Information Security Analyst 1

Job ID: 08815
Location: Dover, DE  [On-Site]
Employment Type: Contract

Apply Now

Fill out the form below to submit your information for this opportunity. Please upload your resume as a doc, pdf, rtf or txt file. Your information will be processed as soon as possible.

(Word, PDF, RTF, TXT)
* Required field.

Title: Information Security Analyst 1 (ISA1)

Interviews: Virtual via teams (please make sure you candidates are in a well light room and have their camera on)

Onsite:100%

Senior Security Engineer 

This role requires a highly skilled and experienced cloud security professional with a deep understanding of securing 

cloud workloads, tools and services. A strong preference would be given to candidates with prior Zero Trust Network 

Access (ZTNA) principles and a proven track record of implementing and managing secure cloud environments across 

multiple platforms. The ideal candidate will possess a strong combination of technical expertise and operational 

leadership. A candidate that brings strong experience in GCP cloud services to the state’s multi-cloud program would be 

desired. 

I. Core Technical Skills & Experience

Zero Trust Network Access (ZTNA): The candidate must have extensive experience in ZTNA engineering and automation, 

ensuring secure, scalable, and policy-driven access control. This includes architecting and approving ZTNA 

configurations, implementing identity-aware segmentation, enforcing least privilege access policies, and leading the 

transition from traditional VPNs to ZTNA solutions. A deep understanding of NIST 800-207 and Zero Trust Architecture 

best practices is essential, along with hands-on experience with ZTNA technologies, particularly Zscaler.

Cloud Platform Expertise: The candidate must demonstrate a comprehensive understanding of cloud security platforms 

and Infrastructure As A service (IAAS) solution providers like Google, Amazon and Microsoft. This includes in-depth 

knowledge of each provider's security services (e.g., IAM, security centers, firewalls, key management, logging, and 

monitoring tools), as well as the ability to design and implement secure cloud architectures. The candidate should be 

well-versed in cloud-native security controls, security posture management (CSPM) tools, and best practices for ensuring 

compliance with relevant security frameworks (NIST, ISO, SOC 2).

Identity and Access Management (IAM): Working knowledge of IAM concepts and best practices is crucial, with specific 

experience in Okta preferred. The candidate should be proficient in implementing least privilege access controls, 

federation, single sign-on (SSO), and other IAM solutions across multiple cloud platforms.

Security Automation and Orchestration: The candidate should possess a strong understanding of automation pipelines 

and experience with scripting and automation tools such as Python, Terraform, CloudFormation, and Azure Resource 

Manager. The ability to automate security tasks and processes, as well as experience with Security Orchestration, 

Automation, and Response (SOAR) platforms, is highly desirable.

Security Monitoring and Incident Response: Experience with Security Information and Event Management (SIEM) 

logging and analysis is essential, along with an understanding of Endpoint Detection and Response (EDR) and Extended 

Detection and Response (XDR) concepts. The candidate must be capable of analyzing security logs and alerts, conducting 

threat hunting, and participating in incident response procedures and methodologies.

Security Policy, Compliance, and Governance: A working knowledge of current security policies, federal and state 

compliance regulations, and governance standards is necessary. The candidate should be able to implement security 

controls to meet compliance requirements and have experience with cloud-specific compliance frameworks like 

FedRAMP.

Data Security: The candidate must demonstrate an understanding of data classification standards and experience with 

data loss prevention (DLP) configurations.

Network Security: A deep understanding of modern networking standards, including Zero Trust principles, is crucial. The 

candidate should have extensive experience with network security concepts and technologies, including firewall 

management, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, routing and switching 

protocols, network traffic analysis, and network security tools (e.g., Wireshark, tcpdump). Experience with Network 

Access Control (NAC), DNS security, load balancers, and web application firewalls (WAFs) is also highly desirable.

Endpoint Security: The candidate should possess an understanding of endpoint security concepts and technologies.

II. Soft Skills & Experience

Leadership and Communication: The candidate should be able to lead and mentor junior security engineers, possess 

excellent communication and presentation skills, and effectively explain complex technical concepts to non-technical 

audiences.

Problem-Solving and Critical Thinking: Strong analytical and problem-solving skills are vital, along with the ability to 

think critically and strategically, anticipate security risks, and develop effective mitigation strategies.

III. Education and Certifications (Preferred)

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.

• Relevant certifications (e.g., CISSP, CCSP, AWS Certified Security – Specialty, Google Cloud Certified Professional 

Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate).

IV. Experience Level

• Minimum of 7-10 years of experience in information security, with a focus on cloud security and ZTNA.

• Significant experience with GCP, AWS, and/or Azure.

• Demonstrated experience in implementing and managing ZTNA solutions

Required skills:

  • The candidate must have extensive experience in ZTNA engineering and automation,
  • Experience with Security Information and Event Management (SIEM)
  • The candidate must demonstrate an understanding of data classification standards and experience with data loss prevention (DLP) configurations.
  • The candidate should possess an understanding of endpoint security concepts and technologies.
  • Strong analytical and problem-solving skills are vital, along with the ability to think critically and strategically, anticipate security risks, and develop effective mitigation strategies.