Security Operations Engineer (DOA)

About The Position

Requirements

• Thorough knowledge of the principles and practices of security operations engineering, including monitoring, threat detection, and response automation.
• Knowledge of security technologies such as SIEM (Microsoft Sentinel, Splunk), EDR/MDR (CrowdStrike Falcon, Defender for Endpoint), Qualys VMDR, and Proofpoint Email Protection and TAP.
• Knowledge of vulnerability management lifecycle, including scanning, validation, and reporting workflows using tools like Qualys VMDR.
• Knowledge of threat detection and response methodologies aligned to MITRE ATT&CK, NIST CSF 2.0, and NIST SP 800-53 Moderate frameworks.
• Knowledge of network protocols, system hardening, and secure configurations for Windows, Linux, and cloud platforms.
• Knowledge of cyber threat intelligence indicators, phishing defense techniques, and email security analysis.
• Knowledge of the fundamentals of risk analysis, digital forensics, and vulnerability prioritization.
• Knowledge of change management, configuration control, and log retention policies for security platforms.
• Knowledge of federal and state cybersecurity compliance requirements applicable to government systems (e.g., IRS 1075, CJIS, HIPAA).
• Skill in administering and maintaining SOC detection, response, and vulnerability management tools across a hybrid enterprise environment.
• Skill in using PowerShell, Python, or KQL to automate alert enrichment, dashboard generation, or data validation.
• Skill in configuring and tuning Proofpoint email security to detect and mitigate phishing, spoofing, and malware campaigns.
• Skill in managing Qualys VMDR scans, tagging, and reporting to support agency patching and remediation workflows.
• Skill in correlating and interpreting event and vulnerability data across SIEM, EDR, and VMDR platforms to identify high-priority risks.
• Skill in developing and maintaining system documentation, incident workflows, and configuration baselines.
• Skill in communicating technical information effectively to non-technical staff, agency partners, and executive leadership.
• Ability to analyze, triage, and respond to security incidents using SOC tools and standard operating procedures.
• Ability to coordinate with SOC analysts, IT administrators, and agency staff to prioritize remediation and improve detection coverage.
• Ability to apply sound technical judgment in managing and tuning multiple security technologies simultaneously.
• Ability to work independently on complex issues while maintaining alignment with enterprise cybersecurity objectives.
• Ability to handle sensitive data discreetly and uphold integrity during investigations or vulnerability disclosures.
• Ability to stay current on emerging threats, detection techniques, and security tools that enhance statewide defensive capabilities.
• Graduation from a college or university with a bachelor’s degree in computer science, information technology, cybersecurity, or a closely related field.
• Considerable employment in security operations, cybersecurity engineering, or systems administration, with demonstrated experience managing SOC tools, detection and response technologies, vulnerability management platforms (Qualys VMDR), and email security solutions such as Proofpoint.
• Must undergo a national fingerprint background screening.
• Must have employment eligibility validated through E-Verify.

Nice To Haves

• Maintain continuing education in threat detection, vulnerability management, and SOC operations.
• Participate in cyber defense exercises, vendor technical training, and statewide security initiatives to ensure operational readiness and continuous improvement.
• Possession of one or more of the following certifications, or the ability to obtain within a reasonable period after appointment: Microsoft Certified: Security Operations Analyst Associate (SC-200), GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA), Qualys Certified Vulnerability Management Specialist (VMDR), Proofpoint Certified Email Protection Administrator, CompTIA CySA+ (Cybersecurity Analyst) or CompTIA Security+, GIAC Security Essentials (GSEC) or GIAC Enterprise Defender (GCED), or equivalent IT security certification(s).

Responsibilities

• Perform, organize, direct, and coordinate the planning, administration, and maintenance of the State’s enterprise security technology stack supporting the Security Operations Center (SOC).
• Manage, optimize, and integrate detection and response tools including endpoint protection, SIEM, vulnerability management, and email security platforms.
• Enhance statewide cyber defense capabilities through automation, continuous monitoring, and actionable visibility.
• Serve as the technical lead and subject matter expert (SME) for the enterprise security technology stack supporting the SOC, including SIEM, EDR, IDS/IPS, Proofpoint email security, and Qualys VMDR.
• Administer and optimize detection, response, and vulnerability tools to ensure reliable data ingestion, alert fidelity, and integration with incident response workflows.
• Configure and tune Microsoft Sentinel, CrowdStrike Falcon, Qualys VMDR, and Proofpoint TAP/SEG platforms to reduce false positives and improve detection accuracy.
• Manage Qualys VMDR scanning schedules, sensor health, and asset inventory synchronization to ensure vulnerability visibility across state systems.
• Maintain dashboards, correlation rules, and alerting logic that enhance situational awareness for the SOC.
• Coordinate with security analysts and engineers to maintain automated playbooks and detection content aligned with MITRE ATT&CK techniques.
• Ensure that log and vulnerability data from network, endpoint, and cloud systems are collected, retained, and correlated in accordance with NIST 800-53 AU (Audit), RA (Risk Assessment), and SI (System Integrity) controls.
• Maintain and update authorized software lists, asset groupings, and detection search libraries; escalate major tool configuration or development requests to senior engineers.
• Support security incident response activities, including triage, containment, and post-incident validation.
• Collaborate with patch management and IT operations teams to communicate vulnerability findings and track remediation through dashboards and metrics.
• Assist in vulnerability validation, risk scoring, and verification of detection coverage following threat advisories or audits.
• Develop and maintain documentation, runbooks, and configuration baselines for all assigned systems.
• Support SOC operations during audits, compliance assessments, and statewide cyber exercises.
• Complete other related work tasks as required to align with evolving technologies, threats, and organizational priorities.

Benefits

• Information regarding benefits available to State of Rhode Island employees can be found on the Office of Employee Benefits' website.
• Direct deposit for all employees is required.
• Public service with purpose and impact.