Play a pivotal role in monitoring security alerts, incident response, detection, and threat intelligence integration. Your expertise will be instrumental in refining behavioral baselines to minimize false positives and strengthening our defenses against evolving cyber threats. You will follow the NIST Cybersecurity Framework to lead security operations and a strategic vision for proactive defense. 
 
Responsibilities:
 
Monitor security alerts and events generated by security monitoring systems, SIEM, and other detection tools.
Conduct real-time analysis of security alerts to identify potential security incidents or threats to the organization's infrastructure.
Develop and implement detection rules and correlation logic to enhance the organization's ability to detect and respond to security threats.
Perform threat hunting activities to proactively identify and mitigate potential threats and vulnerabilities within the organization's environment.
Develop and maintain incident response plans, playbooks, and procedures to ensure timely and effective response to security incidents.
Perform threat hunting activities to proactively identify and mitigate potential threats and vulnerabilities within the organization's environment.
Oversee how sensitive data is handled to ensure data loss prevention using available tools.
Ensure that annual cyber impact assessments and reviews of security systems in place as well as tabletop exercises are conducted in conjunction with the Rock County Emergency Management Office. 
Document security incidents, investigations, and findings for reporting efforts to management and stakeholders.
Develop and maintain network component inventory, related documentation, and technical specifications information. Develop and maintain procedures and associated documentation for network resource administration and appropriate use. 
Collaborates and carries out disaster recovery procedures. 
Work with the security team to deploy, and support required policies and services to defend against cyber threats and remove vulnerabilities. Identify mitigation strategies for remediation. Work with issue owners to define and validate remediation plans. Provide Tier 3 security remediation and mitigation.
Manage vendors, and contractors to implement and manage products and services. Make and review recommendations for additional equipment and technologies as necessary. Provides higher-level technical support, training, and guidance to administration, co-workers and end-users.
May be required to work flexible hours or be available for emergency response for network failures; will be on-call and may travel to remote sites for onsite support as needed. Performs other duties as assigned by the IT Infrastructure Supervisor.
60% - Utilize the following tools to understand the threat, identify it's capabilities, identify the risks, remediate the risk, and reduce the risk: -Azure Security Console
-Barracuda SPAM Firewall 
-Carbon Black Cloud
-Cisco ISE
-Cisco Malware Analytics (MCAP) 
-Cisco Umbrella Web Security
-DeepSeas SOC & LogAnalytics 
-Infosec IQ
-Microsoft Defender P1
-Netwrix Auditor
-Intradyn email retention and open records
-SolarWinds Monitoring
10% -Develop and maintain incident response plans, playbooks, and procedures to ensure timely and effective response to security incidents:
10% - Document security incidents, investigations, and findings for reporting efforts to management and stakeholders.: 
5% - Ensure that annual cyber impact assessments and reviews of security systems in place as well as tabletop exercises are conducted in conjunction with the Rock County Emergency Management Office: 
5% - Develop and maintain network component inventory, related documentation, and technical specifications information. Develop and maintain procedures and associated documentation for network resource administration and appropriate use.
5% - Other duties as assigned
 Technical skills: 
-Familiarity with scripting languages to allow you to automate tasks and build tools. 
-Excel in understanding and assessing threats. This involves analyzing patterns, identifying vulnerabilities, and staying informed about emerging risks.
-Being able to handle security incidents effectively is essential. This includes identifying, containing, and recovery from security breaches. 
-Extensive knowledge of security tools used in cybersecurity 
 
Workplace skills: 
-Strong analytical skills 
-Problem solving and ability to think critically to find solutions
-Work within industry best standards and practices
-Communication skills
-Adaptability - being open continuous leaning and adapting to new technologies and threats
-Ability to develop, plan, organize and coordinate multiple projects effectively
 
Additional Skills: 
-Ability to troubleshoot various technical issues involving hardware, software, physical and logical systems
-Confidentiality 
-Understanding and assessing vulnerabilities in systems and networks
 Associates degree or greater in cybersecurity or other similar information technology field. Preferred minimum two years experience. A combination of education and experience may be considered if the combination fits the above requirements. Physical Elements: 
Ability to lift and transport equipment weighing up to 25 lbs. Ability to stand, walk, and sit for periods of time. Ability to stoop, bend, and crawl under desks and other equipment. 
 
Use of Equipment:
Ability to use a computer keyboard
Ability to operate other types of office equipment such as copiers, fax machines, printers, etc. 
Work may involve weekends or after normal working hours in order to allow minimum disruptions to users and operations. Work includes on-call duties. 
Most work is indoors.

 Working Conditions: 
Must have a valid driver's license, must pass FBI CJIS security clearance, must be able to maintain confidentiality