Security Operations Engineer

Department

Department of Administration

Division

Information Technology/Computers

Salary

$110,849.00 - $127,368.00

Job Profile

JC-02797007-99 - Security Operations Engineer (DOA) (Non-Union Executive Branch Agency Employeess)

Scheduled Work Days & Work Hours

Monday- Friday, 8:30am- 4:00pm

35 Hours- Non-Standard

Due to nature of position and role, response actions may be required outside of normal business hours.

Job Requisition Number

JR103124 Security Operations Engineer (DOA) (Open)

Pay Grade

C00140 A

Classification

Security Operations Engineer (DOA)

Class Definition

GENERAL STATEMENT OF DUTIES: Within the Division of the Enterprise Technology Strategy & Services (ETSS); to perform, organize, direct, and coordinate the planning, administration, and maintenance of the State's enterprise security technology stack supporting the Security Operations Center (SOC); to manage, optimize, and integrate detection and response tools including endpoint protection, SIEM, vulnerability management, and email security platforms; to enhance statewide cyber defense capabilities through automation, continuous monitoring, and actionable visibility; and to perform related duties as required.

SUPERVISION RECEIVED: Works under the direct supervision of the Deputy Chief Information Security Officer (Deputy CISO) within the Enterprise Technology Strategy & Services (ETSS) cybersecurity vertical, with wide latitude for the exercise of independent judgment in the application of cybersecurity engineering, threat detection, and security operations principles. Work is reviewed upon completion for conformance with departmental policies, standards/frameworks like NIST, and state and federal security requirements.

SUPERVISION EXERCISED: May plan, coordinate, and direct the work of professional and technical team members engaged in SOC technology administration, threat detection, log analysis, vulnerability management, and response operations. Provides guidance to enterprise and agency support colleagues on event monitoring, alert triage, and security platform utilization.

ILLUSTRATIVE EXAMPLES OF WORK PERFORMED:

• Within the Division of the Enterprise Technology Strategy & Services (ETSS); to perform, organize, direct, and coordinate the planning, administration, and maintenance of the State's enterprise security technology stack supporting the Security Operations Center (SOC); to manage, optimize, and integrate detection and response tools including endpoint protection, SIEM, vulnerability management, and email security platforms; to enhance statewide cyber defense capabilities through automation, continuous monitoring, and actionable visibility.
• To serve as the technical lead and subject matter expert (SME) for the enterprise security technology stack supporting the SOC, including SIEM, EDR, IDS/IPS, Proofpoint email security, and Qualys VMDR.
• To administer and optimize detection, response, and vulnerability tools to ensure reliable data ingestion, alert fidelity, and integration with incident response workflows.
• To configure and tune Microsoft Sentinel, CrowdStrike Falcon, Qualys VMDR, and Proofpoint TAP/SEG platforms to reduce false positives and improve detection accuracy.
• To manage Qualys VMDR scanning schedules, sensor health, and asset inventory synchronization to ensure vulnerability visibility across state systems.
• To maintain dashboards, correlation rules, and alerting logic that enhance situational awareness for the SOC.
• To coordinate with security analysts and engineers to maintain automated playbooks and detection content aligned with MITRE ATT&CK techniques.
• To ensure that log and vulnerability data from network, endpoint, and cloud systems are collected, retained, and correlated in accordance with NIST 800-53 AU (Audit), RA (Risk Assessment), and SI (System Integrity) controls.
• To maintain and update authorized software lists, asset groupings, and detection search libraries; escalate major tool configuration or development requests to senior engineers.
• To support security incident response activities, including triage, containment, and post-incident validation.
• To collaborate with patch management and IT operations teams to communicate vulnerability findings and track remediation through dashboards and metrics.
• To assist in vulnerability validation, risk scoring, and verification of detection coverage following threat advisories or audits.
• To develop and maintain documentation, runbooks, and configuration baselines for all assigned systems.
• To support SOC operations during audits, compliance assessments, and statewide cyber exercises.
• To complete other related work tasks as required to align with evolving technologies, threats, and organizational priorities.
• To do related work as required.

REQUIRED QUALIFICATIONS FOR APPOINTMENT:

KNOWLEDGE, SKILLS AND CAPACITIES: A thorough knowledge of the principles and practices of security operations engineering, including monitoring, threat detection, and response automation; knowledge of security technologies such as SIEM (Microsoft Sentinel, Splunk), EDR/MDR (CrowdStrike Falcon, Defender for Endpoint), Qualys VMDR, and Proofpoint Email Protection and TAP; knowledge of vulnerability management lifecycle, including scanning, validation, and reporting workflows using tools like Qualys VMDR; knowledge of

threat detection and response methodologies aligned to MITRE ATT&CK, NIST CSF 2.0, and NIST SP 800-53 Moderate frameworks; knowledge of network protocols, system hardening, and secure configurations for Windows, Linux, and cloud platforms; knowledge of cyber threat intelligence indicators, phishing defense techniques, and email security analysis; knowledge of the fundamentals of risk analysis, digital forensics, and vulnerability prioritization; knowledge of change management, configuration control, and log retention policies for security platforms; knowledge of federal and state cybersecurity compliance requirements applicable to government systems (e.g., IRS 1075, CJIS, HIPAA); skill in administering and maintaining SOC detection, response, and vulnerability management tools across a hybrid enterprise environment; skill in using PowerShell, Python, or KQL to automate alert enrichment, dashboard generation, or data validation; skill in configuring and tuning Proofpoint email security to detect and mitigate phishing, spoofing, and malware campaigns; skill in managing Qualys VMDR scans, tagging, and reporting to support agency patching and remediation workflows; skill in correlating and interpreting event and vulnerability data across SIEM, EDR, and VMDR platforms to identify high-priority risks; skill in developing and maintaining system documentation, incident workflows, and configuration baselines; skill in communicating technical information effectively to non-technical staff, agency partners, and executive leadership; ability to analyze, triage, and respond to security incidents using SOC tools and standard operating procedures; ability to coordinate with SOC analysts, IT administrators, and agency staff to prioritize remediation and improve detection coverage; ability to apply sound technical judgment in managing and tuning multiple security technologies simultaneously; ability to work independently on complex issues while maintaining alignment with enterprise cybersecurity objectives; ability to handle sensitive data discreetly and uphold integrity during investigations or vulnerability disclosures; ability to stay current on emerging threats, detection techniques, and security tools that enhance statewide defensive capabilities; and related capacities and abilities.

EDUCATION AND EXPERIENCE:

Education: Graduation from a college or university with a bachelor's degree in computer science, information technology, cybersecurity, or a closely related field and maintain continuing education in threat detection, vulnerability management, and SOC operations; and

Experience: Considerable employment in security operations, cybersecurity engineering, or systems administration, with demonstrated experience managing SOC tools, detection and response technologies, vulnerability management platforms (Qualys VMDR), and email security solutions such as Proofpoint as well as

participate in cyber defense exercises, vendor technical training, and statewide security initiatives to ensure operational readiness and continuous improvement.

Or, any combination of education and experience that shall be substantially equivalent to the above education and experience.

SPECIAL REQUIREMENTS: Possession of one or more of the following certifications, or the ability to obtain within a reasonable period after appointment, and may be considered evidence of advanced technical competency:

1. Microsoft Certified: Security Operations Analyst Associate (SC-200)

2. GIAC Certified Incident Handler (GCIH) or GIAC Certified Intrusion Analyst (GCIA)

3. Qualys Certified Vulnerability Management Specialist (VMDR)

4. Proofpoint Certified Email Protection Administrator

5. CompTIA CySA+ (Cybersecurity Analyst) or CompTIA Security+

6. GIAC Security Essentials (GSEC) or GIAC Enterprise Defender (GCED)

7. Or equivalent IT security certification(s)

Supplemental Information

https://www.everify.gov/sites/default/files/everify/posters/IER_RighttoWorkPoster.pdf

https://everify.uscis.gov/web/media/resourcesContents/EVerify_Participation_Poster_ES.pdf

The individual hired to fill this position will have access to Federal tax Information (FTI), as defined in IRS Publication 1075, and, as such, must undergo a national fingerprint background screening in accordance with the set forth in regulation 220-RICR-40-00-2 (IRS Publication 1075 - Background Check Process and Criteria), available at https://rules.sos.ri.gov/regulations/part/220-40-00-2. Additionally, the individual is being hired to an E-Verify site which contains FTI and must have their employment eligibility validated through E criteria- Verify.

Benefits

For information regarding the benefits available to State of Rhode Island employees, please visit the Office of Employee Benefits' website at http://www.employeebenefits.ri.gov/.

Also, be advised that a new provision in RI General Law 35-6-1 was enacted requiring direct deposit for all employees. Specific to new hires, the law requires that all employees hired after September 30, 2014 participate in direct deposit. Accordingly, any employee hired after this date will be required to participate in the direct deposit system. At the time the employee is hired, the employee shall identify a financial institution that will serve as a personal depository agency for the employee.