AppSec Jobs
← Back to all jobs

State of Ohio

Security Engineer

Columbus, OHWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About State of Ohio

The Ohio Department of Education and Workforce (DEW) is the state government agency responsible for overseeing primary and secondary public education in Ohio. It serves approximately 1.7 million students and is dedicated to enhancing the quality of education across the state. The department is governed by the Ohio State Board of Education, which consists of 19 members, including both elected and appointed officials. DEW's primary responsibilities include raising student achievement, advancing connections between K-12 and postsecondary education, and creating programs that support workforce experiences. The department manages Ohio's public education system, which encompasses 611 public school districts, 49 joint vocational school districts, 348 public community schools, and 8 independent STEM schools. It also implements standardized testing as required by state and federal law. Additionally, DEW facilitates work-based learning programs that provide students with real-world experiences, linking academic and professional skills through collaboration with business and education partners.

Industry

government administration

Employees

1,000

12 engineers

Revenue

$30M

Website

Visit →

Security at State of Ohio

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • The State of Ohio's AppSec philosophy is rooted in centralized governance and strict compliance with statewide standards.
  • The focus is on 'System and Information Integrity,' requiring input validation and timely remediation of flaws based on CVSS/NVD severity ratings.
  • There is a strong emphasis on mandatory reporting and centralized coordination through DAS OISP.

Security Team

  • The State of Ohio utilizes a centralized security governance model where the DAS Office of Information Security & Privacy (OISP) serves as the central authority for statewide security.
  • Agencies maintain their own security teams but must report incidents and coordinate vulnerability remediation with OISP.
  • Matthew Hemker serves as the Interim State CISO as of December 2025.

Key Initiatives

  • Key initiatives include the coordination of statewide cybersecurity capabilities through CyberOhio and the rollout of the Application Role Management (ARM) tool to modernize application security functions at the agency level.
  • Statewide vulnerability management is governed by policy IT-20, which mandates routine scanning and remediation workflows.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.