The CIRT Mid Cloud Analyst supports the Department of State’s (DoS) Computer Incident Response Team leveraging deep knowledge of monitoring / incident response techniques with a focus on hybrid, cloud and legacy infrastructure supporting the Cloud Monitoring Team’s efforts
to develop methodologies and processes to support the Department’s migration and integration of cloud based services. Serves as the primary day-to-day monitoring and incident response utilizing both enterprise and native log/ analysis tools for the Department’s emerging cloud presence.
- Knowledge of cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)
- Knowledge of networking architecture, design and security
- Knowledge of traditional computing technologies architecture, design and security
- Demonstrated ability to interact with key stakeholders and provide both technical and information briefing materials to a range of audiences
- Demonstrated knowledge utilizing native security and logging tools (Log Analytics, Defender ATP, O365 ATP, Cloud trails) .
- Demonstrated knowledge of the Incident Response Lifecycle and ability to apply to both cloud, legacy and hybrid environments
- Expertise with static and dynamic malware analysis tools and techniques
- Ability to identify and communicate remediation steps for cybersecurity events
Currently possess or demonstrate knowledge commensurate with one of more (but not limited to) of the following certifications CCSP, CCSK, AWS certified security specialty, Microsoft Azure Security Engineer, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, CISSP, CCNA (Security) or equivalent.
4+ Years of incident response and monitoring with an emphasis of enterprise environments to include hybrid and cloud only environments. Bachelors required but education may be substituted for years of related experience.