L&I IT Security Vulnerability Management - Journey

Join us as a Journey-Level IT Security Engineer and play a critical role in safeguarding the technology that powers our agency.

In this specialized position, you will lead configuration, implementation, and optimization of advanced security solutions that protect our systems, networks, and data, directly supporting a robust IT security program focused on maintaining confidentiality, integrity, and availability of mission‑critical resources.

• Vulnerability Management:
  • Configure vulnerability assessment tools to match agency standards and Center for Internet Security (CIS) guidelines.
  • Create, implement, and follow procedures for vulnerability scanning.
  • Perform on‑demand scans for newly implemented systems.
  • Create KPI reports and recommend enterprise mitigation strategies.
  • Analyze vulnerabilities, eliminate false positives, and articulate business impact.
  • Develop vulnerability tests, risk analysis, and security assessments.
  • Prioritize vulnerabilities and risks.
  • Identify trends and enterprise problem areas.
  • Test new systems and applications for vulnerabilities before they go live.
• Security Consulting:
  • Consult security for business areas, IT staff, and IT leadership.
  • Translate technical security concepts for audiences with varying technical understanding.
• Security Monitoring/Response:
  • Analyze, research, and assess agency risk using ITSS security defenses and services, determining appropriate response.
  • Develop, design, implement, and provide requirements to Tier 1 and Tier 2 personnel.
  • Coordinate threat containment and remediation activities with system owners.
• Manage Security Awareness Training Program:
  • Act as administrator of Phish Firewall.
  • Analyze requests for new ACLs.
  • Propose security awareness training curriculum.
  • Research and propose security training content.
• Project Management & New Solution Implementation:
  • Manage work breakdown structures and coordinate work efforts with other teams.
  • Develop, design, and implement new processes and technology to keep risks and vulnerabilities low.

• Six years of IT experience, with at least two years of IT Security experience.
• OR A bachelor’s degree in Information Technology, Information Assurance or Computer Science, plus at least two years of IT experience and at least one year of IT Security experience.
• OR An associate’s degree in Information Technology, Information Assurance or Computer Science, plus at least four years of IT experience and at least one year of IT Security experience.

• Digital Forensics
• User Management
• General Cybersecurity
• Network Security
• Security Assessments
• Desktop Security
• Identity & Access Management
• Access Control
• Security Gateway Management
• Vulnerability or Threat Management

• Certified Information Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• IT Security or Information Assurance college courses.

Teleworking and hybrid work options are available. Remote work from a state outside Washington requires approval.

Applicants wishing to claim Veterans Preference should attach a copy of their DD‑214 or equivalent and the requested verification. Do not include personally identifiable data such as social security numbers in the submission.

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. The State of Washington is an equal‑opportunity employer. Persons with a disability who need accommodation have various options for assistance.