Security Operations Center (SOC) Analyst (EMS2)
The State of Washington Office of Cyber Security (OCS) is led by the state Chief Information Security Officer (CISO) and is located within Washington Technology Services (WaTech). OCS's vision is to foster a culture of risk-based information security awareness within government and throughout the state. OCS is home to numerous teams focused on identifying, assessing, and mitigating information securityrisks:
- Security Operations Center
- Computer Emergency Readiness Team
- Security Design Review
- Awareness and Education
- Information Sharing and Analysis Center
- Data Analytics and Visualization
What will you be doing in this role?
The Security Operations Center's (SOC) conducts centralized monitoring and analysis of Washington state government's enterprise network and provides near real-time alerting of cybersecurityevents which may compromise delivery of critical business services. The SOC provides means for effective avoidance, control, and recovery from cybersecurity incidents in support of high visibility, mission-critical services. Additionally, the SOC acts as a liaison for cybersecurity incident response with state and federal partners.
This role, SOC Analyst, supports the protection of state resources through the active identification of indicators of network compromise and near real-time alerting to stakeholders. The SOC Analyst analyzes network activity through the use of security analytics tools such as: intrusion detection, packet capture, event management review, behavioral analysis, and database monitoring.
This hands-on, expert level analysis will serve to protect the state from cyberthreats and reduce overall information securityrisk. Critical systems of the State of Washington for tax collection, benefit payments, law enforcement, and transportation rely upon the threat protections provided by this team.
Here's what we are looking for:
- Five (5) years or more of recent experience with security technologies such as firewall, proxies, intrusion detection, denial of service mitigation, and vulnerability management.
- Four (4) years of experience in troubleshootingnetwork or security incidents at an advanced level (minimum of second tier support).
- Three (3) years of experience in log management, packet capture, digitalforensics, monitoring and alerting, or similar information security analysis.
- Three (3) years of experience with a large, high volume customer or service provider network.
- Team oriented with excellent interpersonal and communication skills.
- Broad knowledge of information security, security tools, trends, technology vulnerabilities, securitythreats, tactics for attack, security best practices, etc.
- Experience resolving a wide range of difficult and complex security problems and implementation of strategies to ensure compliance with information security policy and standards.
An ideal candidate may also have these desired qualifications:
- Bachelor's degree in computer science, information security, information assurance, or related degree.
- Four (4) years of consultative, administrative, or supervisory experience in information technology analysis, system maintenance, analyzing, designing, or programming computer systems applications or databases.
- Programming and scriptinglanguage experience.
- Certifications in Security technology areas such as SANS GIAC, CISSP, CEH, EC-Council CIH, Digital Forensics.
- Experience in integrating heterogeneous computer systems.
- Knowledge of project management fundamentals.
- Experience implementing the National Institute for Standards and Technology's (NIST) Cybersecurity Framework and knowledge regarding the fundamentals of information securityrisk management.