INCIDENT RESPONSE ANALYST II / INFORMATION TECHNOLOGIST II

*Job no:* 978845• Work type:* Support Staff• Pay Grade:* 13• Major Administrative Unit / College:* Information Technology Services• Department:* It Services Security 40000819• Sub Area:* AP- Professionals• Salary:* Salary Commensurate with Experience• Location:* East Lansing• Categories:* Information Technology, Administrative Professionals- AP, Full Time (90-100%), Union, Remote-FriendlyWorking/Functional TitleIncident Response Analyst IIPosition SummaryThe MSU Information Security team aims to achieve university success through precision Information Security focused on risk management, engagement, and education.As a valued member of this team, the Incident Response Analyst II will lead in incident handling, vulnerability management, and threat analysis and research. This role frequently interfaces with customers and stakeholders across the university. Professional development will move toward a specialization within incident response such as development/tooling, network forensics, or malware analysis. Participation in the on-call rotation is required.The Incident Response Analyst II will perform on this team include but are not limited to:Incident Response & Investigation: Handles intake of reported incidents and serves as the primary responder for severity 1 and 2 security events. Provides analysis and specialized support during team-based investigation and response efforts. Serves as the backup tactical lead for senior analysis. Documents cases per team standard.Threat Intelligence & Analysis: Ongoing research and analysis of current and new threats against the technology of the University and internal actors. Collaborates with team to determine potential impacts, IOCs, detection methods response options. Works with security operations staff to implement detection and prevention measures.Provide eDiscovery: Provides digital forensics support services and fulfills data collection and preservation orders such as search warrants, subpoenas, litigation holds, and FOIA requests. Acts as an independent resource and liaison to investigate, analyze, and respond to cyber incidents within the network environment or enclave.Advocate: Works with Security Operations and Governance Risk and Compliance staff to implement detection and prevention measures. Coordinates with other departments and entities as needed in service of keeping awareness up and communication open.Legal Retention Support: Executes legal hold enforcement and maintenance per the direction of the University Council.Michigan State University (MSU) is a top 100 global university located in East Lansing, three miles east of the state’s capital. The MSU community includes more than 12,000 faculty, academic and support staff, as well as 51,000 students. MSU offers an extensive benefits package to its employees including health care, prescription, and dental coverage, and a base retirement program with a University matching contribution, as well as basic life insurance. In addition, MSU offers educational benefits including a course fee courtesy program and educational assistance.MSU Information Technology provides the primary leadership for strategic, financial, and policy initiatives affecting information technology (IT) across MSU. MSU IT offers technology resources that support MSU’s mission of providing education, conducting research, and advancing engagement.Diversity, Equity and Inclusion (DEI) are essential elements, vital to the culture MSU Information Technology endeavors to cultivate. This includes providing opportunities and access for all people which incorporate differences of race, age, color, ethnicity, gender, sexual orientation, gender identity, gender expression, religion, national origin, migratory status, disability/abilities, political affiliation, veteran status and socioeconomic background.Minimum RequirementsKnowledge equivalent to that which normally would be acquired by completing a four-year college degree program; three to five years of related and progressively more responsible or expansive work experience in information technology, risk, and/or compliance; or security administration and operations, or incident response, or an equivalent combination of education and experience.Desired QualificationsKnowledge equivalent to that which normally would be acquired by completing a four-year college degree program; three to five years of related and progressively more responsible or expansive work experience in information technology, risk, and/or compliance; or security administration and operations, or incident response, or an equivalent combination of education and experience.• Incident Response experience in enterprise, university or military environments.• Information Security in enterprise, university or military environments.• Incident Response experience in enterprise, university or military environments.• The following desired qualifications are based upon the NIST NICE framework for cybersecurity*• Incident Response experienceAND• Experience working with security technologies such as: Intrusion Detection & Prevention Systems, Firewalls, Log Analysis/SIEM, Antivirus or Endpoint Protection etcOR• Experience in digital forensics and eDiscovery• Relevant certifications desired but not required; eg GYPC, GCFE, GCFA, CISSP• Strong experience in one or more scripting languages desirec but not required; eg Bash, Python, PowershellEqual Employment Opportunity StatementAll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, disability or protected veteran status.Required Application MaterialsResume and cover letter.Special InstructionsPlease provide three professional references who are knowledgeable of your work.Work HoursSTANDARD 8-5Websitehttps://tech.msu.eduRemote Work StatementMSU strives to provide a flexible work environment and this position has been designated as remote-friendly. Remote-friendly means some or all of the duties can be performed remotely as mutually agreed upon.Bidding eligibility ends August 27, 2024 at 11:55 P.M.*Advertised:* Aug 21, 2024 Eastern Daylight Time• Applications close:* Sep 3, 2024 Eastern Daylight Time