Lead Computer Incident Response Team (CIRT) Analyst (EMS2)

Company: State of Washington
Location: Olympia
Posted on: June 8, 2021

Job Description:

Lead Computer Incident Response Team (CIRT) Analyst (EMS2)

Who is WaTech?

Washington Technology Solutions (WaTech) is "the consolidated technology services agency" for Washington state, providing enterprise IT services, support, strategy and security for public agencies and municipalities. 

WaTech operates the state's core technology services - the central network and data center - and provides strategic and comprehensive information security to protect state networks from growing cyber threats. WaTech serves state agencies, county, city and tribal governments, and public-benefit nonprofits.

The Office of Cybersecurity (OCS) provides strategic direction for cybersecurity and protects our state government network from growing cyber threats. OCS, and its team of cybersecurity experts, detect, block and respond to cyberattacks on state networks and help prevent and mitigate threats before they can cause significant damage. 

Our agency is located in a beautiful modern building on the Capitol Campus that offers employee locker rooms, a bicycle locker room for bike commuters and is on the free public transit route. Flexible work schedules, and telework options are also available!

• During the COVID-19 pandemic, teleworking is approved and encouraged to ensure the health and safety of our staff and their families. As a critical role, there may be times this position's presence is necessary on site. 

About the position:

The Computer Incident Response Team (CIRT) takes a proactive stance in reducing enterprise exposure to cyber security threats by properly planning for and addressing cyber incidents. CIRT members provide comprehensive analysis and response to security breaches. These actions help detection, analysis and containment of cyber incidents for state agencies. Should an agency experience a cyber incident, the CIRT performs analysis, incident handling and mitigation activities in coordination with appropriate resources based on severity of incident. The CIRT also partners with federal partners such as CISA, US-CERT, FBI, and Military in response efforts. The state of Washington's continuity of service delivery to Washingtonians relies on the incident management capabilities of the CIRT team.

This is a lead incident response position that provides leadership and direction within a workgroup unit focused on proactive assessment of threats at the enterprise level, creating measures to counter adversaries, reducing the impact of cyber incidents and enabling agencies to recover more rapidly. This position supports the state CISO to provide a single point of leadership for stakeholders and empower agencies to rapidly respond to and manage incidents of varying size and complexity. This position will create and implement tailored response capabilities to agencies based on the needs specific to each incident. 

Some of what you'll do:

• Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and performing actions that enable expeditious remediation.
• Manage the tracking and documentation of cyber defense incidents from initial detection through final resolution.
• Perform cyber defense trend analysis and publish cyber defense techniques, guidance and reports on incident findings to appropriate constituencies.
• Coordinates with intelligence analysts to correlate threat assessment data.
• Leads on-site incident response efforts and assumes overall accountability for successful incident resolution by directing and coordinating resources supporting state agency staff during a cybersecurity incident to minimize impact to mission critical data delivery systems.
• Set direction for providing system analysis to efficiently perform forensic analysis of logs or artifact items from multiple systems in scope of an incident to determine root cause origins and incident severity.
• Develop methods to monitor and measure the effectiveness of incident management efforts.
• Coordinate and manages the overall service provided to a customer end-to-end.
• Assist in the development of agency incident response plans.
• Primary CIRT spokesperson for advising customers in incident analysis.

Requirements of the Position:

• Bachelor's degree in computer science or a related field.
• 5 years' experience in cybersecurity incident management with at least 3 years direct hands on experience in forensic analysis and tools.
• 2 years' experience in lead or supervisory role.
• Certification in a security technology area such as CISSP, CEH, CIH, Digital Forensics (DFI, CHFI).

Preference may be granted to applicants who possess experience with the following:

• Master's degree in computer science, cybersecurity, digital forensics, or closely related field.
• Multiple certifications in security technology areas such as CISSP, CEH, CIH, Digital Forensics (DFI, CHFI.
• Programming and scripting language experience; ability to create a detection method for an attacker's signature.

How to Apply:

WaTech is committed to providing equal access and opportunities to all qualified applicants and employees. We seek to attract and retain a diverse staff, and welcome your experiences, perspectives and unique identity. 

Applications for this recruitment will only be accepted electronically. Please select the large apply button at the top of this announcement for instructions. You may need to create a profile and account in Washington State's automated application system, NeoGov.

To be considered for this position you will need to:

• Submit your online application. (You may need to create a profile in NeoGov.)
• Answer all required Supplemental Questions.
• Attach a Letter of Interest that addresses how your experience qualifies you for this role.  
• Attach a Resume that clearly documents your work history, training, and education that makes you a viable and competitive candidate for this position. 

Note: Failure to attach letter of interest and resume or responding to the Supplemental Questions with "see resume" will disqualify your application from further consideration.

You are welcome to include your name and pronouns in your material to ensure we address you appropriately throughout the application process.

Recruitment process:

This position will require the incumbent successfully pass a background check. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position and is a continued condition of employment. If selected as a final candidate, additional information and instructions will be provided.

First round of application assessments will be conducted seven days after the initial job posting date. The hiring authority reserves the right to offer the position at any time during the recruitment process. It is to the applicant's advantage to apply as early as possible.

Contact us: For inquiries about this position, please contact Jenifer Graf at (360) 407-8810 or email to Jenifer.Graf@WaTech.wa.gov. 

Persons requiring accommodation in the application process or for an alternative format may contact Human Resources at (360) 407-8242 or Human.Resources@watech.wa.gov.  Persons of disability or those who are deaf or hard of hearing can call the Washington Relay Service by dialing 7-1-1 or 1-800-833-6388. WaTech complies with the employment eligibility verification requirements of the federal Form I-9. The selected candidate must be able to provide proof of identity and eligibility to work in the United States consistent with the requirements of that form on the first day of employment.

To learn more about WaTech please visit our website.

 Applicants wishing to claim Veterans Preference should attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed verification of service letter from the United States Department of Veterans Affairs to their application. Please blackout any personally identifiable data such as social security numbers.

Keywords: State of Washington, Olympia , Lead Computer Incident Response Team (CIRT) Analyst (EMS2), Other , Olympia, Washington