Security Analyst

Roles and Responsibility:

Security Analyst as part of the Client Security Operations Center responsible for continuously monitoring and analyzing security events and alerts from various sources, such as endpoint detection and response (EDR) systems, security information and event management (SIEM) systems, and cloud security controls to identify threats to State data or systems, and coordinate incident response functions

Investigates and analyzes incidents, determines impacts, and takes appropriate actions toward mitigations

Follows incident response procedures, coordinates with other teams and documents incidents

Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation

Perform analysis of log files from a variety of sources to identify possible threats to network security

Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation

Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Cybersecurity Incident Response Teams (CIRTs)

Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

Track and document cyber defense incidents from initial detection through final resolution

Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies

Experience Required: 
Two (2) years of experience in two or more the following areas:

Local/wide area network design or support

Systems Administration

Education Required:

An associate degree in Information Technology, or CompTIA Security+ Certification