This role is 100% ONSITE - 0% remote

**Only those selected for an interview will need to sign and return the NDA **

SCOPE OF THE PROJECT: Enhance the security posture of the South Carolina Department of Motor Vehicles (SCDMV) to protect sensitive citizen data and ensure the integrity of motor vehicle licensing and titling systems.

DAILY DUTIES / RESPONSIBILITIES: THE DMV SECURITY TEAM IS LOOKING FOR CANDIDATES TO FILL TWO ENTRY LEVEL SECURITY POSITIONS. THE DMV WILL TRAIN THE SELECTED CANDIDATES TO PERFORM THE TASKS LISTED BELOW. AT A MINIMUM WE ARE LOOKING FOR BASIC SERVER OR NETWORK ADMINISTRATION SKILLS THAT WE CAN BUILD UPON.

1. Threat Intelligence Research • Monitor and analyze threat intelligence feeds to identify emerging threats relevant to the organization. • Document findings, such as new attack methods or vulnerabilities, and share with the team. • Use open-source intelligence (OSINT) tools to gather data on potential risks and adversaries.
2. Threat Hunting and Detection Rule Creation • Conduct proactive searches for suspicious behavior in network and endpoint activity using provided tools and playbooks. • Collaborate with senior analysts to refine and test detection rules (e.g., SIEM queries or Defender for Endpoint rules). • Document hunting methodologies and findings to support continuous improvement.
3. Log Analysis • Review and interpret logs from firewalls, endpoints, and servers to identify indicators of compromise (IOCs). • Escalate findings, such as anomalous IP addresses or unauthorized access attempts, to senior analysts. • Maintain a log of recurring patterns or anomalies for long-term tracking and analysis.
4. Incident Response • Assist in initial triage of security incidents by following response frameworks (e.g., NIST, MITRE ATT&CK). • Gather and analyze relevant evidence, such as logs or alert data, to determine the scope and severity of incidents. • Document findings during incidents and contribute to containment and remediation efforts.
5. Documentation and Reporting • Create clear, detailed reports, including incident reports, after-action reviews, and process documentation. • Draft training materials or guides to help improve organizational awareness and readiness. • Regularly update and organize documentation to ensure accuracy and accessibility for team use.

REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE): • PROBLEM-SOLVING: ANALYZE DATA, IDENTIFY ANOMALIES, AND RECOMMEND SOLUTIONS. • ATTENTION TO DETAIL: ENSURE ACCURATE ANALYSIS AND CONFIGURATION FOR EFFECTIVE SECURITY MEASURES.

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE): • VULNERABILITY MANAGEMENT: ANALYZE REPORTS, PRIORITIZE PATCHING, UNDERSTAND NIST BEST PRACTICES. • THREAT HUNTING & INTELLIGENCE: UTILIZE THREAT FEEDS, INVESTIGATE SUSPICIOUS ACTIVITY, STAY CURRENT ON CYBER THREATS. • SECURITY AWARENESS TRAINING: DEVELOP & DELIVER TRAINING, ASSESS EMPLOYEE AWARENESS THROUGH SIMULATIONS. • SECURITY AUTOMATION: LEVERAGE SCCM, GPO, POWERSHELL FOR PATCH DEPLOYMENT. • ENDPOINT SECURITY (DEFENDER FOR ENDPOINT): CONFIGURE POLICIES, ANALYZE ALERTS, MANAGE ENDPOINT PROTECTION. • INCIDENT RESPONSE: IDENTIFY AND ESCALATE POTENTIAL SECURITY THREATS. • COMMUNICATION: DELIVER REPORTS ON SECURITY POSTURE AND PROPOSE MITIGATION STRATEGIES. • SCRIPTING: AUTOMATE TASKS BEYOND SCCM, GPO, AND POWERSHELL FOR INCREASED EFFICIENCY. • DIGITAL FORENSICS: INVESTIGATE SECURITY INCIDENTS AND COLLECT EVIDENCE FOR DEEPER ANALYSIS. • NETWORK SECURITY: UNDERSTAND NETWORK PROTOCOLS AND FIREWALLS TO STRENGTHEN OVERALL SECURITY POSTURE. • CLOUD SECURITY: AS CLOUD ADOPTION GROWS, UNDERSTANDING CLOUD-SPECIFIC SECURITY SOLUTIONS BECOMES VALUABLE.

REQUIRED EDUCATION AND EXPERIENCE: A high school diploma is required, a bachelor's degree in information technology systems, computer science, cybersecurity, or a related field is preferred. At least 1 year server or network administration experience is required. 1+ years of experience in a security focused role is preferred. Relevant experience may be substituted for the degree on a year-for-year basis.

CERTIFICATIONS: Not required, however we prioritize applicants who have: • GIAC Security Essentials (GSEC) • Security+ (CompTIA) • Network+ (CompTIA) • GIAC Incident Handler (GCIH)