Ia-Dom-Doit-Sa2-Endpoint Detection & Response

The State of Iowa is seeking an experienced Security Operations Center (SOC) Analyst with strong expertise in Endpoint Detection and Response (EDR) tools and cyber security incident handling.This position will renew annually on 7/1

Position Summary: The State of Iowa is seeking an experienced Security Operations Center (SOC) Analyst with strong expertise in Endpoint Detection and Response (EDR) tools and cyber security incident handling. The ideal candidate will thrive in a fast paced environment with aggressive timelines and will be responsible for monitoring, analyzing, and responding to events and alerts supporting statewide IT systems. This is a remote position.

Required Experience:• Hands on experience working with Endpoint Detection and Response (EDR) tools• Experience responding to, and analyzing, cyber security events and incidents• Experience working with Crowdstrike, or comparable EDR tool• Ability to work in high pressure, fast paced environments

Experience working with CrowdStrike or comparable EDR tool

Responsibilities: Provide security monitoring and response efforts for, and in coordination with, the Security Operations Center (SOC) Lead outreach and coordination with statewide partners, including County, Municipal, and educational entities

Strong communication, reporting, and documentation abilities

• Monitor, analyze, and respond to cyber-security events, alerts, and incidents affecting State of Iowa IT systems• Take appropriate actions to protect IT assets from potential incidents and threats• Document and report changes, trends, and implications related to evolving cyber-security tools, systems, and solutions• Follow SOC processes and assist ISD Security Engineers and OCIO support teams during alerts, events, and incidents• Submit new events and update existing events within the SOC ticketing system• Provide phone and email support to state agencies and participating partners during alerts, events, and incidents• Provide off hours or ad hoc shift support as required

• Proven ability to collaborate effectively with partners across varying technical backgrounds• Capability to perform Tier 1 troubleshooting, including log collection, documentation review, and appropriate escalation• Maintain up to date knowledge on relevant cyber-security technologies and tools• Support Tier 1 SOC Analysts in triaging cyber-security events, alerts, and incidents• Follow detailed operational procedures to analyze, escalate, and support remediation of critical security incidents• Assist with SOC metrics, reporting, and communications• Support incident response activities up to the preliminary forensics stage• Monitor EDR tools and perform initial assessment and data gathering for alerts

Required/Desired Skills

Skill	Required /Desired	Amount	of Experience
Hands on experience working with Endpoint Detection and Response (EDR) tools	Required	3	Years
Experience responding to cyber security events and incidents	Required	3	Years
Experience working with Crowdstrike, or comparable EDR tool	Required	3	Years
Ability to work in high pressure, fast paced environments	Required	3	Years

Questions

No.	Question
Question1	Absences greater than two weeks MUST be approved by CAI Management in advance, and contact information must be provided to CAI so that a resource can be reached during his or her absence. The Client has the right to dismiss the resource if she or he does not return to work by the agreed upon date. Do you agree to this requirement?
Question2	The Contractor must report any disciplinary action, misdemeanor, or felony convictions to the State for any temporary IT staff provided. Do you agree to this requirement?
Question3	What is your candidate's email address?
Question4	Have you completed and submitted the Right to Represent form, making sure to do so exactly as instructed? The form is located at https://www.cai.io/media/documents/msp/ia/ia_e-rtr_template.doc.
Question5	The hourly Vendor Rate for this position is -.. Do you agree to this requirement?
Question6	PROVIDE CANDIDIDATES CURRENT LOCATION (CITY/STATE) HERE:
Question7	SHOW YOUR WORK - In the summary of qualifications field under the details tab of the candidate's profile, you should explain why your candidate is the best fit for this position. Please confirm that you have thoroughly validated and attested to the accuracy of the credentials listed throughout this candidate's VectorVMS profile and resume according to Section 5.2.5 of ITS-009440. Do you confirm? Candidates will get rejected if an agency cuts and pastes the candidates' resumes into this field [REQUIRED]
Question8	Use of AI is Strictly Prohibited: Please be advised that the use of AI-generated responses during screenings and interviews is strictly prohibited. Confirm that your candidate has been informed of this policy and agrees to adhere to it. Non-compliance will result in disqualification from the interview process.
Question9	Background Check Requirements: DOM contractor personnel are required to undergo additional background check investigations (run by DOM) before starting, requiring the completion of several waiver forms & fingerprint processes. The selected candidate will be responsible for completing all the necessary waiver forms, scheduling and completing the fingerprinting process, and returning all completed items to DOM for processing. This is in addition to the National Criminal and Sex Offender check that the vendor
Question10	Provide candidates with the complete physical address where the DOM DoIT Background Check form and fingerprint cards must be mailed. [REQUIRED] - Failure to provide accurate information will result in disqualification.
Question11	INTERVIEW DATES: Interviews will be conducted on [May 12, 13, 14] Only submit candidates available for interviews on the date(s) provided.