Role Description This is a remote position. Seeking an SOC Analyst that possesses strong expertise in Endpoint Detection and Response (EDR) tools and cyber-security incident handling. The resource will be expected to provide security monitoring and response efforts for, and in coordination with the SOC, as well as: - Strong communication, reporting, and documentation abilities. - Monitor, analyze, and respond to cyber-security events, alerts, and incidents affecting State of Iowa IT systems. - Take appropriate actions to protect IT assets from potential incidents and threats. - Document and report changes, trends, and implications related to evolving cyber-security tools, systems, and solutions. - Follow SOC processes and assist ISD Security Engineers and OCIO support teams during alerts, events, and incidents. - Submit new events and update existing events within the SOC ticketing system. - Provide phone and email support to state agencies and participating partners during alerts, events, and incidents. - Provide off‑hours or ad‑hoc shift support as required. - Proven ability to collaborate effectively with partners across varying technical backgrounds. - Capability to perform Tier 1 troubleshooting, including log collection, documentation review, and appropriate escalation. - Maintain up‑to‑date knowledge on relevant cyber-security technologies and tools. - Support Tier 1 SOC Analysts in triaging cyber-security events, alerts, and incidents. - Follow detailed operational procedures to analyze, escalate, and support remediation of critical security incidents. - Assist with SOC metrics, reporting, and communications. - Support incident response activities up to the preliminary forensics stage. - Monitor EDR tools and perform initial assessment and data gathering for alerts. Qualifications - Hands on experience working with Endpoint Detection and Response (EDR) tools - Required (3 years) - Experience responding to cyber security events and incidents - Required (3 years) - Experience working with Crowdstrike, or comparable EDR tool - Required (3 years) - Ability to work in high pressure, fast paced environments - Required (3 years) Benefits - Paid Sick Time - Insurance for Medical, Dental, Vision and Life Available - 401(k) including Employer Match - HSA, Short-term & Long-term Disability Available Company Description We are an EEO/Veterans/Disabled employer.

• Analyze design, develop, implement, and support code for government customer, the United States Postal Service • Lead security assessments for USPS applications and domains, including cloud systems • Collaborate with cross-functional teams, business units, and IT stakeholders to guide them through the USPS Assessment & Authorization (A&A) process • Develop actionable security blueprints, security models, and recommendations that strengthen enterprise security posture • Utilize GRC tools, vulnerability scanning technologies, and security architecture best practices to evaluate risks, document findings, and support authorization decisions

• Assist in protecting high-value compute nodes by learning how to manage encryption, secure access, and maintain the integrity of supercomputing fabrics • Assist in protecting the systems supporting the program operations by learning how to review scans, identify vulnerabilities, recommend remediations, and document the environment for security assessments • Work side-by-side with SOC analysts to monitor logs, identify anomalies, and learn how to manage Indicators of Compromise (IOCs) using SIEM tools • Collaborate with a team of peers to research and propose solutions to current cybersecurity challenges, such as vulnerability management and automated patch tracking • Gain exposure to ASA program leadership and participate in mentoring circles led by early career champions

Role Description We are seeking a QA Security Analyst to ensure the quality and security of our applications. This role combines functional testing with security testing, focusing on identifying vulnerabilities early in the development lifecycle. The ideal candidate has a strong QA background with hands-on experience in security testing and a solid understanding of common application vulnerabilities. - Perform functional, regression, and security testing for web and/or mobile applications - Identify and report security vulnerabilities (e.g., OWASP Top 10) - Conduct API security testing and validation - Execute basic to intermediate penetration testing activities - Validate fixes for reported vulnerabilities - Collaborate with developers to ensure secure coding practices - Develop and maintain test cases, including security-focused scenarios - Integrate security testing into CI/CD pipelines where applicable - Document test results and provide clear reporting Qualifications - 2–5 years of experience in QA or software testing - Strong understanding of software testing methodologies and lifecycle - Experience with API testing tools (e.g., Postman) - Familiarity with automation tools (e.g., Selenium, Cypress) - Basic understanding of security testing principles