Roles and Responsibility:
Security Analyst as part of the Client Security Operations Center responsible for continuously monitoring and analyzing security events and alerts from various sources, such as endpoint detection and response (EDR) systems, security information and event management (SIEM) systems, and cloud security controls to identify threats to State data or systems, and coordinate incident response functions
Investigates and analyzes incidents, determines impacts, and takes appropriate actions toward mitigations
Follows incident response procedures, coordinates with other teams and documents incidents
Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
Perform analysis of log files from a variety of sources to identify possible threats to network security
Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Cybersecurity Incident Response Teams (CIRTs)
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
Track and document cyber defense incidents from initial detection through final resolution
Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies
Experience Required:
Two (2) years of experience in two or more the following areas:
Local/wide area network design or support
Education Required:
An associate degree in Information Technology, or CompTIA Security+ Certification