SOC Cyber Detection & Response (CDR) Analyst

SOC Cyber Detection & Response (CDR) Analyst - (24000AOW)

Description

 

The Executive Office of Technology Services and Security (EOTSS) is the state’s lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts.

EOTSS is seeking a SOC Cyber Detection & Response (CDR) Analyst who will be a member of the Security Operations Center’s Cyber Detection and Response Team. The SOC CDR Analyst is primarily responsible for incident triage, detection, response, and remediation activities that occur within the TSS SOC. Analysts in the SOC work with Security Engineers, Managed Security Service Providers (NuHarbor) and SOC Managers to give situational awareness via detection, containment, and remediation of IT threats. SOC Analysts cooperate work with other team members to detect and respond to information security incidents, develop, and follow security events such as alerts, and engage in security investigations.

The primary work location for this role will be at 200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position is Monday through Friday, 9AM to 5PM EST. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed.

 

Duties and Responsibilities:

• Managing day-to-day security monitoring, and IR activities, including but not limited to SIEM monitoring, Endpoint Detection and Response using Palo Alto’s Cortex XDR, notifying agencies of potential malicious activities, managing, and/or maintaining security incident response practices.
• Assist in detection and incident response functions including, but not limited to, Security Incident Reporting tickets, customer and constituent notification, tracking, and reporting.  Conduct and/or participate in agency, state, regional, and/or national cyber security incident simulation exercises.
• Monitor, report, and respond to anomalous Internet, Extranet, and/or Intranet activity related information provided through internal operations and/or credible external third-party threat intelligence organizations. Work with EOTSS customer organizations and EDR vendor to test software revision, EDR client file updating, and/or EDR related status reporting.
• Assist in the development and delivery of cybersecurity education and awareness initiatives on behalf of state government.
• Review third party alerts to maintain overall situational awareness of security issues affecting Commonwealth agencies, EOTSS customer organizations, and/or MS-ISAC members.
• Conduct research into new threats that may affect Commonwealth agencies, EOTSS customer organizations, and/or local entities.
• Provide and promote security awareness by assisting in phishing campaigns for all users across the Commonwealth while furthering overall security awareness programs.
• Support the preparations of security reports to management on security system activities and performance utilizing enterprise security tools (Tenable, DHS, Expanse, etc.)

 

Preferred Knowledge, Skills, and Abilities:

• Knowledge of SIEM (Security Information and Event Management) Splunk
• Knowledge and working familiarity of cloud computing (AWS/AZURE/GCP)
• Knowledge of TCP/IP, VLANs, computer networking, routing, and switching
• Familiarity with IDS/IPS, penetration and vulnerability testing
• Familiarity with Windows and Linux operating systems
• Understanding of network protocols and packet analysis tools
• Understanding of Proofpoint and other email security tools.
• Ability to think critically and problem-solving abilities.
• Capability to communicate and listen to needs from organizational stakeholders.
• Security certifications desired, but not required.
• EDR Tools Palo Alto Cortex preferred, but not required.

 

 

 

Qualifications

 

First consideration will be given to those applicants that apply within the first 14 days.

 

Minimum Entrance Requirements: 

Applicants must have (A) at least one (1) year of full-time or equivalent part-time experience in the field of information technology security, or (B) any equivalent combination of the required experience and the substitutions below.

 

Substitutions: 

I. An Associate’s degree in a related field may substitute for the required experience. 

 

 

 

Comprehensive Benefits

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics? Explore our Employee Benefits and Rewards!

 

 

An Equal Opportunity / Affirmative Action Employer.  Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

 

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law.  Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements.  We encourage individuals who believe they have the skills necessary to thrive to apply for this role.

 Official Title: Security Analyst I

Primary Location

: United States-Massachusetts-Chelsea-200 Arlington Street

Job

: Information Systems and Technology

Agency

: Exec Office of Technology Services and Security

Schedule

: Full-time

Shift

: Day

Job Posting

: Dec 16, 2024, 8:02:49 PM

Number of Openings

: 1

Salary

: 69,372.16 - 103,344.80 YearlyIf you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator: Emily Hartmann - 6176608300Bargaining Unit: 06-NAGE - Professional Admin.Confidential: NoPotentially Eligible for a Hybrid Work Schedule: Yes