Job ID: MI-631546 (97190703)
Security Analyst (CISSP) with SIEM, Bro, Suricata, Sourcefire, Wireshark, SANS and incident response experience
Location: Lansing, MI (DTMB)
Duration: 12 months
Skills:
In-depth knowledge of security monitoring and incident responseRequired2Years
Knowledge of conducting security investigationsRequired2Years
Experience with using and customizing SIEM productsDesired2Years
Solid understanding of network protocols and architectureRequired2Years
Demonstrated experience with performing incident response using industry leading toolsRequired2Years
Experience with network intrusion detection and analysis tools such as Bro, Suricata, Sourcefire, Snort and WiresharkRequired2Years
Demonstrated experience operating information security tools is requiredRequired2Years
Understanding of the tactics, techniques and procedures of advanced attackersRequired2Years
SANS trainingDesired
CISSPDesired
3-5 years of experience in Security Operations and Incident ResponseRequired3Years
Bachelor’s degree or its foreign equivalent in a computer related fieldRequired
This position is required to protect the health, safety, and welfare of Michigan residents. The incident response team is the primary security team directly responscible for responding, containing and coordinating remediation efforts for all cyber security threats on all SOM managed endpoints, servers, and network.
The scope of this position extends statewide. Incident response applies to any cyber security event that occurs within State of Michigan networks and infrastructure. Cyber security incident response team must address all of these attacks in a timely manner. This involves the need to identify and prioritize the incidents that represent the most significant risk to State of Michigan assets. In the case of critical incidents, it is imperative to contain the attack and assist in the recovery of systems so that State of Michigan employees can continue to provide key services to state residents and partners.
Incident response position serves to ensure State of Michigan computer networks and infrastructure remain fully operational, and the integrity of its data is preserved. As such, the incident response team has the following implications:
Social – continuous or halted delivery of services to state residents, secure or compromised private information of state clients.
Economic – lower or higher costs of recovery that state residents must absorb.
Political – sustained or diminished trust in state government.
Operational – efforts to maintain and restore technical services across the State of Michigan.
Organizational – collaboration or tensions between organizational units within DTMB and across the State of Michigan.
Incident response involves investigation of all security events. Incident response team members serve as first responders. They must quickly determine the scope and severity of a security incident, and then decide to either pursue it to resolution or escalate to teams with more specialized knowledge and skills.
Failure to backfill this position will significantly impair the ability of the IR team to respond to security events.