Cyber Security Analyst

Summary of Responsibilities:

Responsible for handling escalated incidents using proper investigation techniques, processes and procedures. Works with managed security service provider (MSSP) to tune rules for detection of threats while minimizing false positives/false negatives. Maintains the central knowledge base for all processes, procedures, and case documentation for accuracy and completeness. Mentors junior cyber associates to facilitate their development as incident analysts. Works with the Cyber Security Engineer on custom tool requirements to support incident analysis activities. Integrates threat intelligence into detection and prevention capabilities in order to respond to active threats in an agile manner.

Position Responsibilities:

  • Under broad supervision, investigates incidents that are escalated per procedure. Communicates with customers as appropriate, keeping Cyber Security Operations Center (CSOC) management informed per incident severity requirements. Follows applicable processes and procedures while maintaining the flexibility to “think outside the box” during the investigation in order to find all affected systems including “patient zero,” performs root cause analysis; determines attribution if appropriate; completes documentation; and participates in lessons learned post mortem. For high severity level incidents, functions as a team member of the incident team, interfacing with outside incident response personnel as well as both senior and junior cyber associates.

  • Creates, revises, and maintains processes and procedures related to continuous monitoring, triage, incident analysis, and incident response activities. Consults with other cyber associates to continuously improve those processes and procedures, and ensures that when new tools or external inputs change that the documentation is adjusted accordingly.

  • Mentors and trains junior cyber associates on proper investigation techniques, documentation requirements and evidence handling. Serve as a technical consultant to those associates. Functions as a technical contact for managed security service provider (MSSP) analysts when technical questions arise, consulting with senior analysts and management for guidance as appropriate.

  • Performs rule creation, system tuning, rule tuning and threat intelligence integration in order to improve the detection capabilities of the security systems.

  • Communicates with CSOC management, cyber and information security staff members, and customers in written and verbal communication regarding investigations and status updates. Maintains need-to-know discretion for all investigations.

  • Interfaces regularly with the Cyber Security Engineer to test and improve custom tools, suggesting features and improvements in order to improve efficiency and productivity. During investigations communicates with the engineer in order to quickly gather the information needed in the most efficient manner possible, giving constructive feedback on custom tools provided in that process.

  • Performs knowledge sharing with team members through meetings, presentations and written communications. Creates, revises and maintains documentation of incident response processes and procedures in the central knowledge base.

  • Participates in after incident lessons learned meetings to give input on recommendations for process or procedure improvoments, and to provide mitigation recommendations to reduce future incidents or minimize their impact.

  • Tracks performance metrics and provides timely updates to CSOC management.

  • Provides potential on-call support during nights and weekends.

  • Performs other duties as assigned by management.

Selection Criteria:

  • Demonstrated experience in threat detection technologies including intrusion detection and prevention systems (IDS/IPS), security incident and event management (SIEM) technology, and network packet analyzers. Experience with security data analytics, endpoint protection, malware analysis, and forensics tools are highly desired.

  • Demonstrated SIEM utilization skills including the ability to review and analyze security events from various monitoring and logging sources to identify or confirm suspicious activity.

  • Demonstrated experience in incident analysis and response activities, including execution of response and analysis plans, processes and procedures and performing root cause analysis. Experience in a SOC environment is preferred.

  • Demonstrated ability to analyze large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity.

  • Proven knowledge of current security trends, threats and techniques. Demonstrated self-driven desire to continually learn and grow in knowledge related to the constantly evolving threat landscape.

  • Proven experience on both Linux-based and MS Windows-based system platforms with a strong IT technical understanding and aptitude for analytical problem-solving.

  • Demonstrated strong understanding of enterprise, network, system and application level security issues.

  • Proven understanding of the current vulnerabilities, response and mitigation strategies used in cyber security.

  • Strong team player – collaborates well with others to solve problems and actively incorporates input from various sources. Proven experience motivating fellow team members toward excellence and project completion.

  • Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.

  • Demonstrated analytical skills – continuously defines problems, collects or interprets data, establishes facts, anticipates obstacles, and develops plans to resolve them. Strong problem solving skills while communicating in a clear and succinct manner effectively evaluating information/data to make decisions.

  • Demonstrated inherent passion for information security and service excellence.

  • Proven excellent verbal and written communication skills; frequently expresses, exchanges or prepares accurate information conveying information to internal and external customers in a clear, focused and concise manner. Continuously conforms to proper rules of punctuation, grammar, diction and style.

  • Demonstrated self-starter with strong internal motivation. Proven ability to work with general supervision or direction.

  • Proven ability to work under multiple deadlines with general supervision. Cite examples of successfully organizing and effectively completing projects where given minimal direction.

  • Demonstrated ability to perform activities such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; and extensive reading. Visual acuity is required to determine accuracy, neatness and thoroughness of work assigned.

Work Setting:

  • This position works in an office setting and may frquently remain in a stationary position for periods of time while working at a desk, on a computer or with other standard office equipment or while in meetings.

  • Ability to continuously make repetitive motions of the wrists, hands and/or fingers.

  • Occasionally moves about to accomplish tasks, particularly moving from one work station to another.

Educational Requirements:

  • Bachelor’s Degree in Information Assurance, Information Systems, Computer Science, IT or commensurate selection criteria experience.

  • Minimum five years of technical experience in the information security field, including two or more years of incident response, threat analysis and/or security operations center experience.

Computer Skills and Knowledge of Hardware & Software Required:

  • Linux-based and MS Windows-based system platforms.

  • Strong understanding of enterprise, network, system and application level security issues.

  • Understanding of enterprise computing environments, distributed applications and a strong understanding of TCP/IP networks.

  • Fundamental or greater understanding of encryption technologies.

  • Basic experience with one or more scripting languages (examples: Python, Perl, Java or Ruby).

  • Knowledge of Identity & Access Management practices, systems and controls.

  • Experience with security tools, including but not limited to, IDS (snort or suricata preferred), IPS, data analytics software, SIEM solutions (QRadar preferred), Web application firewall (WAF), malware analysis, knowledge base platforms and live response/forensics tools.

Certifications & Licenses (i.e., Series 6 & 63, CPA, etc.):

  • Candidate encouraged to hold one or more of the following security certifications: Certified Information Systems Security Professional (CISSP), GIAC Certifications (GCIH, GCIA for example), Certified Ethical Hacker (CeH).

Position Demands:

  • Extended hours required during peak workloads or special projects and off-hour support.

  • Occasional travel may be required.


. . . . . . . .

Leave a Reply