Security Analyst - Consultant (11013-1)

Please note: This is required:

Required Education/Certifications

ANY ONE OR COMBINATION OF:

" CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP)

" GIAC CERTIFIED INCIDENT HANDLER (GCIH)

" SECURITY +

" OR SIMILAR WITH VALID EXPERIENCE

Scope Of The Project

The Office of Cybersecurity is tasked with performing ongoing enterprise cybersecurity threat monitoring and incident response capabilities. This position requires a broad and keen understanding of technology and IT delivery of Security Operation services for on premise and cloud based equipment and critical applications. A strong candidate for this position should possess experience in the following:

" Cyber Threat Response and Incident Handling

" Cyber Security Operations

" Security Service Portfolio Management

Daily Duties / Responsibilities

The Consultant will be in a unique position to help mature our Security Operations Center capability and will work directly for the CISO to drive innovation and maturation of the Agency Cyber threat detection and response capabilities. We are looking for candidates who are highly organized, can work independently in a fast-paced environment and produce multiple quality deliverables within defined deadlines. Candidates should be self-starters, creative problem solvers and have an eagerness to implement tactics, techniques and procedures which make the most effective use of Agency staff, resources, products and technologies quickly.

Essential Responsibilities

• Drive innovation and maturation of Security Operations capabilities
• Act as an escalation point and provide leadership, mentorship, and guidance to SOC Analyst I, II, and III
• Oversee the identification, analysis, and response to security incidents, ensuring rapid containment and resolution
• Lead and mentor a team of Security Operations analysts, ensuring they are well-trained and motivated
• Assist in staffing Security Operations staff
• Perform threat identification and analysis of risks to the Medicaid Enterprise
• Assist in the implementation and advancement of Continuous Monitoring and Incident Response processes and procedures
• Consistently review and refine Playbooks, Process, and Alert reviews to identify areas of improvement
• Assist with advanced threat hunting, looking for attacker presence within the environment
• Work with Information Technology, Application Development and Business Teams to advance security efforts of the Medicaid Enterprise
• Lead security team projects, and continuous improvement
• Collaborate with compliance teams to maintain audit-ready status
  
  

Required Skills (rank In Order Of Importance)

• 10+ years of experience of IT working with Windows, Linux, and Web-based applications
• 5+ years of experience with enterprise infrastructure design and deployment
• 5 years of related experience in a SOC lead capacity
• A firm understanding of the offerings and capabilities within Cloud service providers and technologies
• Ability to communicate clearly, verbally and in writing; to interact effectively with internal and external vendors, project team members, management and agency departments; to build relationships and use facilitation skills with both technical and non-technical personnel
• Experience in organizing information in a way that is appropriate for technical explanations without losing sight of the needs and aptitude of the audience
• Ability to work independently and collaborate with multiple teams and vendors
• Ability to multitask and prioritize tasks effectively in order to meet deadlines
• Must be intermediate to advanced skills in additional Microsoft Office products (Word, Excel, PowerPoint, Visio) and working with templates and style guidelines for branding consistency
• Keen attention to detail while maintaining the ability to see the big picture
• Experience with the evaluation and selection of products and vendors to support initiatives.
• Ability to accept changes and constructive criticism in a fast turn-around environment
  
  

Preferred Skills (rank In Order Of Importance)

• Experience identifying, testing and leading remediation efforts of OWASP Top Ten, CWE/SANS TOP 25 Most Dangerous Software Errors, etc.
• Prior experience performing penetration testing and vulnerability assessments in organizations subject to FISMA or similar requirements
• Prior experience in working with eGRC systems
  
  

Preferred Education/Certifications

" BS degree in computer science, information technology, engineering or similar discipline

" Cloud certification (i.e. CASP +)

" Network security certifications