Cyber Security Administrator

Closing Date:  August 22, 2025

Salary: $62,331.12 - $81,955.29

Commensurate with experience and education.

Job Code:  ISP010

Pay Grade:  N

Location:  Headquarters-Based, Atlanta, Ga (REMOTE)

Bright from the Start: Georgia Department of Early Care and Learning is responsible for meeting the child care and early education needs of Georgia's children and their families.  It administers the nationally recognized Georgia's Pre-K Program, licenses child care centers and home-based child care, administers Georgia Childcare and Parent Services (CAPS) program, federal nutrition programs, and managers Quality Rated, Georgia's community powered child care rating system.

The department also houses the Head Start State Collaboration Office, distributes federal funding to enhance the quality and availability of child care, and works collaboratively with Georgia child care resource and referral agencies and organizations throughout the state to enhance early care and education.

Job Description:

We are seeking a skilled and proactive Cyber Security Administrator to lead the development and management of security automation, monitoring, and incident response processes using Microsoft Sentinel, Azure Log Analytics, and Microsoft Defender. This role is critical in enhancing our security posture through the creation of playbooks, alerts, runbooks, and advanced SIEM configurations tailored to a state government environment.

Job Duties:

·       Design, develop, and maintain automated playbooks using Azure Logic Apps for incident response and event monitoring.

·       Create and update runbooks to guide SOC analysts through standardized response procedures.

·       Integrate Sentinel with Microsoft Defender and third-party tools for automated threat mitigation.

·       Configure and fine-tune alerts in Microsoft Sentinel and Defender for Endpoint, Identity, and Cloud.

·       Manage Log Analytics Workspaces – security, log migration, log retention.

·       Develop custom KQL queries in Azure Log Analytics for threat detection and alerting.

·       Continuously optimize alert rules to reduce false positives and improve detection accuracy.

·       Architect and manage Sentinel SIEM infrastructure, including data ingestion and connector configuration.

·       Conduct threat hunting and investigations using Sentinel’s advanced query capabilities.

·       Integrate threat intelligence feeds and use them to enrich detection and response strategies.

·       Conduct proactive threat hunting using custom and built-in hunting queries.

·       Analyze historical data to uncover undetected threats or anomalies.

·       Document and share hunting findings with SOC and IR teams.

·       Build and maintain workbooks and dashboards for real-time monitoring and executive reporting.

·       Track and report on key security metrics, incident trends, and system health.

·       Assist with Monitoring and securing Microsoft 365 services, including Exchange Online, SharePoint, and Teams, by configuring security policies, auditing access, and managing data loss prevention (DLP) rules.

·       Assist in managing Microsoft Purview for compliance, data governance, and insider risk management, ensuring sensitive data is classified, protected, and monitored across cloud services.

·       Ensure Sentinel and Defender configurations align with industry standards (e.g., NIST, ISO 27001).

·       Support audit and compliance efforts by providing logs, reports, and documentation.

·       Implement and manage role-based access control (RBAC) and data retention policies.

·       Work closely with SOC, IT, and DevOps teams to align security operations with business needs.

·       Provide training and documentation for analysts on using Sentinel and Defender tools.

·       Stay current with Microsoft security product updates and best practices

·       Training fellow employees in security awareness and procedures

·       Work with the portfolio leads and various stakeholders to support ongoing security initiatives, solutions, and projects

·       Assist with document creation and updating of processes, procedures, and guidelines

·       Perform all other duties as assigned

Technical Skills:

·       Proficiency in Microsoft Sentinel for SIEM management, including analytics rules, incident workflows, and threat hunting.

·       Experience with Azure Log Analytics and Kusto Query Language (KQL) for log analysis and custom alerting.

·       Ability to design and deploy automated playbooks using Azure Logic Apps, Event Hub,  and PowerShell scripting.

·       Knowledge of Azure Active Directory (AAD), RBAC, and cloud security configurations.

·       Familiarity with incident response processes, threat intelligence integration, and security monitoring.

·       Understanding of compliance frameworks such as CJIS, NIST 800-53, including audit readiness and log retention policies.

·       Experience with REST APIs and Python for custom integrations and automation.

·       Strong grasp of security baselines and governance in a state government environment.

·       Microsoft Defender Suite: Defender for Endpoint, Identity, Cloud, and Office 365.

·       Power Automate: Optional for broader workflow integration.

·       PowerShell: For automation, configuration, and incident response tasks.

·       Python (optional but valuable): For custom scripts and integrations.

Personal Skills

·       Must be well organized, efficient, and able to work unsupervised under your own initiative

·       Working as part of a team, you need to be a good team player

·       The ability to react quickly and efficiently under pressure

·       Good communication skills as you will be reporting regularly to management and other stakeholders

Physical Position Requirements:

·       Work is typically performed in an office environment with intermittent sitting, standing, or walking in various settings.

·       The ability to speak clearly, to hear and understand at a normal conversational level, and to receive detailed information through verbal communication.

·        Close visual acuity to perform an activity such as: preparing and analyzing data; viewing a computer terminal; extensive reading and visual inspection.

·        Full range of hand and finger motion for data entry purposes.

Required Qualifications:

Associates degree in Computer Science/ Information Technology/ Information Security or related field or equivalent experience AND Two years of proven experience and demonstrated success in technology leadership with emphasis on information security and data governance AND Currently holds an entry level cyber certification per state guidelines or achieves within 12 months of start date: (Security+, Network+, Linux+, MTA, GISF*) Any GIAC certified entry level certification accepted AND Must hold or be able to qualify for a US Department of Homeland Security (DHS) clearance

DECAL Preferred Qualifications:

·       SC-200: Microsoft Security Operations Analyst

·       AZ-500: Microsoft Azure Security Technologies

·       MS-500: Microsoft 365 Security Administration

·       Compliance Knowledge: NIST, CJIS, CIS, FEDRAMP

·       Cyber Security Management: CISM

·       Risk Assessment and Management

Bright from the Start:  Georgia Department of Early Care and Learning is a family-friendly employer, offering flexible work schedules (at supervisory discretion) and a comprehensive compensation package, to include healthcare, retirement, 401-k match, and elective options for dental, vision, AD&D, short and long-term disability, and life insurance.  Bright from the Start: Georgia Department of Early Care and Learning is an equal opportunity employer and drug-free workplace.  A background check will be completed upon hire, which may consist of any or all of the following: criminal and employment histories, credit history (as applicable to the position), education credentials, and motor vehicle driving records.

“If you are an individual with a disability who may require assistance or other reasonable accommodation in order to participate in the selection process for this position, you may contact our HR department at 678-879-2993. Due to the volume of submissions received by this office, information concerning application or interview status cannot be provided in writing, over the phone, or in person. All applicants who submit a complete application package will be considered but may not necessarily receive notification or an interview.  The job posting may be subject to being closed at any time without notice.  Only those qualified candidates who are selected for an interview shall receive notification upon the filling of this vacancy.

Bright from the Start:  Georgia Department of Early Care and Learning is an equal opportunity em