Security Operations Center (SOC) Analyst (DOA)

About The Position

Requirements

• Thorough knowledge of cybersecurity principles, incident response, and threat detection fundamentals.
• Knowledge of security tools and platforms such as SIEM (Microsoft Sentinel or Splunk), EDR/MDR (CrowdStrike Falcon, Defender for Endpoint), Proofpoint Email Protection/TAP, and Qualys VMDR.
• Knowledge of common types of cyber threats, attack vectors, and indicators of compromise (IOCs).
• Knowledge of basic networking, Windows/Linux operating systems, and log analysis concepts.
• Knowledge of vulnerability management processes, including scanning, prioritization, and remediation coordination.
• Knowledge of email security concepts such as phishing, spoofing, and attachment-based threats.
• Knowledge of compliance frameworks such as NIST CSF 2.0, NIST 800-53, and Zero Trust Architecture principles.
• Skills in monitoring and analyzing alerts from multiple security tools to identify potential threats.
• Skill in using KQL, PowerShell, or similar tools to query and extract relevant log or event data.
• Skill in correlating information from multiple systems to determine risk and incident severity.
• Skill in reviewing Proofpoint alerts and Qualys VMDR scan data to identify actionable issues.
• Skill in writing concise and accurate incident summaries and daily activity reports.
• Skill in communicating effectively with technical staff, agency partners, and non-technical audiences during incidents.
• Ability to follow established playbooks and standard operating procedures during security incidents.
• Ability to identify false positives and escalate confirmed incidents to engineering or incident response teams.
• Ability to work collaboratively with analysts, engineers, and agency IT teams to remediate vulnerabilities and strengthen defenses.
• Ability to maintain attention to detail and confidentiality in handling sensitive information.
• Ability to adapt to changing threats, technologies, and operational priorities in a fast-paced SOC environment.
• Ability to remain calm, methodical, and results-oriented during real-time security events.
• Graduation from a college or university with a bachelor’s degree in cybersecurity, computer science, information technology, or a closely related field.
• Maintain continuing education in threat detection, SOC operations, and vulnerability management.
• Employment in a cybersecurity operation, network security, or IT systems administration environment, with experience using SIEM, endpoint protection, email security, or vulnerability management tools.
• Or, any combination of education and experience that shall be substantially equivalent to the above education and experience.

Nice To Haves

• Possession of one or more of the following certifications, or the ability to obtain within a reasonable period after appointment: Microsoft Certified: Security Operations Analyst Associate (SC-200), GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA), Qualys Certified Vulnerability Management Specialist (VMDR), Proofpoint Certified Email Protection Administrator, CompTIA CySA+ (Cybersecurity Analyst) or CompTIA Security+, GIAC Security Essentials (GSEC) or GIAC Enterprise Defender (GCED), or equivalent IT security certification(s).
• Participation in cyber defense exercises, vendor training, and statewide cybersecurity initiatives is encouraged to support ongoing professional growth and operational readiness.

Responsibilities

• Monitor, investigate, and respond to cybersecurity events within the State’s Security Operations Center (SOC).
• Utilize and maintain enterprise security technologies that support detection, response, vulnerability management, and email protection across the executive branch.
• Assist in maintaining situational awareness through dashboards, reporting, and coordination with incident responders.
• Monitor and triage alerts generated by the State’s SIEM, EDR, email security, and vulnerability management platforms, escalating incidents as appropriate.
• Investigate and document security events using tools such as Microsoft Sentinel, CrowdStrike Falcon, Proofpoint TAP/SEG, and Qualys VMDR.
• Assist with detection tuning, alert correlation, and rule management to reduce false positives and improve accuracy.
• Perform basic threat analysis and incident response, including log review, containment coordination, and follow-up validation.
• Conduct daily health checks and basic configuration reviews for SOC tools to ensure data is flowing correctly and sensors remain operational.
• Support vulnerability management operations by validating scan results, tracking remediation, and generating reports from Qualys VMDR.
• Review and respond to phishing alerts, quarantined messages, and end-user reports using Proofpoint systems.
• Assist in maintaining dashboards, metrics, and documentation for ongoing monitoring, compliance, and executive reporting.
• Coordinate with agency IT teams and senior security engineers to ensure consistent detection coverage, patching visibility, and incident escalation.
• Support cyber exercises, tabletop drills, and compliance reviews to validate SOC readiness and improve processes.
• Maintain clear, accurate records of investigations, alerts, and response actions in accordance with State cybersecurity policies.
• Perform related duties as required to sustain continuous monitoring and incident response capabilities across the enterprise.

Benefits

• Direct deposit for all employees.
• Public service with purpose and impact.