Job description

This role focuses on strengthening the City's cybersecurity posture through Microsoft XDR, Sentinel, and Tenable solutions, while leading incident response efforts and security awareness initiatives. The analyst will play a key role in threat detection, response, and remediation, and will also support vulnerability assessments and penetration testing. While primarily security-focused, the position will occasionally provide IT support and system administration as needed (10-15%). Key Responsibilities Operate and optimize Microsoft XDR (Defender for Endpoint, Identity, Cloud, etc.) and Microsoft Sentinel. Tune and maintain security tools to reduce false positives and enhance SOC capabilities. Maintain and enhance vulnerability management programs; analyze scan data (e.g., Tenable Nessus). Tune and maintain security tools to reduce false positives and enhance SOC capabilities. Prioritize vulnerabilities and coordinate remediation action plans with system and application owners. Correlate and analyze security events to determine the scope and impact of cyber incidents. Monitor IT systems throughout their lifecycle for changes impacting security posture. Research vendor documentation and CVE advisories to identify and implement remediation or compensating controls. Coordinate investigation and response efforts throughout the Incident Response lifecycle. Acquire and analyze endpoint and network artifacts to guide remediation efforts. Identify attacker TTPs and IOCs to improve monitoring and detection. Develop and maintain Incident Response processes, workflows, and playbooks. Conduct phishing simulations and lead security awareness training. Participate in penetration testing and vulnerability risk assessments. Support Entra ID and Intune administration, including Conditional Access and ASR rules. Assist with general IT support and system administration tasks (10-15%). Required Skills And Qualifications 2 years of hands-on experience with the Microsoft Defender suite and Sentinel. 2 years of experience securing Windows server and Client operating systems. 1 year of experience in incident response, threat hunting, and SOC operations. Experience with vulnerability management tools (Nessus preferred). Hands-on, working experience with Entra ID, Intune, Conditional Access, and ASR. Experience researching and remediating CVE advisories. Hands-on, working experience with PowerShell and KQL (Kusto Query Language). Knowledge of security frameworks (e.g., NIST, CIS) Strong understanding of networking protocols, firewalls, and endpoint protection. Familiarity with cloud security best practices. Experience conducting phishing campaigns and user training. Strong documentation and communication skills. Ability to work independently and as part of a team. This is a full-time, exempt position. The starting salary is $74,318- $80,032, depending on qualifications. The city offers a generous benefits package, including Maryland State Retirement. All applications must include a cover letter and resume to be considered for the first review of candidates, before October 12, 2025. Please complete an application at The City of College Park is an Equal Opportunity Employer.

Requirements