Security Operations Center

Department

Department of Administration

Division

Information Technology/Computers

Salary

$103,293.00 - $117,155.00

Job Profile

JC-02797006-99 - Security Operations Center (SOC) Analyst (DOA) (Non-Union Executive Branch Agency Employees)

Scheduled Work Days & Work Hours

Monday- Friday, 8:30am- 4:00pm

35 Hours- Non-Standard

Job Requisition Number

JR103126 Security Operations Center (SOC) Analyst (DOA) (Open)

Pay Grade

C00138 A

Classification

Security Operations Center (SOC) Analyst (DOA)

Class Definition

GENERAL STATEMENT OF DUTIES: Within the Department of Administration (DOA), Division of Enterprise Technology Strategy and Services (ETSS); to monitor, investigate, and respond to cybersecurity events within the State's Security Operations Center (SOC); to utilize and maintain enterprise security technologies that support detection, response, vulnerability management, and email protection across the executive branch; to assist in maintaining situational awareness through dashboards, reporting, and coordination with incident responders; and to perform related work as required.

SUPERVISION RECEIVED: Works under the general supervision of the Deputy Chief Information Security Officer (Deputy CISO) or designee within the Enterprise Technology Strategy & Services (ETSS) Cybersecurity Division. Work is reviewed for accuracy, adherence to policy, and alignment with departmental security standards and NIST CSF 2.0 / NIST 800-53 Moderate controls and guidance.

SUPERVISION EXERCISED: Usually none. May provide guidance or assist in mentoring junior staff, interns, or agency IT personnel during security incidents, tool operations, or awareness activities.

ILLUSTRATIVE EXAMPLES OF WORK PERFORMED:

• Within the Department of Administration (DOA), Division of Enterprise Technology Strategy and Services (ETSS); to monitor, investigate, and respond to cybersecurity events within the State's Security Operations Center (SOC); to utilize and maintain enterprise security technologies that support detection, response, vulnerability management, and email protection across the executive branch; to assist in maintaining situational awareness through dashboards, reporting, and coordination with incident responders.
• To monitor and triage alerts generated by the State's SIEM, EDR, email security, and vulnerability management platforms, escalating incidents as appropriate.
• To investigate and document security events using tools such as Microsoft Sentinel, CrowdStrike Falcon, Proofpoint TAP/SEG, and Qualys VMDR.
• To assist with detection tuning, alert correlation, and rule management to reduce false positives and improve accuracy.
• To perform basic threat analysis and incident response, including log review, containment coordination, and follow-up validation.
• To conduct daily health checks and basic configuration reviews for SOC tools to ensure data is flowing correctly and sensors remain operational.
• To support vulnerability management operations by validating scan results, tracking remediation, and generating reports from Qualys VMDR.
• To review and respond to phishing alerts, quarantined messages, and end-user reports using Proofpoint systems.
• To assist in maintaining dashboards, metrics, and documentation for ongoing monitoring, compliance, and executive reporting.
• To coordinate with agency IT teams and senior security engineers to ensure consistent detection coverage, patching visibility, and incident escalation.
• To support cyber exercises, tabletop drills, and compliance reviews to validate SOC readiness and improve processes.
• To maintain clear, accurate records of investigations, alerts, and response actions in accordance with State cybersecurity policies.
• To perform related duties as required to sustain continuous monitoring and incident response capabilities across the enterprise.
• To do related work as required.

REQUIRED QUALIFICATIONS FOR APPOINTMENT:

KNOWLEDGE, SKILLS AND CAPACITIES: A thorough knowledge of cybersecurity principles, incident response, and threat detection fundamentals; knowledge of security tools and platforms such as SIEM (Microsoft Sentinel or Splunk), EDR/MDR (CrowdStrike Falcon, Defender for Endpoint), Proofpoint Email Protection/TAP, and Qualys VMDR; knowledge of common types of cyber threats, attack vectors, and indicators of compromise (IOCs); knowledge of basic networking, Windows/Linux operating systems, and log analysis concepts; knowledge of vulnerability management processes, including scanning, prioritization, and remediation coordination; knowledge of email security concepts such as phishing, spoofing, and attachment-based threats; knowledge of compliance frameworks such as NIST CSF 2.0, NIST 800-53, and Zero Trust Architecture principles; skills in monitoring and analyzing alerts from multiple security tools to identify potential threats; skill in using KQL, PowerShell, or similar tools to query and extract relevant log or event data; skill in correlating information from multiple systems to determine risk and incident severity; skill in reviewing Proofpoint alerts and Qualys VMDR scan data to identify actionable issues; skill in writing concise and accurate incident summaries and daily activity reports; skill in communicating effectively with technical staff, agency partners, and non-technical audiences during incidents; ability to perform the following capabilities; ability to follow established playbooks and standard operating procedures during security incidents; ability identify false positives and escalate confirmed incidents to engineering or incident response teams; ability to work collaboratively with analysts, engineers, and agency IT teams to remediate vulnerabilities and strengthen defenses; ability to maintain attention to detail and confidentiality in handling sensitive information; ability to adapt to changing threats, technologies, and operational priorities in a fast-paced SOC environment; ability to remain calm, methodical, and results-oriented during real-time security events; and related capacities and abilities.

EDUCATION AND EXPERIENCE:

Education: Graduation from a college or university with a bachelor's degree in cybersecurity, computer science, information technology, or a closely related field and maintain continuing education in threat detection, SOC operations, and vulnerability management. Participation in cyber defense exercises, vendor training, and statewide cybersecurity initiatives is encouraged to support ongoing professional growth and operational readiness.

Experience: Employment in a cybersecurity operation, network security, or IT systems administration environment, with experience using SIEM, endpoint protection, email security, or vulnerability management tools.

Or, any combination of education and experience that shall be substantially equivalent to the above education and experience.

SPECIAL REQUIREMENTS: Possession of one or more of the following certifications, or the ability to obtain within a reasonable period after appointment, and may be considered evidence of advanced technical competency:

1.Microsoft Certified: Security Operations Analyst Associate (SC-200)

2.GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA)

3.Qualys Certified Vulnerability Management Specialist (VMDR)

4.Proofpoint Certified Email Protection Administrator

5.CompTIA CySA+ (Cybersecurity Analyst) or CompTIA Security+

6.GIAC Security Essentials (GSEC) or GIAC Enterprise Defender (GCED)

7.Or equivalent IT security certification(s)

Supplemental Information

https://www.everify.gov/sites/default/files/everify/posters/IER_RighttoWorkPoster.pdf

https://everify.uscis.gov/web/media/resourcesContents/EVerify_Participation_Poster_ES.pdf

The individual hired to fill this position will have access to Federal tax Information (FTI), as defined in IRS Publication 1075, and, as such, must undergo a national fingerprint background screening in accordance with the set forth in regulation 220-RICR-40-00-2 (IRS Publication 1075 - Background Check Process and Criteria), available at https://rules.sos.ri.gov/regulations/part/220-40-00-2. Additionally, the individual is being hired to an E-Verify site which contains FTI and must have their employment eligibility validated through E criteria- Verify.

Benefits

For information regarding the benefits available to State of Rhode Island employees, please visit the Office of Employee Benefits' website at http://www.employeebenefits.ri.gov/.

Also, be advised that a new provision in RI General Law 35-6-1 was enacted requiring direct deposit for all employees. Specific to new hires, the law requires that all employees hired after September 30, 2014 participate in direct deposit. Accordingly, any employee hired after this date will be required to participate in the direct deposit system. At the time the employee is hired, the employee shall identify a financial institution that will serve as a personal depository agency for the employee.