• Security Analyst - ITS3

    State of Minnesota (St. Paul, MN)


    Working Title: Security Analyst

     

    Job Class: Information Technology Specialist 3

    Agency: Minnesota IT Services

    + **Job ID** : 89875

    + **Location** : St. Paul

    + **Telework Eligible** : Yes #LI-Hybrid

    + **Full/Part Time** : Full-Time

    + **Regular/Temporary** : Unlimited

    + **Who May Apply** : Open to all qualified job seekers

    + **Date Posted** : 10/29/2025

    + **Closing Date** : 11/5/2025

    + **Hiring Agency/Seniority Unit** : Minnesota IT Services

    + **Division/Unit** : Enterprise Security Office

    + **Work Shift/Work Hours** : Day Shift

    + **Days of Work** : Monday - Friday

    + **Travel Required** : No

    + **Salary Range:** $33.38 - $54.87 / hourly; $69,697 - $114,568 / annually

    + **Job Class Option** : Information Security

    + **Classified Status** : Classified

    + **Bargaining Unit/Union** : 214 - MN Assoc of Professional Empl/MAPE

    + **FLSA Status** : Nonexempt

    + Designated in Connect 700 Program for Applicants with Disabilities (https://mn.gov/mmb/careers/diverse-workforce/people-with-disabilities/connect700/) : Yes

     

    The work you'll do is more than just a job.

     

    At the State of Minnesota, employees play a critical role in developing policies, providing essential services, and working to improve the well-being and quality of life for all Minnesotans. The State of Minnesota is committed to equity and inclusion, and invests in employees by providing benefits, support resources, and training and development opportunities.

     

    Join the 2,800+ professionals of Minnesota IT Services (https://mn.gov/mnit/about-mnit/careers/) (MNIT) who connect Minnesotans to services that will improve their lives. This position will be part of the Enterprise Security team, which embeds security protection statewide.

     

    The Application Security Analyst strengthens the security of software systems and supports program integrity by integrating security throughout the software development lifecycle (SDLC) and developing fraud-detection analytics for benefit programs. This role improves the security posture of applications, reduces vulnerabilities, prevents fraud, and ensures compliance with state and federal standards — protecting sensitive data and public resources.

    Primary Responsibilities

    Integrate security into each phase of the SDLC and promote secure coding practices with development teams.

    Develop fraud-detection controls, risk indicators, and analytic queries to identify suspicious behavior across applications and logs.

    Conduct code reviews, vulnerability scans, and remediation coordination with developers and vendors.

    Ensure alignment with required security standards and regulations, documenting compliance evidence and resolving gaps.

    Automate security testing and monitoring through CI/CD tools, scripts, and platform integrations.

    Collaborate across teams (developers, QA, security, vendors, and program staff) to embed security controls and reduce fraud risks.

    Produce dashboards, reports, and documentation to support investigations, audits, and security decision-making.

    Deliver security guidance and training that improves secure development awareness and reduces recurring vulnerabilities.

    **This position requires an employee to be onsite at Saint Paul, Minnesota at least 50% of the time, with some opportunity to perform work from a telework location.** Telework (https://mn.gov/mmb-stat/policies/1422-telework.pdf) for Minnesota IT Services is available on a limited basis. Employees will be required to meet current telework eligibility requirements.

    Minimum Qualifications

    Candidates must clearly demonstrate all of the following qualifications in their resume.** Resume tips here. (https://mn.gov/mnit/about-mnit/careers/hiringprocess.jsp) **:

     

    Position requires a minimum of four (4) years of IT related experience in application security, secure software development, or fraud detection and analytics within enterprise systems.

    Experience must include:

    + Hands-on experience implementing security practices in the Software Development Life Cycle (SDLC), including secure coding, code review, or security testing.

    + Experience with vulnerability identification and remediation (such as SAST, DAST, code review, or dependency scanning).

    + Experience collaborating with developers, IT staff, or security teams to resolve security findings or improve application security controls.

    + Experience with security standards, frameworks, or compliance requirements (such as NIST, OWASP, IRS Pub 1075, HIPAA, or similar).

    + Ability to deliver effective verbal or written messages that facilitate a mutual understanding on both parties.

    + Customer service skills that include active listening, empathy, and problem-solving.

    A master’s degree in Information Technology or an IT related field substitutes for three (3) years of experience, OR an IT related bachelor’s degree substitutes for two (2) years, OR an IT related associate’s degree substitutes for one (1) year.

    Preferred Qualifications

    + Experience with fraud analytics, program integrity, or monitoring for anomalous behavior in benefit or transactional systems.

    + Experience with secure development practices in modern application platforms (e.g., .NET, Java, or cloud-native architectures).

    + Experience integrating security tools into CI/CD pipelines or using automation for security monitoring or testing.

    + Experience with business intelligence or reporting tools (such as Power BI, Tableau, or similar).

    + Experience working with relational databases and writing analytic or investigative queries (e.g., SQL) to detect anomalies or suspicious behavior.

    + Knowledge of cloud security principles (Azure, AWS, or similar).

    + Strong communication skills with the ability to explain threats, risks, and remediation steps to both technical and non-technical audiences.

    + Relevant certifications such as CSSLP, CISSP, CEH, GIAC, or CFE.

    Additional Requirements

    It is the policy of Minnesota IT Services that a successful candidate must pass all legally required checks prior to employment which may consist of the following:

    SEMA4 Records Check (applies to current and past state employees only)

     

    Criminal History Check

     

    Reference Check

     

    Social Security and Address Verification

    Education Verification

    CJIS Background Check

     

    Other legally required checks

     

    Minnesota IT Services does not participate in E-Verify. Minnesota IT Services will not sponsor applicant for work visas, including F-1 STEM OPT extensions. All applicants must be legally authorized to work in the United States.

    AN EQUAL OPPORTUNITY EMPLOYER

    Minnesota State Colleges and Universities is an Equal Opportunity employer/educator committed to the principles of diversity. We prohibit discrimination against qualified individuals based on their race, sex, color, creed, religion, age, national origin, disability, protected veteran status, marital status, status with regard to public assistance, sexual orientation, gender identity, gender expression, or membership in a local commission as defined by law. As an affirmative action employer, we actively seek and encourage applications from women, minorities, persons with disabilities, and individuals with protected veteran status.

     

    Reasonable accommodations will be made to all qualified applicants with disabilities. If you are an individual with a disability who needs assistance or cannot access the online job application system, please contact the job information line at 651-259-3637 or email [email protected] . Please indicate what assistance is needed.