Job ID: MI-631546 (97190703)
Security Analyst (CISSP) with SIEM, Bro, Suricata, Sourcefire, Wireshark, SANS and incident response experience
Location: Lansing, MI (DTMB)
Duration: 12 months
In-depth knowledge of security monitoring and incident response Required 2 Years
Knowledge of conducting security investigations Required 2 Years
Experience with using and customizing SIEM products Desired 2 Years
Solid understanding of network protocols and architecture Required 2 Years
Demonstrated experience with performing incident response using industry leading tools Required 2 Years
Experience with network intrusion detection and analysis tools such as Bro, Suricata, Sourcefire, Snort and Wireshark Required 2 Years
Demonstrated experience operating information security tools is required Required 2 Years
Understanding of the tactics, techniques and procedures of advanced attackers Required 2 Years
SANS training Desired
3-5 years of experience in Security Operations and Incident Response Required 3 Years
Bachelor’s degree or its foreign equivalent in a computer related field Required
This position is required to protect the health, safety, and welfare of Michigan residents. The incident response team is the primary security team directly responscible for responding, containing and coordinating remediation efforts for all cyber security threats on all SOM managed endpoints, servers, and network.
The scope of this position extends statewide. Incident response applies to any cyber security event that occurs within State of Michigan networks and infrastructure. Cyber security incident response team must address all of these attacks in a timely manner. This involves the need to identify and prioritize the incidents that represent the most significant risk to State of Michigan assets. In the case of critical incidents, it is imperative to contain the attack and assist in the recovery of systems so that State of Michigan employees can continue to provide key services to state residents and partners.
Incident response position serves to ensure State of Michigan computer networks and infrastructure remain fully operational, and the integrity of its data is preserved. As such, the incident response team has the following implications:
Social – continuous or halted delivery of services to state residents, secure or compromised private information of state clients.
Economic – lower or higher costs of recovery that state residents must absorb.
Political – sustained or diminished trust in state government.
Operational – efforts to maintain and restore technical services across the State of Michigan.
Organizational – collaboration or tensions between organizational units within DTMB and across the State of Michigan.
Incident response involves investigation of all security events. Incident response team members serve as first responders. They must quickly determine the scope and severity of a security incident, and then decide to either pursue it to resolution or escalate to teams with more specialized knowledge and skills.
Failure to backfill this position will significantly impair the ability of the IR team to respond to security events.