GENERAL STATEMENT OF DUTIES

The Cyber Incident Response Analyst is responsible for proactively monitoring, detecting, and responding to cybersecurity incidents across Guilford County’s Information Technology infrastructure and systems. This role involves swift incident identification, containment, eradication, and recovery, to minimize the impact of security breaches and ensure the confidentiality, integrity, and availability of data and systems. The position also provides technical cybersecurity support to County employees by researching and answering employee and end-user questions, troubleshooting problems, monitoring, and assessing alerts. The position is responsible for taking ownership of, managing, resolving, and closing Service Desk Requests and Trouble Tickets relating to security.

DISTINGUISHING FEATURES OF THE CLASS

The Cyber Incident Response Analyst is the primary point of contact and liaison for County employees needing assistance or experiencing trouble with VPN client connections, blocked connections, and email security. The role is also responsible for reviewing, addressing, documenting, and escalating as necessary, security alerts generated by the security solutions in use by the County. The position requires a strong understanding of cybersecurity threats and vulnerabilities, as well as the ability to investigate and mitigate security incidents. The Cyber Incident Response Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals. This position works under the general direction of the IT Security Manager.

DUTIES AND RESPONSIBILITIES

Essential duties and responsibilities include, but are not limited to:

• Serve as the point of contact for end-user security-related issues and inquiries.
• Ensure Information Security Related Service Desk Requests and Trouble Tickets received from various departments are managed through to completion or escalated when necessary.
• Respond to alerts provided by the Managed Service providers, investigate unusual and suspicious activity, make resolution recommendations, take action and/or escalate as needed, and document the incidents.
• Perform initial analysis and remediation of security events generated by the County’s Network Detection Response solution. Escalate and document events as required based on severity, scope, and impact.
• Investigate, respond, document, and take appropriate action to email security, phishing events, and related employee inquiries and issues.
• Validate, triage, act upon, and/or escalate and document alerts generated by Endpoint Protection, EDR, and XDR platforms based on severity, scope, and impact.
• Perform, document, and manage administrative tasks related to the endpoint protection platform, including but not limited to definition, client and policy updates, and periodic reviews of license requirements.
• Provide end-user VPN Client support including issue management and resolution, training, and responding to inquiries.
• Responsible for incident response activities including mitigating actions, containing malicious activities, facilitating forensic analysis, and documenting incidents.
• Perform threat-hunting activities to identify suspicious artifacts, endpoint anomalies, or possible security vulnerabilities.
• Assist in the review, and design of Incident Response Policies, Procedures, Guidelines and Standards.
• Assist with the documentation of system security configurations and standards.
• Collaborate with IT teams to implement security best practices and configurations.
• Participate in security awareness and training programs for staff.
• Stay current with emerging security threats and trends.
• Provide support for security-related projects and initiatives.
• Available to assist in addressing security-related problems and/or incidents; be part of end user on-call support for all in-place security solutions.
• Perform other related duties as assigned.

RECRUITMENT STANDARDS

Knowledge, Skills, and Abilities

• Experienced in SIEM, anti-virus/anti-malware.
• Knowledge of Network Detection and Response solutions.
• Knowledge of email gateway defense technologies.
• Knowledge of MFA, SSO, Management tools, Role Based Access Control concepts.
• Experience with NG firewall Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) is a plus.
• Knowledge of network topology and virtual/hybrid environments.
• Ability to troubleshoot technical and security-related issues.
• Ability to conduct basic analysis of attacker tools, malware, and identify indicators of compromise (IOC).
• Familiar with Cybersecurity Framework function areas (NIST, CIS) and State and Federal Regulatory compliance standards and requirements.
• Proven analytical and problem-solving abilities with attention to detail.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Great written, oral, and interpersonal communication skills.
• Team-oriented and skilled in working within a collaborative environment.
• Ability to manage multiple tasks and deadlines, work efficiently, expeditiously, and independently with limited supervision.

MINIMUM QUALIFICATIONS

Bachelor’s degree in Computer Science, Information Technology, or a closely related field; from an accredited college or university and 2 to 4 years experience in Information Services, or two years experience as a Network, Security, or Systems Administrator; OR,

Associates degree in Computer Science, Information Technology, or a closely related field and 4 to 6 years of experience in Information Services, or four years of experience as a Network, Security, or Systems Administrator; OR,

High School degree and 6 to 8 years of experience in Information Services, or six years of experience as a Network, Security, or Systems Administrator.

Preferred Qualifications

Four-year degree in Computer Science, Information Technology, or a closely related field; from an accredited college or university and 4-6 years experience in Information Security. Familiarity with NIST Cyber Security Framework and certifications including but not limited to Microsoft Certified Systems Administrator-Security, CompTIA Security+, ISC2 Certified in Cybersecurity, Net+, GIAC Certified Incident Handler, and Certified Ethical Hacker (CEH).

Physical Demands

An employee in this position must be able to physically perform the basic life operational functions of fingering, grasping, talking, hearing, and repetitive motions. The employee must be able to perform sedentary work exerting up to 10 pounds of force to move objects.

Working Conditions

Work consists of the normal office environment and work from home in a Hybrid model. No adverse environmental conditions.

May Require Driving

This position may require driving whether a county-owned or personal vehicle to conduct county business such as but not limited to attending conferences, meetings, or any other county-related functions. Motor Vehicle Reports may be verified for valid driver’s license and that the driving record is compatible with the county’s driving criteria. If a personal vehicle is operated for county business proper insurance is maintained as per Guilford County’s vehicle use policy.

Special Note: This generic class description gives an overview of the job class, its essential job functions, and recommended job requirements. However, for each position assigned to this class, there is a completed job description with a physical abilities checklist which can be reviewed before initiating a selection process. They can provide additional detailed information on which to base various personnel actions and can assist management in making legally defensible personnel decisions.