The Executive Office of Technology Services and Security (EOTSS) is the state’s lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts.
EOTSS is seeking a SOC Cyber Detection & Response (CDR) Analyst who will be a member of the Security Operations Center’s Cyber Detection and Response Team. The SOC CDR Analyst is primarily responsible for incident triage, detection, response, and remediation activities that occur within the TSS SOC. Analysts in the SOC work with Security Engineers, Managed Security Service Providers (NuHarbor) and SOC Managers to give situational awareness via detection, containment, and remediation of IT threats. SOC Analysts cooperate work with other team members to detect and respond to information security incidents, develop, and follow security events such as alerts, and engage in security investigations.
The primary work location for this role will be at 200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position is Monday through Friday, 9AM to 5PM EST. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed.
Duties and Responsibilities:
- Managing day-to-day security monitoring, and IR activities, including but not limited to SIEM monitoring, Endpoint Detection and Response using Palo Alto’s Cortex XDR, notifying agencies of potential malicious activities, managing, and/or maintaining security incident response practices.
- Assist in detection and incident response functions including, but not limited to, Security Incident Reporting tickets, customer and constituent notification, tracking, and reporting. Conduct and/or participate in agency, state, regional, and/or national cyber security incident simulation exercises.
- Monitor, report, and respond to anomalous Internet, Extranet, and/or Intranet activity related information provided through internal operations and/or credible external third-party threat intelligence organizations. Work with EOTSS customer organizations and EDR vendor to test software revision, EDR client file updating, and/or EDR related status reporting.
- Assist in the development and delivery of cybersecurity education and awareness initiatives on behalf of state government.
- Review third party alerts to maintain overall situational awareness of security issues affecting Commonwealth agencies, EOTSS customer organizations, and/or MS-ISAC members.
- Conduct research into new threats that may affect Commonwealth agencies, EOTSS customer organizations, and/or local entities.
- Provide and promote security awareness by assisting in phishing campaigns for all users across the Commonwealth while furthering overall security awareness programs.
- Support the preparations of security reports to management on security system activities and performance utilizing enterprise security tools (Tenable, DHS, Expanse, etc.)
Preferred Knowledge, Skills, and Abilities:
- Knowledge of SIEM (Security Information and Event Management) Splunk
- Knowledge and working familiarity of cloud computing (AWS/AZURE/GCP)
- Knowledge of TCP/IP, VLANs, computer networking, routing, and switching.
- Familiarity with IDS/IPS, penetration and vulnerability testing.
- Familiarity with Windows and Linux operating systems.
- Understanding of network protocols and packet analysis tools.
- Understanding of Proofpoint and other email security tools.
- Ability to think critically and problem-solving abilities.
- Capability to communicate and listen to needs from organizational stakeholders.
- Security certifications desired, but not required,.
- EDR Tools Palo Alto Cortex preferred, but not required.