DescriptionThe Cyber Defense Analyst 2 monitors security event and detection systems. Evaluates vulnerability and threat indicators for relevance and impact. Analyzes system configurations and data to identify system intrusions, unauthorized accesses and disclosures, misconfigurations, or policy violations. Alerts and communicates potential security incidents. Works as part of extended team across all functional IT areas. Responsible for maintaining and supporting Information Security in the areas of detection, prevention, audit, IT change management control, management of protected health information, segregation of duties and provisioning & deprovisioning of users.
Job Responsibilities:
- Triages security events and offenses upon receipt across cybersecurity operations platforms. Escalates security events and security incidents based on established criteria including those that may cause ongoing and immediate impact to the environment. Coordinates incident response functions. Analyzes and reports organizational and system security posture trends.
- Triages cyber defense incidents, determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. Performs real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs). Tracks and documents cyber defense incidents from initial detection through final resolution. Writes and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies and develops content for cyber defense tools.
- Provides timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Determines tactics, techniques, and procedures (TTPs) for intrusion sets. Recommends computing environment vulnerability corrections.
- Characterizes and analyzes network traffic to identify anomalous activity and potential threats to network resources. Provides daily summary reports of network events and activity relevant to cyber defense practices. Performs cyber defense trend analysis and reporting. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
- Performs analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
- Coordinates with intelligence analysts to correlate threat assessment data. Conducts research, analysis, and correlation across a wide variety of all source data sets (indications and warnings) and documents after-action reviews.
- Specializes in one or more of the following: incident response, threat modeling, vulnerability management, forensic collection and examination, cyber investigation, cyber intelligence fusion, other cyber discipline.
Requirements:
- Education: Bachelor's Degree in relevant field (or 4 years of experience in lieu of degree)
- Experience: 3 years in cybersecurity or information security or 5 years in system or network administration