Incident Response Analyst I (Information Systems Analyst I, Opt. S)

About The Position

Requirements

• Requires knowledge, skill, and mental development equivalent to four (4) years of college with coursework in computer science or directly related fields.
• Requires one (1) year of professional experience in System Services or a related Information Technology field.
• Requires one (1) year of professional experience working within or in direct support of a Security Operations Center (SOC), with responsibilities including incident detection, triage, coordination, containment, and recovery in alignment with frameworks such as NIST SP 800-61 or MITRE ATT&CK .
• Requires one (1) year of professional experience utilizing a Security Information and Event Management (SIEM) platform (e.g., Splunk, QRadar, and LogRhythm) to analyze logs, tune alerts, and detect security threats.
• Requires one (1) year of professional experience working with Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, and Microsoft Defender for Endpoint) to investigate and remediate endpoint threats.
• Requires one (1) year of professional experience in detection engineering and threat hunting, including the development of custom detection rules and proactive identification of anomalous behavior.

Nice To Haves

• One (1) year of professional experience working within or in direct support of a Security Operations Center (SOC), with responsibilities including incident detection, triage, coordination, containment, and recovery in alignment with frameworks such as NIST SP 800-61 or MITRE ATT&CK.
• One (1) year of professional experience utilizing a Security Information and Event Management (SIEM) platforms (e.g., Splunk, QRadar, and LogRhythm) to analyze logs, tune alerts, and detect security threats.
• One (1) year of professional experience working with Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint) to investigate and remediate endpoint threats.
• One (1) year of professional experience in detection engineering or threat hunting, including the development of custom detection rules and proactive identification of anomalous behavior.
• One (1) year of professional experience utilizing sandbox environments (e.g., Cuckoo Sandbox, Any.Run, or Joe Sandbox) to analyze potentially malicious files, URLs, or malware behavior.
• One (1) year of professional experience utilizing network protocols and tools (e.g., Transmission Control Protocol and Internet Protocol (TCP/IP), Remote Desktop Protocol (RDP), Dynamic Host Configuration Protocol (DHCP), directory services (e.g., Domain Name System (DNBS), pint, or traceroute.) to investigate network-based threats.
• Ability to analyze data logically and exercise sound judgement in defining and evaluating problems of an operational or procedural nature.
• Ability to gain and maintain effective working relationships with associates, vendors, clients, and cross-functional teams to resolve security incidents.
• Developed verbal and written communication skills to present technical information clearly and precisely to diverse audiences, including business users, development teams, and agency executives.
• Certification(s) in one or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), EC-Council Certified Ethical Hacker (CEH), Security+, or SANS Institute courses (e.g., SEC401 or SEC450) or other comparable cybersecurity trainings, classes, or certifications.

Responsibilities

• Under general direction, serves as an Incident Response Analyst I for the Department of Innovation & Technology (DoIT), performing difficult and specialized system services incident response work by responding to major cyber incidents utilizing established policies, standards and procedures and determining and preventing unauthorized access or destruction of network information.
• Serves as a recipient of information security and cyber-security vulnerability and threat information from information systems and sources including but not limited to information system vulnerability monitoring tools, the Illinois Statewide Terrorism Intelligence Center (STIC), software and hardware vendors, and internal security personnel and assists detection engineering.
• Provides guidance to agency security officers, security managers, other security personnel, and agency personnel on trending threats and vulnerabilities.
• Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
• Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Benefits

• Competitive Group Insurance benefits including health, life, dental and vision plans.
• Flexible work schedules (when available and dependent upon position).
• 10 -25 days of paid vacation time annually (10 days for first year of state employment).
• 12 days of paid sick time annually which carryover year to year.
• 3 paid personal business days per year.
• 13-14 paid holidays per year dependent on election years.
• 12 weeks of paid parental leave.
• Pension plan through the State Employees Retirement System.
• Deferred Compensation Program - voluntary supplemental retirement plan.
• Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP).
• Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility.