Lead Computer Incident Response Team
(CIRT) Analyst (EMS2)
Who is WaTech?
Washington Technology Solutions (WaTech) is "the consolidated
technology services agency" for Washington state, providing
enterprise IT services, support, strategy and security for public
agencies and municipalities.
WaTech operates the state's core technology services - the
central network and data center - and provides strategic and
comprehensive information security to protect state networks from
growing cyber threats. WaTech serves state agencies, county, city
and tribal governments, and public-benefit nonprofits.
The Office of Cybersecurity (OCS) provides strategic direction
for cybersecurity and protects our state government network from
growing cyber threats. OCS, and its team of cybersecurity experts,
detect, block and respond to cyberattacks on state networks and
help prevent and mitigate threats before they can cause significant
Our agency is located in a beautiful modern building on the
Capitol Campus that offers employee locker rooms, a bicycle locker
room for bike commuters and is on the free public transit
route. Flexible work schedules, and telework options are also
- During the COVID-19 pandemic, teleworking is approved and
encouraged to ensure the health and safety of our staff and their
families. As a critical role, there may be times this position's
presence is necessary on site.
About the position:
The Computer Incident Response Team (CIRT) takes a proactive
stance in reducing enterprise exposure to cyber security threats by
properly planning for and addressing cyber incidents. CIRT members
provide comprehensive analysis and response to security breaches.
These actions help detection, analysis and containment of cyber
incidents for state agencies. Should an agency experience a cyber
incident, the CIRT performs analysis, incident handling and
mitigation activities in coordination with appropriate resources
based on severity of incident. The CIRT also partners with federal
partners such as CISA, US-CERT, FBI, and Military in response
efforts. The state of Washington's continuity of service
delivery to Washingtonians relies on the incident management
capabilities of the CIRT team.
This is a lead incident response position that provides
leadership and direction within a workgroup unit focused on
proactive assessment of threats at the enterprise level, creating
measures to counter adversaries, reducing the impact of cyber
incidents and enabling agencies to recover more rapidly. This
position supports the state CISO to provide a single point of
leadership for stakeholders and empower agencies to rapidly respond
to and manage incidents of varying size and complexity. This
position will create and implement tailored response capabilities
to agencies based on the needs specific to each incident.
Some of what you'll do:
- Perform cyber defense incident triage, to include determining
scope, urgency, and potential impact, identifying the specific
vulnerability, and performing actions that enable expeditious
- Manage the tracking and documentation of cyber defense
incidents from initial detection through final resolution.
- Perform cyber defense trend analysis and publish cyber defense
techniques, guidance and reports on incident findings to
- Coordinates with intelligence analysts to correlate threat
- Leads on-site incident response efforts and assumes overall
accountability for successful incident resolution by directing and
coordinating resources supporting state agency staff during a
cybersecurity incident to minimize impact to mission critical data
- Set direction for providing system analysis to efficiently
perform forensic analysis of logs or artifact items from multiple
systems in scope of an incident to determine root cause origins and
- Develop methods to monitor and measure the effectiveness of
incident management efforts.
- Coordinate and manages the overall service provided to a
- Assist in the development of agency incident response
- Primary CIRT spokesperson for advising customers in incident
Requirements of the Position:
- Bachelor's degree in computer science or a related field.
- 5 years' experience in cybersecurity incident management with
at least 3 years direct hands on experience in forensic analysis
- 2 years' experience in lead or supervisory role.
- Certification in a security technology area such as CISSP, CEH,
CIH, Digital Forensics (DFI, CHFI).
Preference may be granted to applicants who possess experience
with the following:
- Master's degree in computer science, cybersecurity, digital
forensics, or closely related field.
- Multiple certifications in security technology areas such as
CISSP, CEH, CIH, Digital Forensics (DFI, CHFI.
- Programming and scripting language experience; ability to
create a detection method for an attacker's signature.
How to Apply:
WaTech is committed to providing equal access and opportunities
to all qualified applicants and employees. We seek to attract and
retain a diverse staff, and welcome your experiences, perspectives
and unique identity.
Applications for this recruitment will only be accepted
electronically. Please select the large apply button at the top of
this announcement for instructions. You may need to create a
profile and account in Washington State's automated application
To be considered for this position you will need to:
- Submit your online application. (You may need to create a
profile in NeoGov.)
- Answer all required Supplemental Questions.
- Attach a Letter of Interest that addresses how your experience
qualifies you for this role.
- Attach a Resume that clearly documents your work history,
training, and education that makes you a viable and competitive
candidate for this position.
Note: Failure to attach letter of interest and resume or
responding to the Supplemental Questions with "see resume"
will disqualify your application from further consideration.
You are welcome to include your name and pronouns in your
material to ensure we address you appropriately throughout the
This position will require the incumbent successfully pass a
background check. Information from the background check will not
necessarily preclude employment but will be considered in
determining the applicant's suitability and competence to perform
in the position and is a continued condition of employment. If
selected as a final candidate, additional information and
instructions will be provided.
First round of application assessments will be conducted seven
days after the initial job posting date. The hiring authority
reserves the right to offer the position at any time during the
recruitment process. It is to the applicant's advantage to apply as
early as possible.
Contact us: For inquiries about this position, please
contact Jenifer Graf at (360) 407-8810 or email
Persons requiring accommodation in the application process or
for an alternative format may contact Human Resources at (360)
407-8242 or Human.Resources@watech.wa.gov. Persons of
disability or those who are deaf or hard of hearing can call the
Washington Relay Service by dialing 7-1-1 or 1-800-833-6388. WaTech
complies with the employment eligibility verification requirements
of the federal Form I-9. The selected candidate must be able to
provide proof of identity and eligibility to work in the United
States consistent with the requirements of that form on the first
day of employment.
To learn more about WaTech please visit our
Applicants wishing to claim Veterans Preference should
attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed
verification of service letter from the United States Department of
Veterans Affairs to their application. Please blackout any
personally identifiable data such as social security numbers.