Cyber Intelligence Analyst
Are you looking to advance your Information Technology career? If so, then UPS is the place for you!
Once known as a trucking company, UPS is now recognized as a technology company with trucks and is poised for success. Spending more than $1 billion a year on information technology, UPS provides its customers unparalleled capability in tracking and distribution intelligence. This technological infrastructure also enables UPS to provide fully integrated Web-enabled, business-to-business solutions.
UPS Information Services, a leader in information technology, is currently seeking career-minded individuals to join our team. If you are highly motivated with a degree in Computer Science or related discipline, then UPS is a great place for you to advance your career.
The Cyber Intelligence Analyst participates in the identification, tracking, monitoring, containment and mitigation of information security threats and service operations. This position performs real-time log analysis to provide network and data security utilizing established processes and tools to focus on incident response, threat identification, analysis, containment and remediation.
Additional Role Information:
The Cyber Intelligence Analyst will perform real-time security log and event analysis and takes action within defined parameters to contain and mitigate information security threats and escalate to the next level as needed based on severity.
Primary Skill: Cyber Threat Analysis
Linux System Administration – Intermediate
Windows Operating System – Advanced
Technical Knowledge of Hardware & Software – Advanced
Cyber Threat Analysis – Intermediate
Security Incident Response – Intermediate
Vulnerability/Threat Analysis – Intermediate
Malware Reverse Engineering – Beginner
Analyzes Events Utilizing Security Tools
- Utilizes appropriate security tools to perform root cause analysis in a complex global enterprise environment.
- Triages requests for analysis to prioritize potential threats and concerns in near real-time.
- Analyzes logs to identify security concerns (e.g., port scans, reconnaissance activity, phishing attempts, excessive failed login attempts, unauthorized downloads, unauthorized system/file access, covert channels, etc.) and determine relevance of events.
- Determines root cause and initial risk of security events to generate knowledge of what makes an attack successful.
- Operates security-related tools related (e.g., SIEM tools, threat intelligence tools, security analytics tools, etc.) to analyze security events.
- Performs analysis (e.g., network packet captures, application code traffic snippets, network device configurations, memory forensics, internet traffic analysis, etc.) based on security knowledge and attack anatomy to ensure an appropriate response.
Identifies, Triages, and Responds to Information Security Events
- Identifies information security events to enable response to minimize business impact.
- Identifies and documents details to provide scope and contextual information for security events.
- Investigates identified security events (e.g., compromised system, command and control communication, brute force login attacks, unauthorized system access, website compromise, data exposure vs breach, etc.) to clarify scope and assign initial risk level.
- Utilizes analysis from security-related detection and monitoring tools and compares to threat intelligence knowledge to identify complexity and possible business impact.
- Utilizes known threat information to monitor for new security events associated with the original security event to determine future security risk and impact, and enable appropriate response.
- Researches anomalies to determine the potential existence of unidentified security events in the environment.
- Performs analytical tasks using predefined reference points to identify at-risk assets.
Tracks and Monitors Information Security Events
- Creates security event tracking entries in an incident response tracking platform to document the incident, investigation and analysis workflow and provide visibility to manage risk.
- Tracks changes to security events and updates tickets to maintain accurate and consistent recordkeeping.
- Monitors security events to advise information security management on possible changes to the UPS security posture.
- Documents detailed procedures to facilitate future event analysis of a similar nature.
- Ensures security controls and processes are adequately imposed to recommend closure of event case.
Communicates Information Security Events
- Interfaces with UPS Operations Command Center (OCC) staff to effectively manage possible security events.
- Engages asset owners and internal clients to investigate security events.
- Shares limited security information with asset owners/clients to resolve security related challenges.
- Guides clients based on defined procedures to ensure security protocols are followed.
- Advises users of UPS security controls to ensure effective monitoring of security events.
- Communicates details of technically complex and complicated security topics to enable understanding.
Participates in Information Security Incident Response
- Responds as directed by incident handlers to gather secondary data related to security incidents
- Engages asset owners and internal clients to resolve security incidents as directed by incident handler.
- Communicates clear and concise details of technically complex and complicated security topics to provide education and promote partnership across the enterprise.
The desired Cyber Intelligence Analyst will possess a Bachelor’s degree in Computer Science, Information Systems, Mathematics, Statistics or related field or the equivalent in education and work experience. Certifications: GIAC, Certified Incident Handler (GCIH) preferred.
UPS is an equal opportunity employer – race/color/religion/sex/national origin/veteran/disability/sexual orientation/gender identity