices impacting statewide staff, a dynamic regulatory structure, and applications that collect and disperse revenue for the state. You will serve as the highest-level authority in IT security, data privacy, continuity of operations (COOP) and disaster recovery (DR) for the WSLCB. If you have an interest in efficiently and effectively building, securing, testing, maintaining, and improving security and DR/COOP solutions within infrastructure, applications, and databases that support the agency’s mission, goals, and purpose as well as collaborating with cross-agency, cross-divisional, and cross-disciplinary teams to identify and implement improvements to our security architecture and drive accountability for secure technical standards down to every level within the agency and division, we encourage you to apply to be a part of the WSLCB team! WSLCB provides a modern work environment and excellent benefits including: • A comprehensive benefits package (but not limited to Medical/Dental/Vision, Long Term Disability, Life Insurance etc.) • Paid Vacation, Leave, and Holidays • Tuition Waiver (in courses at state universities/colleges on a space availability basis - all or a portion of the tuition/fees may be waived for state employees) • Tuition reimbursement (courses taken with prior approval in order to further employee’s career development with the WSLCB) • Training and career development programs (including online courses and LinkedIn Learning) • A healthy work/life balance (this may include flexible/alternative work schedules and telework/remote work opportunities, when possible) • Employee Assistance Program- confidential program created to promote the health, safety and well-being of public service employees • Generous wellness program (we offer reimbursements for certain fitness related activities) • Onsite exercise facility (for employees working at WSLCB Headquarter Building in Olympia) • Infants at Work Program to promote parent and infant bonding, parental well-being and healthy infant development. Depending on your job duties, work location and supervisor approval, eligible employees who are new mothers, fathers or legal guardians can bring their infant (six weeks to six months) when they return to work • Free parking Some of the duties you will perform are: • Lead Vulnerability and Threat Management strategic planning and roadmap development for agency-wide cybersecurity initiatives. • Conduct comprehensive vulnerability assessments across enterprise applications, hardware, network infrastructure, cloud services, and critical systems to ensure compliance with agency security policies, Washington State standards, and applicable regulatory frameworks. • Lead vulnerability remediation and risk mitigation efforts by collaborating with infrastructure teams, application development groups, cloud operations, and business unit stakeholders to implement effective and sustainable corrective actions. • Lead threat management efforts by correlating security telemetry, threat intelligence, and environmental context to identify emerging attack patterns, assess risk exposure, and prioritize response actions. • Detect and respond to advanced cybersecurity threats through real-time monitoring, behavioral analysis, and automated alerting to rapidly contain incidents and minimize operational impact. • Conduct proactive threat hunting and in-depth log analysis using available tools to identify indicators of compromise, anomalous behavior, lateral movement attempts, and potential vulnerabilities within the agency's environment prior to incident escalation. • Serve as a senior incident responder, performing forensic investigation, evidence preservation, root cause analysis, comprehensive documentation, and coordination of remediation efforts with impacted teams. • Lead comprehensive internal security risk assessments to identify, evaluate, and mitigate technology-related risks affecting agency systems, data, and operations. • Conduct quantitative and qualitative risk analyses to support data-driven decision-making by IT leadership and executive management. • Lead formal Security Design Reviews in collaboration with enterprise architects, development teams, and cybersecurity staff to ensure new systems, applications, and infrastructure align with Agency and WaTech enterprise security architecture standards, policy requirements, and secure design principles throughout planning, development, and implementation phases. • Manage the tracking, coordination, and remediation of security audit findings resulting from external assessments, compliance reviews, and regulatory examinations. • Lead agency-wide Governance, Risk, and Compliance (GRC) initiatives, providing senior-level technical expertise to strengthen cybersecurity oversight, accountability, and risk management practices across the organization. • Drive the development and refinement of cybersecurity policies, procedures, and standards, ensuring they remain aligned with Washington State requirements, evolving threat landscapes, and operational realities. Required Qualifications: Experience for required qualifications can be gained through various combinations of formal professional employment and educational experience. See below for how you may qualify. Option 1: Seven (7) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis. AND At least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management. AND At least 2 years of working knowledge of MS Sentinel(SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and Risksense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar. AND Familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to Cybersecurity within the agency. Option 2: An Associate’s degree in an IT program or closely related field. AND Five (5) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis. AND At least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management. AND At least 2 years of working knowledge of MS Sentinel(SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and Risksense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar. AND Familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to Cybersecurity within the agency. Option 3: A Bachelor’s degree or above in an IT program or closely related field. AND Three (3) years of professional experience in one or more of the following IT disciplines: IT security, firewall administration, vulnerability management, penetration testing, server administration, network administration, or systems analysis. AND At least 1 year experience in at least two of the following: Security Assessments, Vulnerability Scanning, Firewall Management, Intrusion Detection/Prevention, Security Reviews, Threat hunting, or IT Project Management. AND At least 2 years of working knowledge of MS Sentinel(SEIM), BlueVoyant (MDR), Microsoft Defender for endpoint, Securin ASM and Risksense, CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar. AND Familiarity with Washington State Security Policies, NIST Framework, CJIS, and other regulatory frameworks relevant to Cybersecurity within the agency. ALSO The following professional IT certifications can substitute 1 year of experience for each certificate: CISSP, CISM, CEH, GIAC, CompTIA Security+, CC or similar. Preferred/Desired Qualifications: • CISSP - Certified Information Systems Security Professional Certification. • Working level knowledge of Cloud, MS Azure, and Google. • Experience with Security Tools not listed above (e.g., Splunk, CrowdStrike, Tenable, Qualys, Palo Alto, Fortinet) If you are excited about this role but not sure if your experience aligns perfectly with every qualification in the job description, we encourage you to apply. At the Washington State Liquor and Cannabis Board, we are dedicated to building a diverse and authentic workplace centered in belonging. You may just be the needed candidate for this or other roles. HOW TO APPLY PLEASE READ THE FOLLOWING INFORMATION CAREFULLY TO ENSURE YOU HAVE SUBMITTED THE REQUIRED MATERIALS TO BE CONSIDERED. IMPORTANT: To be considered for this position, you MUST include the following, failure to do so will result in your application being disqualified: • Completed online application. • Current Resume. • Letter of Interest describing how you meet the specific qualifications for the position. • Three professional references to include a current or recent supervisor with email addresses and phone numbers. • *A resume will not substitute for completing the "work experience" section of the application. The information provided in your application and supplemental questionnaire must support your selected answers in the supplemental questions. Responses not supported in your application will disqualify you for consideration of employment from this recruitment. Prior to a new hire, a background check including criminal record history will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position. Other Applicants for employment with the Washington State Liquor and Cannabis Board should also be aware of RCW 66.08.080, which states in part: "No employee of the board shall have any interest, directly or indirectly, in the manufacture of liquor sold under this title, or derive any profit or remuneration from the sale of liquor, other than the salary or wages payable to him in respect of his office or position, and shall receive no gratuity from any person in connection with such business. RCW 69.50.351, no member of the state liquor and cannabis board and no employee of the state liquor and cannabis board shall have any interest, directly or indirectly, in the producing, processing, or sale of cannabis, useable cannabis, or cannabis-infused products, or derive any profit or remuneration from the sale of cannabis, useable cannabis, or cannabis-infused products other than the salary or wages payable to him or her in respect of his or her office or position, and shall receive no gratuity from any person in connection with the business. The Washington State Liquor and Cannabis Board is an equal opportunity employer and encourages applications from job seekers with diverse backgrounds. Honoring diversity, equity and inclusion means that as an agency, and as individuals, we are committed to ensuring that all employees enjoy a respectful, safe, and supportive working environment. All qualified applicants will receive consideration for employment without discrimination based on sex, race, creed, religion, color, national origin, age, honorably discharged veteran or military status, sexual orientation including gender expression or identity, the presence of any sensory, mental, or physical disability, or the use of a trained dog guide or service animal by a person with a disability. You are welcome to include your name and gender pronouns in your application, to ensure we address you appropriately throughout the application process. For questions about this recruitment, or to request reasonable accommodation in the application process, please email hrjobs@lcb.wa.gov or call (360) 664.1674For TTY service, please call the Washington Relay Service at 7-1-1 or 1-800-833-6384. Apply tot his job Apply To this Job