Job ID: SC-11260 (99890608)
Remote (Local preferred) Security Analyst (CISSP/CISA/CISO/CEH/OSCP/GPEN) with Monitoring/Incident Response, MITRE ATT&CK, Palo Alto Cortex XSIAM/XDR, Linux, SIEM/EDR/IDS/IPS/Threat Intelligence, Active Directory experience
Location: Columbia, SC (Department of Administration)
Duration: 12 Months
Work Location: Role is 100% Remote
Candidate location: No SC residency required. Open to nationwide candidates.
Additional Information: Preference will be given to candidates that are local to SC and are able to come onsite for project needs.
Required Skills (rank in order of Importance):
• 2+ Years of Experience with Security
Monitoring and Incident Response.
• 2+ Years of Experience with MITRE ATT&CK framework.
• 2+ Years of Experience with dashboard creation and reporting.
Preferred Skills (rank in order of Importance):
• Experience with the Palo Alto CortexXSIAM/XDR platform.
• Knowledge of Linux, network administration and network design.
• Experience in administration of firewalls, VPN technology, Active Directory, Intrusion Detection/Prevention systems.
• Candidate is local to Columbia, SC or surrounding city in South Carolina
Required Education/Certifications:
• Associate’s degree in an information technology or information security related field
• Four years of relevant work experience may be substituted in lieu of education
Preferred Education/Certifications:
• CISSP, CISA, CISO or equivalent advanced security certification.
• Additional relevant certifications (e.g., CEH, OSCP, GPEN).
• Vendor certifications related to information security.
Daily Duties / Responsibilities:
PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).
• Continuously review and correlate security event data across SIEM, EDR, IDS/IPS, and threat intelligence sources to identify complex attack patterns, emerging threats, and security incidents.
• Perform deep-dive analysis of suspicious activity, validate incidents, determine root cause and impact, and escalate critical incidents with detailed context to Tier 3 as required.
• Create detailed incident reports, timelines, and post-incident summaries; contribute to lessons-learned documentation and recommendations for remediation and preventative measures.
• Investigate user-reported phishing, malware infections, and potential policy violations; advise users and internal/external teams on containment and recovery actions.
• Recommend updates to SOC playbooks and workflows based on real-world INVESTIGATIONS, fine-tune detection rules. Alert thresholds, and correlation logic to reduce false positives and improve threat coverage.
• Collaborate with engineering teams to ensure monitoring tools are properly configured and tuned. Integrate new threat intelligence feeds into workflows and proactively hunt for threats using up-to date tactics, techniques, and procedures
(TTPs)
• Serve as a customer-facing SME, “selling” the value of DIS services by demonstrating
capabilities and resolving issues.
• Document processes, runbooks, and troubleshooting steps related to SOC operations.
• Coordinate with engineering, SOC, and agency staff as needed to meet goals.
• Other duties as needed.
SCMSP_Candidate_Cover_Sheet_Updated-8.docx