IA-DOM-DOIT-SA2-Endpoint Detection & Response

Job Description

This position will renew annually on 7/1

Position Summary:

The State of Iowa is seeking an experienced Security Operations Center (SOC)
Analyst with strong expertise in Endpoint Detection and Response (EDR) tools
and cyber‑security incident handling. The ideal candidate will thrive in a fast‑paced
environment with aggressive timelines and will be responsible for monitoring,
analyzing, and responding to events and alerts supporting statewide IT systems.
This is a remote position.

Required Experience:

• Hands‑on experience working with Endpoint Detection and Response (EDR) tools

• Experience responding to, and analyzing, cyber‑security events and incidents

• Experience working with Crowdstrike, or comparable EDR tool

• Ability to work in high‑pressure, fast‑paced environments

Experience working with CrowdStrike or comparable EDR tool

Responsibilities:

• Provide security monitoring and response efforts for, and in coordination
with, the Security Operations Center (SOC)

• Lead outreach and coordination with statewide partners, including County,
Municipal, and educational entities

• Strong communication, reporting,
and documentation abilities

• Monitor, analyze, and respond to
cyber-security events, alerts, and incidents affecting State of Iowa IT systems

• Take appropriate actions to protect IT assets from potential incidents and
threats

• Document and report changes, trends, and implications related to evolving
cyber-security tools, systems, and solutions

• Follow SOC processes and assist ISD Security Engineers and OCIO support teams
during alerts, events, and incidents

• Submit new events and update existing events within the SOC ticketing system

• Provide phone and email support to state agencies and participating partners
during alerts, events, and incidents

• Provide off‑hours or ad‑hoc shift support as required

• Proven ability to collaborate effectively with partners
across varying technical backgrounds

• Capability to perform Tier 1 troubleshooting, including log collection,
documentation review, and appropriate escalation

• Maintain up‑to‑date knowledge on relevant cyber-security technologies and
tools

• Support Tier 1 SOC Analysts in triaging cyber-security events, alerts, and
incidents

• Follow detailed operational procedures to analyze, escalate, and support
remediation of critical security incidents

• Assist with SOC metrics, reporting, and communications

• Support incident response activities up to the preliminary forensics stage

• Monitor EDR tools and perform initial assessment and data gathering for
alerts