● Assist in the creation and modification of monitoring capabilities as controls evolve● Improve content used to detect anomalous behavior within our environment● Perform monitoring, research, assessment and analysis on all notable security events from a variety oftechnologies such as firewalls, IDS, cloud services, endpoint security and operating system events● Provide actionable intelligence to proactively detect threats in an enterprise environment● Participate as a member of the incident response team during major incidents and lend contributions topost-Incident review and continuous improvement● Provide recommendations and requirements for new technologies to replace or augment existing tools● Determine the best methods/practices for routine compliance and control monitoring

•Respond to Security Incidents and collaborate with Incident Response Team to document and remediate.• Responsible for performing daily operational real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security information Monitoring Tools, network and host based intrusion detection systems, firewall logs, system logs, web application firewalls, UNIX & Windows applications and databases•Safeguard the network against unauthorized activity by checking logs from security devices, responding to network tap and SIEM alerts•Correlate security incident indicators; review services and information at risk, threat actor activity and capabilities, and incident scope. Work with partner teams to contain and eradicate threat actors following the Kill Chain methodology•Hands on experience in SIEM, log harvesting, event correlation and monitoring. Review alerts and findings from content detonation, full packet capture, and log analysis systems.•Document security incident findings, prepare incident reports, and participate in post-mortem briefings with management and non-technical executive stakeholders.•Experience working with IP networking; understanding security related technologies including encryption, IPSec, VPNs, Firewalls, Intrusion detection/prevention, File Integrity Monitoring and Active Directory

• Assist in remediation duties using a combination of open source research, network and host forensic analysis, log review and correlation, and PCAP analysis to conduct investigations• Responsible for managing and documenting the full incident life cycle• Support the Security Administration Team (SAT) in performing duties that include SIEM event monitoring, threat analysis, and forensics• Analyze current and emerging cybersecurity trends to determine the effectiveness of current malware and boundary defenses, and recommends additional actions to maintain an effective security posture• Coordinates with various internal OIT departments during security incidents to ensure proper and legal remediation efforts are completed

• Identify security incidents related to identity and access management utilizing Splunk• Work with department to ensure systems are protected from unauthorized access for both employees and contractors• Provide 2nd level tech support to project team, end users, and OIT functional groups relevant to identity and access management• Assist OIT Enterprise Team with domain consolidation and rebuilding efforts in Active Directory and Azure for future implementation of Sailpoint IAM software• Assist Network and Firewall Team with troubleshooting Palo Alto VPN during the COVID pandemic• Support other district security coordinators in performing duties related to identity and access management• Document onboarding and offboarding procedures for department as well as how-to guides on specific issues related to identity and access management• Trained end users on identity and access management procedures

• Utilized network analysis tools to troubleshoot and monitor network connectivity• Performed systems analysis to determine areas that needed improvement• Researched security threats and provide possible solutions to mitigate security incidents to critical systems• Updated and patched systems over network• Utilized interpersonal skills to effectively collaborate with team members to complete multiple IT projects simultaneously• Built virtual machines to test patches and updates prior to deployment in production environment• Altered firewall configurations through Group Policy enabling and disabling ports throughout network• Drafted and updated IT security policies mitigating several security incidents• Advised staff members on the importance of security awareness in attempt to prevent and mitigate risk• Provided prompt and courteous technical support for internal and external clients relating to hardware and software problems in a Windows 7/8/10 and Mac OS X environment