Previous Job
IT Security Analyst 3- Incident Response
Ref No.: 18-47134
Location: Lansing, Michigan
Start Date: 07/06/2018
Status New
Position # 564787
Position IT Security Analyst 3- Incident Response
Client & Department State of Michigan- DTMB- MCS
Worksite Address Harris Dr, Dimondale, MI 48821
Tenure 10+ Months
No. of Openings 2 (INTERVIEW TYPE: In Person)
No. of submittals 4

Question 1 Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question 2 Please list candidate's email address that will be used when submitting E-RTR.
Question 3 The client plans to schedule IN PERSON ONLY interviews for this position the week of July 16th. Please confirm your candidate will be available to interview any of those days if selected.
Question 4 Please include a paragraph re: candidate's availability, location, applicable skills, and other pertinent information in the Summary of Qualifications tab, when submitting.
Required / Desired Skills:
Skill Required / Desired Amount of Experience Candidate Experience Last Used Last Used
In-depth knowledge of security monitoring and incident response Required 5 Years      
Knowledge of conducting security investigations. Required 5 Years      
Experience with using and customizing SIEM products. Desired 5 Years      
Solid understanding of network protocols and architecture. Required 5 Years      
Demonstrated experience with performing digital forensics and incident response using industry leading tools. Required 5 Years      
Experience with network intrusion detection and analysis tools such as Bro, Suricata, Sourcefire, Snort and Wireshark. Required 5 Years      
Experience solving problems with scripting languages such as Perl, Python, PowerShell or Bash. Required 5 Years      
Demonstrated experience operating information security tools is required. Required 5 Years      
Demonstrated experience integrating information security tools is required. Required 5 Years      
Understanding of the tactics, techniques and procedures of advanced attackers Required 5 Years      
Ability to leverage multiple forms of communication to articulate complex concepts to technical and non-technical staff, including senior management Required 5 Years      
SANS Training Desired        
EnCase Certified Examiner (EnCE) Desired        
Offensive Security Certified Professional (OSCP) Desired        
CISSP Desired        
• 5 years of experience in Security Operations and Incident Response. Required 5 Years      
SHORT DESCRIPTION: Monitor and advise on information security issues related to the systems and workflow at an agency to ensure the internal IT security controls for an agency are appropriate and operating as intended.
COMPLETE DESCRIPTION:  Years of Experience: 8 or more years of experience in the field.
  • Member of the Michigan Security Operations Center (MiSOC) and will focus on Incident Response.
  • Identify security issues and risks associated with security events and manage the incident response process.
  • Participate in the incident response and investigation process for identified security events.
  • Use the Security Incident Event Management (SIEM) platform (IBM's QRadar) to perform Incident Response identification and response.
  • Perform network and system forensics in response to security incidents.
  • Optimize and customize security-monitoring tools to improve detection.
  • Hunt for signs of APT activities.
  • Maintain and update the security operational workflow.