Apply »

Incident Response Analyst I (Information Systems Analyst I, Opt. S)

We continually strive for a workforce that reflects the growing diversity within the State of Illinois. A variety of employee backgrounds, perspectives, ideas and experiences are crucial to our ability to most effectively serve the public. Bilingual skills welcome

Reasonable Accommodation Statement

The State of Illinois is committed to working with and providing reasonable accommodations to people with disabilities. Further, federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job, interview for a job, or for any other activity related to the hiring process. Examples of reasonable accommodation include, but are not limited to, making a change to the application process (if possible), providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

To be provided a Reasonable Accommodation during the hiring process, you will need to provide a certification of disability from a physician, psychiatrist, school official or an Illinois Department of Human Services (DHS) Division of Rehabilitation Services (DRS) Vocational Rehabilitation (VR) Counselor. Supporting documentation should be uploaded under My Documents → Additional Documents section for each application.

Any questions on Reasonable Accommodations can be directed to Central Management Services Disability Resource Center at CMS.DisabilityResCen@illinois.gov or call (217) 524-7514 for further information and to request or discuss an accommodation.

Sponsorship for Employment

The State of Illinois does not provide sponsorship for employment visa status (e.g. H-1B visa status), nor is the State able to provide extensions of optional practical training (OPT) under the STEM-designated degree program for F-1 students.  To be considered for permanent employment with the State of Illinois, applicants must be currently authorized to work in the United States on a full-time basis.

Disclosure of Salary Information

In compliance with the Illinois Equal Pay Act, 820 ILCS 112/1 et seq., the State does not seek, request, or require a job applicant’s wage or salary history.  Employment decisions are not made based on an applicant’s wage or salary history.  To that end, please do not include wage or salary information in your resume or other profile or application materials.
Date:  Nov 24, 2025
Location: 

Springfield, IL, US, 62702

Job Requisition ID:  51751

Job Requisition ID: 51751 
Posting Date: 11/25/2025

Closing Date: 12/10/2025
​Agency: Department of Innovation and Technology
Class Title: INFORMATION SYSTEMS ANALYST I - 21165 
Skill Option: System Services - Information Technology 
Bilingual Option: None
Salary: Anticipated starting salary: $6,952 monthly; Full range: $6,952-$10,130 monthly
Job Type: Salaried
Category: Full Time 
County: Sangamon
Number of Vacancies: 3
Bargaining Unit Code: RC063 Professional Employees, Educators,Juvenile Justice School Counselors and Special Education Resources Coordinators,and Physicians AFSCME
Merit Comp Code: None

 

This position is a union position; therefore, provisions of the relevant collective bargaining agreement/labor contract apply to the filling of this position.

 

All applicants who want to be considered for this position MUST apply electronically through the illinois.jobs2web.com website. State of Illinois employees should click the link near the top left to apply through the SuccessFactors employee career portal.

Applications submitted via email or any paper manner (mail, fax, hand delivery) will not be considered.

Proof of educational coursework is required. Acceptable proof of coursework includes unofficial transcripts, copies of official transcripts, account records (including screenshots) of academic coursework, and any similar documents created by an academic institution.

 

 

Why Work for Illinois?

Working with the State of Illinois is a testament to the values of compassion, equity, and dedication that define our state. Whether you’re helping to improve schools, protect our natural resources, or support families in need, you’re part of something bigger—something that touches the lives of every person who calls Illinois home.

No matter what state career you’re looking for, we offer jobs that fit your life and your schedule—flexible jobs that provide the gold standard of benefits. Our employees can take advantage of various avenues to advance their careers and realize their dreams. Our top-tier benefits and great retirement packages can help you build a rewarding career and lasting future with the State of Illinois.

Position Overview

Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment. This position serves as a Incident Response Analyst I in performing difficult and specialized system services incident response work by responding to major cyber incidents utilizing established policies, standards and procedures and determining and preventing unauthorized access or destruction of network information. In this role, you will collect information from security systems, end-users and other sources to document and communicate the existence of a security incident in a timely manner. In addition, you will serve as a recipient of information security and cyber-security vulnerability and threat information from information systems and sources including but not limited to information system vulnerability monitoring tools, the Illinois Statewide Terrorism Intelligence Center (STIC), software and hardware vendors, and internal security personnel and assists detection engineering. If you possess these knowledges, skills, abilities, and experience, we invite you to apply for this position to join the DoIT Team!

 

As a State of Illinois employee, you receive a comprehensive benefits package including:

  • Competitive Group Insurance benefits including health, life, dental and vision plans.
  • Flexible work schedules (when available and dependent upon position).
  • 10 -25 days of paid vacation time annually (10 days for first year of state employment).
  • 12 days of paid sick time annually which carryover year to year.
  • 3 paid personal business days per year.
  • 13-14 paid holidays per year dependent on election years.
  • 12 weeks of paid parental leave.
  • Pension plan through the State Employees Retirement System.
  • Deferred Compensation Program – voluntary supplemental retirement plan.
  • Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP).
  • Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility.

 

For more information regarding State of Illinois Benefits follow this link: https://www2.illinois.gov/cms/benefits/Pages/default.aspx

Essential Functions

  • Under general direction, serves as an Incident Response Analyst I for the Department of Innovation & Technology (DoIT), performing difficult and specialized system services incident response work by responding to major cyber incidents utilizing established policies, standards and procedures and determining and preventing unauthorized access or destruction of network information.
  • Serves as a recipient of information security and cyber-security vulnerability and threat information from information systems and sources including but not limited to information system vulnerability monitoring tools, the Illinois Statewide Terrorism Intelligence Center (STIC), software and hardware vendors, and internal security personnel and assists detection engineering.
  • Provides guidance to agency security officers, security managers, other security personnel, and agency personnel on trending threats and vulnerabilities.
  • Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
  • Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Minimum Qualifications

  • Requires knowledge, skill, and mental development equivalent to four (4) years of college with coursework in computer science or directly related fields.
  • Requires one (1) year of professional experience in System Services or a related Information Technology field.

Specialized Skills

  • Requires one (1) year of professional experience working within or in direct support of a Security Operations Center (SOC), with responsibilities including incident detection, triage, coordination, containment, and recovery in alignment with frameworks such as NIST SP 800-61 or MITRE ATT&CK .
  • Requires one (1) year of professional experience utilizing a Security Information and Event Management (SIEM) platform (e.g., Splunk, QRadar, and LogRhythm) to analyze logs, tune alerts, and detect security threats.
  • Requires one (1) year of professional experience working with Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, and Microsoft Defender for Endpoint) to investigate and remediate endpoint threats.
  • Requires one (1) year of professional experience in detection engineering and threat hunting, including the development of custom detection rules and proactive identification of anomalous behavior.

Preferred Qualifications

  • One (1) year of professional experience working within or in direct support of a Security Operations Center (SOC), with responsibilities including incident detection, triage, coordination, containment, and recovery in alignment with frameworks such as NIST SP 800-61 or MITRE ATT&CK.
  • One (1) year of professional experience utilizing a Security Information and Event Management (SIEM) platforms (e.g., Splunk, QRadar, and LogRhythm) to analyze logs, tune alerts, and detect security threats.
  • One (1) year of professional experience working with Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint) to investigate and remediate endpoint threats.
  • One (1) year of professional experience in detection engineering or threat hunting, including the development of custom detection rules and proactive identification of anomalous behavior.
  • One (1) year of professional experience utilizing sandbox environments (e.g., Cuckoo Sandbox, Any.Run, or Joe Sandbox) to analyze potentially malicious files, URLs, or malware behavior.
  • One (1) year of professional experience utilizing network protocols and tools (e.g., Transmission Control Protocol and Internet Protocol (TCP/IP), Remote Desktop Protocol (RDP), Dynamic Host Configuration Protocol (DHCP), directory services (e.g., Domain Name System (DNBS), pint, or traceroute.) to investigate network-based threats.
  • Ability to analyze data logically and exercise sound judgement in defining and evaluating problems of an operational or procedural nature.
  • Ability to gain and maintain effective working relationships with associates, vendors, clients, and cross-functional teams to resolve security incidents.
  • Developed verbal and written communication skills to present technical information clearly and precisely to diverse audiences, including business users, development teams, and agency executives.
  • Certification(s) in one or more of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), EC-Council Certified Ethical Hacker (CEH), Security+, or SANS Institute courses (e.g., SEC401 or SEC450) or other comparable cybersecurity trainings, classes, or certifications.

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

  • Requires the ability to verify identity.
  • Requires employment authorization to accept permanent full-time position with the State of Illinois.
  • Requires the ability to pass a position specific, agency required background check and requires self-disclosure of criminal history.
  • Requires the ability to travel in the performance of duties.
  • Requires the ability to work outside of normal hours to meet deadlines.
  • Requires the ability to use agency supplied equipment such as laptop, personal computer, work cell phone, etc.
  • Requires the ability to work overtime including scheduled, unscheduled, short notice, evening, weekends, and holidays.
  • Requires the ability to attend seminars, conferences, and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties.
  • Requires the ability to lift and carry objects or equipment weighing up to 10 pounds. This is considered sedentary work as defined by the U.S. Department of Labor (20 CFR 404.1567(a)). Sedentary work involves lifting no more than 10 pounds at a time and requires occasional lifting, carrying, walking, and standing.
  • The conditions of employment listed are incorporated and/or related to any duties included in the position description.

Work Hours: 8:30am-5:00pm, Monday-Friday
Headquarter Location: 120 W Jefferson St Springfield, IL 62702-5170
Work County: Sangamon
Agency Contact: Elizabeth Bridges
Email: elizabeth.bridges@illinois.gov
Posting Group: Science, Technology, Engineering & Mathematics

 

This position DOES contain “Specialized Skills” (as that term is used in CBAs).

 

The Department of Innovation & Technology (DolT) is the state's IT agency delivering an enterprise approach to statewide technology, innovation, and telecommunication services, as well as policy and standards development, lifecycle investment planning, and cybersecurity services. With over 1,500 employees, DolT delivers IT services and innovative solutions to customer agencies to improve services provided to Illinois residents, DolT offers employees the opportunity to advance their careers, develop new skills and reach their potential, both personally and professionally. DoIT is committed to promoting and preserving a workplace culture that embraces diversity and inclusion. We welcome and value employees with different backgrounds, life experiences and talents. It is the collective sum of our individual differences that provides a broad perspective, leading to greater innovation and achievement. In recruiting for our team, we recognize the unique contributions of each applicant regardless of culture, ethnicity, race, national origin, sex, gender identity and expression, age, religion, disability, and sexual orientation.

 

APPLICATION INSTRUCTIONS

Use the “Apply” button at the top right or bottom right of this posting to begin the application process.

If you are not already signed in, you will be prompted to do so. 

State employees should sign in to the career portal for State of Illinois employees – a link is available at the top left of the Illinois.jobs2web.com homepage in the blue ribbon. 

Non-State employees should log in on the using the “View Profile” link in the top right of the Illinois.jobs2web.com homepage in the blue ribbon.  If you have never before signed in, you will be prompted to create an account.

If you have questions about how to apply, please see the following resources:

State employees: Log in to the career portal for State employees and review the Internal Candidate Application Job Aid

Non-State employees: on Illinois.jobs2web.com – click “Application Procedures” in the footer of every page of the website.

 

The main form of communication will be through email. Please check your “junk mail”, “spam”, or “other” folder for communication(s) regarding any submitted application(s). You may receive emails from the following addresses:

  • donotreply@SIL-P1.ns2cloud.com
  • systems@SIL-P1.ns2cloud.com


Nearest Major Market: Springfield

Apply »