Web Security Analyst (Information Systems Specialist 7)

Initial Posting Date:

01/27/2025

Application Deadline:

02/09/2025

Agency:

Secretary of State

Salary Range:

$7,013 - $10,602

Position Type:

Employee

Position Title:

Web Security Analyst (Information Systems Specialist 7)

Job Description:

LOCATION: Salem, OR

In-state remote work is available for this position with supervisor approval.

See definition and requirements of remote work for the Oregon Secretary of State’s Office: Remote work with the Secretary of State’s Office

SALARY:

$7,013 - $10,602/per month Non-PERS Rate

$7,435 - $11,239/per month PERS Rate

WHAT YOU WILL DO:

The primary purpose of the Web Security Analyst position is to protect our web applications and ensure they are developed and maintained with security in mind. You’ll assess application vulnerabilities and collaborate with teams to promote secure development practices and manage tools to safeguard against emerging threats.

This is accomplished in part, but not limited to:

• Operate and manage our dynamic and static application scanning tools to automate the detection of vulnerabilities.

• Detect security related business logic errors in applications.

• Monitor and analyze security systems and logs for suspicious activity or breaches.

• Collaborate closely with development teams to implement and promote secure coding practices.

• Assist in the configuration and management of our web application firewall to protect against web-based attacks.

• Contribute to the development and maintenance of security policies, standards, and guidelines.

• Stay current on emerging web application security threats, vulnerabilities, and best practices, integrating this knowledge into ongoing development and security efforts.

• Work collaboratively across teams to foster a culture of security awareness and continuous improvement.

For explicit duties, please request a copy of the position description from HR.SOS@SOS.oregon.gov.

TO QUALIFY:

Studies have shown that women and people of color are less likely to apply for jobs unless they meet every one of the qualifications listed.  We are most interested in finding the best candidate for the job, and that candidate may be one who comes from a less traditional background.  We would encourage you to apply, even if you don't meet every one of our desired qualifications listed. 

Your application must demonstrate education and/or experience in the following:

a) Six (6) years of information systems experience in web application security.*
OR

(b) An Associate's degree** or higher in Computer Science, Information Technology, or related field, OR completion of a two (2) year accredited vocational training program in information technology or related field;
AND
four (4) years of information systems experience in web application security.*

OR

(c) A Bachelor's degree** in Information Technology, Computer Science, or related field
AND
two (2) years of information systems experience in web application security.*

OR

(d) Master's degree** in Information Technology, Computer Science, or related field
AND
one (1) year of information systems experience in web application security.*

*Web Application Security experience must include:

• Experience conducting vulnerability assessments on web applications.

• Knowledge of how web applications handle requests and response, including GET/POST methods, headers, cookies, and session management.

• Strong understanding of web application protocols and common vulnerabilities including the OWASP Top 10.

• Experience with tools such as Burp Suite, Zap, Fiddler, Nessus, Qualys, or similar.

• Knowledge of analyzing logs from web servers (e.g. Apache, IIS)

As the most competitive candidate, your application will demonstrate the following requested skills and experience:​

• Experience integrating security practices into CI/CD pipelines.

• Expertise in troubleshooting complex web application issues in a hybrid cloud environment. 

• Strong interpersonal skills with effective collaboration with IT development teams to resolve security issues.  

Preference may be awarded to candidates that have an active CompTia Security+, GIAC Security Essentials, GIAC GWAPTor other comparable certifications or are eligible to sit for CompTia Security+, GIAC Security Essentials, GIAC GWAPT or other comparable certifications.

  

If you are unsure whether you meet the qualifications of this position, please feel free to contact us to discuss your application.

HOW TO APPLY:

• Click apply

• Upload your resume

• Complete job history and education sections to clearly demonstrate how you meet minimum qualifications for the position

• Complete application questionnaire

• Submit your finalized application

• Complete additional inbox questionnaires on confidentiality and veteran status

• Check back periodically for additional actions

Please note: you must attach your resume to your application and complete the job history and education sections of the application. Failure to submit the required materials will remove your application from consideration.

ABOUT THE AGENCY:

The Oregon Secretary of State is one of three constitutional offices created at statehood. As an independent constitutional officer, the Secretary of State answers directly and solely to the people of Oregon.

The Secretary of State employs approximately 245 full-time, part-time, and temporary employees. The Secretary oversees the functions of seven program divisions: Archives, Audits, Corporation, Elections, Business Services, Information Systems, and Human Resources.

OUR MISSION:

Build trust between the people of Oregon and our state government so that public services can make a positive impact in peoples’ lives.

OUR VISION:

We envision an Oregon without barriers, where we lead with our values and believe every voice should be heard. We do so by:

• Building equitable access to our democracy.

• Making tools easily available to achieve economic success.

• Ensuring state resources are used sustainably, efficiently and accountable to the public.

• Honestly acknowledging Oregon’s history.

OUR VALUES:

Access for all

We elevate equity through identifying and actively eliminating barriers. 

Authenticity

We have integrity and are honest and true to ourselves and others.

Clarity 

We share stories, using plain language to increase understanding and impact.

Respect

We are committed to serving the people of Oregon and strive to understand all viewpoints. 

Service

We are responsive and prioritize the needs of current and future Oregonians we serve. 

For more information about the Oregon Office of Secretary of State, please visit: State of Oregon: Oregon Secretary of State - Home

WHAT’S IN IT FOR YOU:

• Family Friendly Work Life Balance (paid time off, 12 holidays, 3 personal days, short and long term disability benefits)

• Take Care of Yourself and Your Family (comprehensive employee benefits, choice of medical plans, vision plan, life insurance, child care flexible spending account, employee assistance program)

• Celebrate Uniqueness: Diversity and inclusion are cornerstones of our values. We recognize that diversity and inclusion are critical to developing a talented, high-performing workforce and are committed to providing a supportive work environment in which all of our employees can thrive and reach their full potential. We strive to maintain a culture that attracts, develops and retains a diverse workforce that closely mirrors the residents of our community. We learn from and respect the cultures in which we operate and value the uniqueness of individual talents, experiences and ideas.

• Invest in Your Future: (Pension plan, deferred comp, short and long term disability plan, flexible spending accounts for healthcare and dependent care)

• Be Appreciated (employee recognition events, agency unique employee recognition program allowing for additional leave options such as vacation buy-out and sick leave roll-over, dynamic employees doing impactful work)

• ADA: At the Secretary of State, we value community and foster a sense of belonging for our employees

See our current job listings and internship opportunities, compensation, and benefits here: Careers with the Secretary of State.

ADDITIONAL INFORMATION:

• Additional applicant screening will depend on the number of qualified applications received. Screening may include skills testing, the results which may be used as part of the applicant evaluation process.

• Candidates whose background most closely matches the qualifications and required/requested skills of this position will be invited to an interview.

• Successful candidates must pass a criminal history check. Adverse background data may be grounds for immediate disqualification.

• Eligible veterans who meet the qualifications will be given veterans' preference.  For further information, please see the following website: Veteran Resources.  You may also call the Oregon Department of Veterans' Affairs at 1-800-692-9666.

• The Secretary of State does not offer VISA sponsorships. Within three days of hire, you will be required to complete the US Department of Homeland Security's I-9 form confirming authorization to work in the United States.

• The salary listed is the non-PERS qualifying salary range. If the successful candidate is PERS qualifying, the salary range will reflect the additional 6%.

QUESTIONS?

For additional information you may contact us at HR.SOS@SOS.oregon.gov.

The Oregon Secretary of State is an equal opportunity, affirmative action employer committed to a diverse workplace.