Security Analyst III

Security Analyst III Johnson County Government USD $51.62/Hr

• USD $77.

43/Hr. remote work United States, Kansas, Olathe 111 South Cherry Street (Show on map) Apr 15, 2026 Security Analyst III Location US-KS-Olathe

ID 2026-3693

Category Computing and Information Technology Benefits Category Full Time

• Regular (Full Benefits) Remote Hybrid Salary Min USD $51.62/Hr. Salary Max USD $77.43/Hr. Organizational Unit Department of Technology and Innovation Work Schedule Monday
• Friday; 8:00am
• 5:00pm Driving Status Occasional (less than 5%) Overview A career with Johnson County Government is more than just a job, it is an opportunity to serve a diverse and expanding community in meaningful ways.

We challenge ourselves to be a different kind of government because we care deeply about our community and each other. Committed to our shared values, we provide excellent public service, seeking always to improve ourselves and our organization. We offer wonderful benefits, retirement plans, wellness incentives, a great organizational culture, and much more; be sure to explore all we have to offer here! Job Description Johnson County Government's Department of Technology and Innovation is seeking a skilled and experienced Security Analyst III to join our team. In this role, you will play a critical part in maintaining and enhancing our security posture, with a strong focus on email security and automation. Experience with Microsoft Defender for Office 365 Plan 2 and security automation workflows is highly desirable. You will lead major security initiatives, drive continuous improvement in our security practices, and safeguard our information assets by developing and enforcing robust security architecture, policies, and procedures while ensuring compliance with legal and regulatory requirements. A strong commitment to professional growth is essential, demonstrated through active participation in Johnson County's training opportunities, including specialized programs such as SANS cybersecurity courses and other professional development resources. This position is currently eligible to work in a hybrid work environment with both onsite and remote work. Residency within the Kansas City-Overland Park-Kansas City, MO-KS Combined Statistical Area, which generally includes the Kansas counties of Johnson, Wyandotte, Leavenworth, Miami, and Linn, and the Missouri counties of Jackson, Clay, Platte, Cass, and Ray, is required. First review of applications will begin on April 23, 2026. Position will remain open until filled. Key Responsibilities Strengthen the county's security posture through technology evaluation and process improvement. Optimize Microsoft Defender for Office 365 Plan 2 capabilities, including advanced threat protection, phishing detection, and automated investigation and response, to enhance email security posture. Develop and maintain security automation workflows to streamline vulnerability management and incident response using tools such as custom scripting, Microsoft Defender for Office 365 Plan 2, and

SIEM/SOAR

platforms. Lead and execute web application penetration tests, identifying vulnerabilities in custom and third-party applications, and working with development teams to remediate findings. Conduct and analyze vulnerability scans and penetration tests across infrastructure and applications. Collaborate with other teams within the Department of Technology and Innovation to standardize and improve security processes across all business units. Conduct reporting and auditing of Identity and Access Management. Identify and analyze current and evolving threats and vulnerabilities, especially those targeting web applications. Ensure compliance of enterprise IT architecture with federal health, privacy, and financial regulations. Conduct comprehensive risk assessments of the current environment and proposed changes to the hardware and software stack to identify potential security vulnerabilities and ensure alignment with organizational security standards. Develop and document security policies and procedures aligned with industry best practices and emerging threats. Lead security projects, including the deployment of new technologies and tools for application security testing. Analyze and respond to security incidents, advisories, and alerts. Promote secure development practices and provide guidance to developers on secure coding. Work with end users to address business functionality needs while ensuring secure methodologies. Train end users and promote security awareness for improved system security and efficiency. Monitor and manage security-related contracts and tools. Utilize forensic tools for data collection and incident response. Participate in on-call rotation. Job Requirements Required Experience Bachelor's degree in Information Technology or relevant field

• 8+ years of experience in information technology. 5+ years of experience in information security, including risk analysis and management.
• Experience may be substituted for education.

Education may be substituted for experience. Licenses and Other Requirements Valid driver's license required

Special Knowledge and Skills Needed:

Analytical skills, including the ability to research, interpret data, conceptualize data, analyze information, and write formal recommendations based on findings. Hands-on experience with Microsoft Defender for Office 365 Plan 2, including configuration, policy management, and automated investigation and response. Demonstrated ability to design and deploy automated security workflows for incident response and vulnerability remediation. Experience in threat hunting using SIEM and EDR tools on Windows and Unix systems. Comprehensive understanding and substantive experience in network systems engineering, computing systems and software applications. Demonstrated expertise in web application penetration testing, including manual and automated testing techniques, OWASP Top 10, and secure development lifecycle practices. Experience with tools such as Burp Suite, OWASP ZAP, Metasploit, and custom scripts for web app testing. Comprehensive understanding and substantive experience in network systems engineering, computing systems and software applications. Experience working in a change-controlled environment. Experience working with: Network and security management software Network analysis tools Scripting languages including UNIX command line utilities Vulnerability Management tools Layer7 firewalls (NGFW) Vendor access systems Active Directory Log management tools Network Security monitor tools

Soft Skills Needed:

Strong interpersonal and collaboration skills. Curiosity and a proactive approach to problem-solving. Written communication skills, including business writing, report writing, summarizing, and editing skills. Oral communication skills, including presentations to: individuals, small groups, and large groups. Facilitation skills, including ability to use group decision making to gain commitment and/or ability to encourage participation. Preferred Qualifications 3+ years of experience driving automation initiatives to reduce manual effort and improve response times for phishing, malware, and other email-based threats. 3+ years of experience in project management. Familiarity with IT security standards (ISO, NIST) and regulatory frameworks (CJIS, HIPAA, PCI). Experience implementing security control frameworks such as the Center for Internet Security (CIS) Benchmarks and/or Security Technical Implementation Guides (STIGs) to ensure system hardening and compliance. Experience supporting Microsoft business applications (Active Directory, Exchange, Azure, Entra, Purview, Defender for Office). Experience working with SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems). Experience using network analysis tools, scripting languages including UNIX command line utilities, software vulnerabilities, exploits and malware. CISSP certification.