The position will work as an Tier 2 SOC Analyst for the Division of Information Security. This
role will focus on supporting security monitoring, threat detection, security incident response
and security investigations. Engaging directly with state agencies to promote, support, and
improve adoption of centralized security services is a key focus. The engagement is expected
to be needed for 12 months with the possibility of extension.
Pre-employment Checks (drug, credit, criminal, motor vehicle)?
DRUG, DRIVING, CREDIT, CRIMINAL, E-VERIFY, SLED
Daily Duties / Responsibilities:
PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND
OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).
• Continuously review and correlate security event data across SIEM, EDR, IDS/IPS, and
threat intelligence sources to identify complex attack patterns, emerging threats, and
security incidents.
• Perform deep-dive analysis of suspicious activity, validate incidents, determine root
cause and impact, and escalate critical incidents with detailed context to Tier 3 as
required.
• Create detailed incident reports, timelines, and post-incident summaries; contribute
to lessons-learned documentation and recommendations for remediation and
preventative measures.
• Investigate user-reported phishing, malware infections, and potential policy
violations; advise users and internal/external teams on containment and recovery
actions.
• Recommend updates to SOC playbooks and workflows based on real-world
INVESTIGATIONS, fine-tune detection rules. Alert thresholds, and correlation logic to
reduce false positives and improve threat coverage.
• Collaborate with engineering teams to ensure monitoring tools are properly
configured and tuned. Integrate new threat intelligence feeds into workflows and
proactively hunt for threats using up-to date tactics, techniques, and procedures
(TTPs)
• Serve as a customer-facing SME, “selling” the value of DIS services by demonstrating
capabilities and resolving issues.
• Document processes, runbooks, and troubleshooting steps related to SOC operations.
• Coordinate with engineering, SOC, and agency staff as needed to meet goals.
• Other duties as needed.
Required Skills (rank in order of
Importance):
• 2+ Years of Experience with Security
Monitoring and Incident Response.
• 2+ Years of Experience with MITRE
ATT&CK framework.
• 2+ Years of Experience with
dashboard creation and reporting.
Preferred Skills (rank in order of
Importance):
• Experience with the Palo Alto Cortex
XSIAM/XDR platform.
• Knowledge of Linux, network
administration and network design.
• Experience in administration of
firewalls, VPN technology, Active
Directory, Intrusion
Detection/Prevention systems.
• Candidate is local to Columbia, SC or
surrounding city in South Carolina
Required Education/Certifications:
• Associate’s degree in an information
technology or information security
related field
• Four years of relevant work
experience may be substituted in lieu
of education
Preferred Education/Certifications:
• CISSP, CISA, CISO or equivalent
advanced security certification.
• Additional relevant certifications
(e.g., CEH, OSCP, GPEN).
• Vendor certifications related to
information security.
Interview Process (phone, video or in-
person, how many rounds of i/v’s, etc)?
Initial round of interviews on Microsoft
Teams (on camera) with in-person interviews
Preferred before final selection
Interview Availability: How soon can you
schedule an interview (date / times)?
ASAP after posting closes and resumes are
received and reviewed
