Threat & Incident Response Analyst

Position: Threat & Incident Response Analyst Duration: 1 years Location: Montgomery, AL Department Information Security IS&GRC Position Threat & Incident Response Analyst Priority Slot 004 -D- IT Title IT Systems Specialist OIT Title SECURITY AND COMPLIANCE SPECIALIST, SENIOR Definition This is fully functional complex through highly complex professional security and compliance work in the regulation of access to systems to prevent unauthorized access, modification, destruction, or disclosure of agency information. Employees work independently to monitor data security and implement controls. Work involves supporting security operations (i.e. intrusion detection/prevention, web filtering, vulnerability scans) to continually monitor technology resources and participates in analyzing the environment for security threats/vulnerabilities and unauthorized access. Employees are proficient in more than one recognized information security domain. Work is supervised by a higher-level Security and Compliance Coordinator, Supervisor, or Manager. Examples of Work

• Responds to complex security requests, problem reports, questions, and incident reports; recommends or takes corrective action and follows-up on corrective actions to ensure that threats and vulnerabilities are addressed.
• Performs forensic examinations to ensure proper containment and preservation of evidence, tracking of forensic events, maintenance of the chain of custody, and other related tasks.
• Plans and performs audits and assessments of processes, employee practices, network operations and components, servers, telecommunications, applications, and other technology resources to evaluate policy and regulatory compliance, threats, and vulnerabilities, and weak or missing controls.
• Guides risk assessment exercises to identify, evaluate, and address processes and operations posing security threats or significant vulnerabilities; prepares and presents audit and assessment findings, as well as recommendations of options to mitigate risks, achieve policy and regulatory compliance, and strengthen controls.
• Reviews logging information for assigned systems and devices to identify abnormal or irregular use.
• Develops and updates business continuity and disaster recovery protocols.
• Provides technical assistance to lower-level Security and Compliance Specialists.
• Supports technology tools typically used in audits, assessments, monitoring, analysis, and reporting.
• Develops customized information security training and awareness presentations; responds to questions and resolves problems related to training; monitors employee compliance with information security training policies.
• Recommends security products, services, and/or procedures to enhance security and deliver operational efficiencies.
• Performs related work as assigned.

• Graduation from an accredited four-year college or university with a bachelor's degree in computer science, mathematics, engineering, or a closely related field.
• Considerable experience in information technology security and compliance analysis work in more than one recognized information security domain.

• Protects networks, systems, and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues
• Analyzes cyber security incidents to solve issues and improve incident handling procedures
• Addresses incident escalation from SOC and assists with real-time, continuous (24x7) security event monitoring, response, and reporting

• Ability to conduct detailed security event analysis from network traffic, host-based, and cloud-based attributes.
• Understands emerging threat landscape and can translate threat intelligence into use cases that leverage tools licensed or developed for the SOC.
• Prior experience/competency to develop automated tools via scripts and custom signatures as required for intrusion analysis and data analytics functions.