1. Resolve ATA tickets assigned from ISD’s 7x24x365 managed security service expeditiously (includes reviewing and working on cases on the portal and providing details for case closure). Meet or exceed SLA for all ATA tickets.
  2. Support other departments in resolving ATA ticket assigned to them for resolution.
  3. Ensure compliance on a daily basis – all servers in data center have to have NXLogs agent and logs must be delivered to ATA.
  4. Provide in-depth support for information security incidents, including internal violations, hacker attacks, viruses, unauthorized system access, and identifying and recognizing incidents of compromise (IOC’s) and how they are used at the network level.
  5. Provide recommendations to improve information security incident response processes related to host and network security in accordance with County policies and procedures.
  6. Demonstrate above average analytical skills and work professionally with peers and customers, especially under pressure.
  7. Analyze and interpret system, security, and application logs in order to diagnose faults and spot abnormal behavior.
  8. Identify issues/problems and coordinate with customers regarding recommendations and resolution to security incidents.
  9. Analyze threat intelligence feeds received, and correlate ATA cases and investigations with affected customer departments.
  10. Work with customer departments to facilitate the telemetry ingestion into the ATA managed security service.
  11. Participate in regularly scheduled project review meetings and conference calls.
  12. Work with the MSSP vendor to review documents and information collected, and assist in the process of documenting the identification, classification, and prioritization of critical systems and data.
  13. Setup and execute on-demand reports requested by customer and management.
  14. Provide knowledge transfer and/or training to Security Operations Section staff and ATA portal customers/users.
  15. Provide after-hours and weekend support on an as-needed basis.


The Consultant must meet all the following minimum qualifications:

  1. One (1) year of experience in the last three (3) years managing and/or supporting a production security incident response environment, including working with end-users to investigate, analyze, troubleshoot, and resolve security incident issues.
  2. Two (2) years of experience in the last four (4) years as a security incident handler with experience detecting, responding, resolving, and managing computer and network security incidents, including, detecting malicious applications and network activity, detecting and analyzing system and network vulnerabilities, determining root causes, performing computer and network forensic investigations and leading a computer security incident response team.
  3. Two (2) years of experience in the last four (4) years as a systems administrator or network engineer supporting a networked environment with at least 500 servers, 5,000 or more users and multiple firewalls, switches, and routers. The network environment must consist of multiple VLANs in a single location AND multiple physical locations connected through routers or similar layer-3 routing devices.
  4. Two (2) years of experience in the last four (4) years creating and managing projects with project management tracking tools such as Microsoft Project.
  5. Three (3) years of experience in the last five (5) years developing clear and precise process, workflow, and/or network diagrams using Microsoft Visio or similar tools, and technology-related documents such as operating procedures/guidelines, incident reports, technology standards, and knowledge base articles.
  6. Two (2) years of experience in the last four (4) years in a security monitoring role

To apply for this job email your details to