You are viewing a preview of this job. Log in or register to view more details about this job.

Incident Response Analyst

Illinois Department of Innovation and Technology

Job Title: Incident Response Analyst

Job Requisition ID: 51751

Closing Date: 12/10/2025

Salary: $6,952 monthly

Work Location: Springfield, IL

Union Position: Yes

Work authorization: US work authorization required at time of application. No sponsorship available. Not eligible for STEM OPT. Positions are W2 only and cannot be converted to a contract position.

Questions? Email doit.recruitment@illinois.gov

Transcripts are required for consideration.

Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment.

This position serves as an Incident Response Analyst I in performing difficult and specialized system services incident response work by responding to major cyber incidents utilizing established policies, standards and procedures and determining and preventing unauthorized access or destruction of network information.

In this role, you will collect information from security systems, end-users and other sources to document and communicate the existence of a security incident in a timely manner.

In addition, you will serve as a recipient of information security and cyber-security vulnerability and threat information from information systems and sources including but not limited to information system vulnerability monitoring tools, the Illinois Statewide Terrorism Intelligence Center (STIC), software and hardware vendors, and internal security personnel and assists detection engineering.

If you possess these knowledges, skills, abilities, and experience, we invite you to apply for this position to join the DoIT Team!

As a State of Illinois employee, you receive a comprehensive benefits package including:

Competitive Group Insurance benefits including health, life, dental and vision plans.
Flexible work schedules (when available and dependent upon position).
10 -25 days of paid vacation time annually (10 days for first year of state employment).
12 days of paid sick time annually which carryover year to year.
3 paid personal business days per year.
13-14 paid holidays per year dependent on election years.
12 weeks of paid parental leave.
Pension plan through the State Employees Retirement System.
Deferred Compensation Program – voluntary supplemental retirement plan.
Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP).
Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility.

Essential Functions

Under general direction, serves as an Incident Response Analyst I for the Department of Innovation & Technology (DoIT), performing difficult and specialized system services incident response work by responding to major cyber incidents utilizing established policies, standards and procedures and determining and preventing unauthorized access or destruction of network information.
Serves as a recipient of information security and cyber-security vulnerability and threat information from information systems and sources including but not limited to information system vulnerability monitoring tools, the Illinois Statewide Terrorism Intelligence Center (STIC), software and hardware vendors, and internal security personnel and assists detection engineering.
Provides guidance to agency security officers, security managers, other security personnel, and agency personnel on trending threats and vulnerabilities.
Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Minimum Qualifications

Requires knowledge, skill, and mental development equivalent to four (4) years of college with coursework in computer science or directly related fields.
Requires one (1) year of professional experience in System Services or a related Information Technology field.

Preferred Qualifications

One (1) year of professional experience working within or in direct support of a Security Operations Center (SOC), with responsibilities including incident detection, triage, coordination, containment, and recovery in alignment with frameworks such as NIST SP 800-61 or MITRE ATT&CK.
One (1) year of professional experience utilizing a Security Information and Event Management (SIEM) platforms (e.g., Splunk, QRadar, and LogRhythm) to analyze logs, tune alerts, and detect security threats.
One (1) year of professional experience working with Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint) to investigate and remediate endpoint threats.
One (1) year of professional experience in detection engineering or threat hunting, including the development of custom detection rules and proactive identification of anomalous behavior.
One (1) year of professional experience utilizing sandbox environments (e.g., Cuckoo Sandbox, Any.Run, or Joe Sandbox) to analyze potentially malicious files, URLs, or malware behavior.
One (1) year of professional experience utilizing network protocols and tools (e.g., Transmission Control Protocol and Internet Protocol (TCP/IP), Remote Desktop Protocol (RDP), Dynamic Host Configuration Protocol (DHCP), directory services (e.g., Domain Name System (DNBS), pint, or traceroute.) to investigate network-based threats.
Ability to analyze data logically and exercise sound judgement in defining and evaluating problems of an operational or procedural nature.
Ability to gain and maintain effective working relationships with associates, vendors, clients, and cross-functional teams to resolve security incidents.
Developed verbal and written communication skills to present technical information clearly and precisely to diverse audiences, including business users, development teams, and agency executives.
Certification(s) in one or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), EC-Council Certified Ethical Hacker (CEH), Security+, or SANS Institute courses (e.g., SEC401 or SEC450) or other comparable cybersecurity trainings, classes, or certifications.

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

Requires the ability to verify identity.
Requires employment authorization to accept permanent full-time position with the State of Illinois.
Requires the ability to pass a position specific, agency required background check and requires self-disclosure of criminal history.
Requires the ability to travel in the performance of duties.
Requires the ability to work outside of normal hours to meet deadlines.
Requires the ability to use agency supplied equipment such as laptop, personal computer, work cell phone, etc.
Requires the ability to work overtime including scheduled, unscheduled, short notice, evening, weekends, and holidays.
Requires the ability to attend seminars, conferences, and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties.
Requires the ability to lift and carry objects or equipment weighing up to 10 pounds. This is considered sedentary work as defined by the U.S. Department of Labor (20 CFR 404.1567(a)). Sedentary work involves lifting no more than 10 pounds at a time and requires occasional lifting, carrying, walking, and standing.
The conditions of employment listed are incorporated and/or related to any duties included in the position description.