IT Security Analyst

Job Title: IT Security Analyst

Reports to:Chief of Staff

Salary Range: $80,000 - $100,000

Grade: 23

Location: 69 W. Washington, 32^nd Floor

Bureau: Administrative Services

Application deadline: May 29, 2026

Primary Function:

We are seeking a motivated and detail-oriented IT Security Analyst to join our Information Technology team. This role is responsible for monitoring, analyzing, and responding to cybersecurity threats while helping maintain the security, integrity, and availability of the organization’s systems and data. The IT Security Analyst will work closely with infrastructure, desktop support, cloud, and application teams to implement and maintain security best practices across the enterprise environment.

The ideal candidate will have experience with Microsoft 365 security technologies, Active Directory, endpoint protection, vulnerability management, SIEM monitoring, and incident response in an enterprise environment.

Duties and Responsibilities:

• Monitor and respond to cybersecurity alerts, incidents, and suspicious activities across servers, endpoints, cloud platforms, and network infrastructure.
• Investigate security events and perform incident response activities, including containment, remediation, recovery, and documentation.
• Manage and monitor Microsoft 365 security tools including Microsoft Defender, Exchange Online Protection, Microsoft Entra ID (Azure AD), Conditional Access, Data Loss Prevention (DLP), and Microsoft Purview.
• Review and analyze security logs from SIEM, firewalls, antivirus, endpoint detection and response (EDR), and other monitoring systems.
• Conduct vulnerability assessments and coordinate remediation efforts with infrastructure and desktop support teams.
• Assist with the administration and enforcement of security policies, standards, and procedures.
• Monitor phishing, malware, ransomware, and email security threats.
• Perform compliance searches, email investigations, and security-related audits within Microsoft 365 and Exchange Online.
• Support endpoint security management including BitLocker, Windows Defender, patch management, and endpoint hardening.
• Assist with identity and access management (IAM), including Active Directory group memberships, privileged access reviews, and MFA enforcement.
• Collaborate with IT teams to secure cloud infrastructure, servers, workstations, and applications.
• Participate in disaster recovery, business continuity, and cybersecurity readiness planning.
• Maintain documentation related to security incidents, procedures, configurations, and remediation efforts.
• Assist with security awareness initiatives and end-user cybersecurity training.
• Stay current with emerging cybersecurity threats, vulnerabilities, and industry best practices.
• Ability to participate in after-hours support or incident response when necessary.
• Ability to manage multiple priorities in a fast-paced environment.
• Strong attention to detail and commitment to cybersecurity best practices.

Qualifications:

Required:

• Experience supporting enterprise IT security operations in a Windows-based environment.
• Strong knowledge of Microsoft 365 Security & Compliance, Microsoft Defender Suite, Exchange Online, Active Directory / Group Policy, Microsoft Entra ID (Azure AD), Windows Server and Windows 10/11, endpoint protection and EDR solutions, and SIEM and log analysis tools.
• Experience with vulnerability scanning and remediation tools.
• Understanding of networking fundamentals including TCP/IP, DNS, DHCP, VPN, and firewalls.
• Experience with PowerShell scripting for automation and administration.
• Familiarity with security frameworks and best practices such as NIST, CIS Controls, Zero Trust, and Least Privilege.
• Knowledge of cloud security concepts within Azure and Microsoft 365 environments.
• Strong troubleshooting, analytical, and problem-solving skills.
• Ability to handle sensitive and confidential information appropriately.
• Excellent written and verbal communication skills.

Preferred

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field preferred.
• Microsoft certifications required or equivalent work experience, including Microsoft Certified: Security Operations Analyst Associate, Microsoft Certified: Cybersecurity Architect Expert, and Microsoft Certified: Azure Security Engineer Associate.
• Additional certifications are a plus: Security+, CISSP, CEH, SC-200 / SC-300 / AZ-500.
• Experience working in enterprise, government, legal, healthcare, or highly regulated environments preferred.

Equal Employment Opportunity

EEO Message: The Cook County State’s Attorney’s Office (CCSAO) is an equal opportunity employer, which seeks to recruit, develop, and retain the most talented people from a diverse candidate pool. The CCSAO does not discriminate on the basis of race, color, religion, sex, pregnancy, national origin, age, physical and mental disability, sexual orientation, gender identity, gender expression, and any other characteristic protected by federal, state, or local law. Upon request, the CCSAO will provide reasonable accommodation for qualified individuals due to a disability or pregnancy. The EEOP report can be found on our website at www.cookcountystatesattorney.org.