Apply on Employer Site

State of Oregon · 1 month ago

Security Analyst II – Threat Hunter (Information Systems Specialist 7)

Salem | DAS | State Data Center

Full-time

Hybrid

Mid, Senior Level

$6,679/mo - $10,092/mo

4+ years exp

The State of Oregon is seeking a Security Analyst II – Threat Hunter to join the Department of Administrative Services. In this role, you will monitor security threats using Microsoft Sentinel and Defender XDR, perform initial triage of alerts, and support incident response to protect state agencies from cyber threats.

GovernmentRecyclingSustainabilityWaste Management

No H1B

U.S. Citizen Only

Responsibilities

Continuously monitor Microsoft Sentinel and Defender XDR for security threats

Perform initial triage to validate and assess alerts

Provide timely, actionable notification and escalation to support effective incident response and protect state agencies from cyber threats

Qualification

Microsoft Defender for EndpointOffice 365KQL (Kusto Query Language)Incident investigationCloud AppsAttack surface reduction (ASR)EDR forensicsLog analysisHypothesis-driven huntingCybersecurity certifications

Required

Six (6) years of information systems experience in: Microsoft Defender for Endpoint, Identity, Office 365, and Cloud Apps, Attack surface reduction (ASR), device timeline, evidence & response actions, Live response sessions and EDR forensics ; OR

An Associate's degree in Computer Science, Information Technology, or related field, OR completion of a two (2) year accredited vocational training program in information technology or related field; AND four (4) years of information systems experience in: Microsoft Defender for Endpoint, Identity, Office 365, and Cloud Apps, Attack surface reduction (ASR), device timeline, evidence & response actions, Live response sessions and EDR forensics; OR

A Bachelor's degree in Information Technology, Computer Science, or related field AND two (2) years of information systems experience in: Microsoft Defender for Endpoint, Identity, Office 365, and Cloud Apps, Attack surface reduction (ASR), device timeline, evidence & response actions, Live response sessions and EDR forensics; OR

Master's degree in Information Technology, Computer Science, or related field may substitute for all of the above

Ability to perform deep incident investigation using Sentinel's Investigation Graph and entity behavior analysis

Ability to pivot across tools (e.g., Defender → Sentinel → Purview → Entra logs → Tenable One)

Advanced KQL (Kusto Query Language) capability including ability to build complex queries, joins, unions, time-series queries, anomaly detection patterns, custom hunting queries, and scheduled analytics rules

Capable of developing hypothesis-driven hunting campaigns (threat intel, MITRE ATT&CK-based, behavior-based)

Strong proficiency in analyzing logs from: Entra ID sign-in logs, Office 365 audit logs, Windows event logs (including Sysmon), Network/Firewall logs

Capable of drafting response actions, such as isolating devices, blocking IPs, disabling accounts, or updating detection rules

Preferred

CISSP: (Certified Information Systems Security Professional)

SC-200: Microsoft Security Operations Analyst

SC-100: Cybersecurity Architect

AZ-500: Azure Security Engineer

CompTIA CySA+ or Security+

GIAC (GCIA, GCIH, GMON) for advanced threat hunting

Benefits

Comprehensive Health Coverage: Low-cost medical, vision, and dental plans for you and your family. Additional benefits include life insurance, short- and long-term disability, deferred compensation savings plans, and flexible spending accounts for health and childcare.  Optional benefits including life insurance, disability, FSA, and more

Generous Paid Time Off: 11 holidays, 3 personal business days, monthly sick leave and vacation leave that increases with years of service.

Career Development: Opportunities for professional growth and advancement.

[Get There](https://getthereoregon.org/) - Oregon’s easy-to-use carpool matching tool and trip planner.

[Public Service Loan Forgiveness](https://studentaid.gov/manage-loans/forgiveness-cancellation/public-service): You may qualify for the PSLF program.

Hybrid Work Opportunity: This position supports a hybrid work schedule. You can expect to work in the office 1 day per week, with work arrangements periodically reviewed to ensure business needs are met.