All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, disability, or status as a protected veteran. For more information regarding Evergreen's non-discrimination policies or to report discrimination, please visit the Affirmative Action and Equal Opportunity webpage at www.evergreen.edu/equalopportunity or contact the Affirmative Action and Equal Opportunity Officer at (360) 867-5371, Room 3102 Library Building, 2700 Evergreen Parkway NW, Olympia, WA 98505.

• Perform triage, analysis, and response of security alerts, logs, and error messages to determine and initiate appropriate courses of action.
• Analyze system and security logs; communicate anomalies and suspicious activity i.e., compromised accounts.
• Communicate and collaborate with the Security & Tech Support Manager, Technology Support Center staff and other work areas regarding issues and anomalies to gather additional information.
• Configure and use the security incident and event management system (SIEM) to maintain awareness of the computing environment.
• Work with external partners on daily monitoring and review of the computing environment.
• Identify, analyze, and interpret threat actors and malicious activity in college computing environments.
• Differentiate between potential intrusion attempts and pinpoint false alarms.
• Install, configure, and operate appropriate monitoring tools and recommend appropriate countermeasures.
• Support incident response team to contain, investigate, and prevent future information security breaches.
• Assists with investigations of information security violations and computer crime.
• Maintain up-to-date knowledge of the IT security industry including security solutions, processes and the emergence of new attacks and threat vectors.
• Maintain accurate knowledge of current system status including upgrade and patching state, OS end of life dates, and potential mitigations of security vulnerabilities. Work with OIT and other system managers to keep systems as current as possible.
• Participate in the IT Security Team to help build and guide the team agenda on relevant and emergent security topics.
• Create and maintain documentation of discovered flaws, issues, and their remediation status.
• Track and communicate status of security projects and tasks.
• As an IT Security subject matter expert, provide security advice for IT projects.
• Participates in short- and long-term planning regarding security audits and strategic objectives.
• Anticipate security alerts, incidents, and disasters and reduce their likelihood by leveraging intelligence threat feeds and services.
• Apply knowledge and expertise in networking, applications, operating systems, and IT architecture technologies to help secure core functions and college business solutions.
• Review network and intrusion detection and prevention systems logs.
• Assist with the detection and remediation of security flaws and weaknesses discovered in penetration testing and other security assessments.
• Perform on demand security assessment.
• Analyze security threats, vulnerability assessments, and audit results to recommend security solutions that enable business objectives.
• Assist with security audits and evaluate IT internal controls to be in alignment with the college's security program.
• Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance.
• Perform other related duties as assigned in support of the college's security efforts and computing environments.

• Skill and ability to monitor, analyze, and triage security events to discern events that qualify as legitimate security incidents as opposed to non-incidents accurately and efficiently, including security event triage, incident investigation, implementing countermeasures, and conducting incident response.
• Extensive knowledge of a Security Information and Event Monitoring (SIEM) platform, content filtering/ firewall technology, and/or log management systems that perform log collection, analysis, correlation, and alerting.
• Strong analytical and technical skills in computer network defense operations, including incident handling (detection, analysis, and triage), hunting (anomalous pattern detection and content management), and malware analysis.
• Strong logical/critical thinking abilities, especially analyzing security events, such as windows event logs, network traffic, IDS events for malicious intent, etc.
• Excellent organizational skills and ability to pay close attention to details in tracking activities.
• Knowledge in incident response, log analysis, and packet capture analysis.
• Knowledge in network fundamentals, for example, OSI Stack, TCP/IP, DNS, HTTP, SMTP.
• Understanding in the approach threat actors take to attacking a network, phishing, port scanning, web application attacks, DDoS, and lateral movement.
• Knowledge of Windows, OS X, and Linux operating systems and how to investigate them for signs of compromise.
• Foundational understanding of file analysis, including extracting indicators, providing a report, and implementing mitigations.
• Basic understanding of Cloud architecture and how an attacker can utilize these platforms.
• Basic scripting knowledge.
• Ability to select the right approach to investigating alerts and/or indicators and document findings in a manner that both peer and executive level colleagues can understand.
• Passion to learn and to contribute to the ongoing development of the team.
• Ability to work independently and collaboratively in a diverse community with other systems administrators, business analysts, project managers, software developers, network engineers, technology support staff, organizational leadership, and college stakeholders.
• Ability to work in a fast-paced, high-risk environment.
• Ability to document standards, procedures, instructions, and manuals.
• Ability to use specialized computer tools and procedures, such as file transfers, batch files, remote desktop, VPN, standardized procedures, or customized software tools as required.
• Ability and motivation to become familiar with rapidly changing or new technologies and be able to apply these technologies to existing and new business needs.

• Coursework or training in information technology, cybersecurity, computer science, or related field.
• Two years of professional experience working directly in an IT Security capacity.
• Formal security training or certifications, such as:
  • GIAC Security Operations Certified (GSOC)
  • Security
  • Certified Ethical Hacker (CEH)
  • Offensive Security Certified Professional (OSCP)
  • EC-Council Certified Security Analyst (ECSA)
  • College level IT Security or Information Assurance courses.

• Must provide proof of identity and employment eligibility within three days of beginning work.
• This position is part of a bargaining unit and covered by a collective bargaining agreement.
• Prior to a new hire, a background check including criminal record history will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position.
• Prior to an official offer of employment, a Declaration Regarding Sexual Misconduct form must be submitted to the college per RCW 28B.112.080. The college will contact current and past employers to verify this information. Applicants who provide inaccurate information in their declaration will be disqualified and, if the inaccuracies are discovered after the applicant has been hired, it shall be grounds for termination.