Cyber Defense Analyst

Job Profile Name: Cyber Defense Analyst

Job Profile Summary
The Cyber Defense Analyst s role primarily includes security assessments, data analysis, and incident response activities. Team members are expected to collaborate and support each other s areas and assist in monitoring and responding to security events generated by internal systems or through external alerts.

Job Description:

Essential Functions:
Perform assessments of systems and networks within the client environment and identify where those systems/networks deviate from approved configurations, or organizational policy.
oMeasure effectiveness of defense-in-depth architecture against known vulnerabilities.
oConduct vulnerability scanning activities across the enterprise.
oAnalyze scan results to identify security weaknesses, misconfigurations, and areas of elevated risk.
oCorrelate vulnerability data with current threat intelligence to assess exploitability and potential impact.
oProduce detailed reports on identified vulnerabilities, severity levels, business impact, and remediation status.
oCoordinate and support remediation efforts across business owners and support teams.
oSupports security awareness and education efforts for the client community, i.e. Employees, Contractors, Volunteers, etc.
Analyze data from cyber defense tools (e.g. Vulnerability Management tools, EDR, SEG, IDS alerts, firewalls, network traffic logs) for the purposes of mitigating threats.
oReview SIEM and/or audit logs to identify anomalous activity and potential threats to network resources.
oPerform continuous monitoring and analysis of system and user activity to identify malicious activity.
o Maintain detailed tracking of vulnerabilities, including deadlines, remediation progress, ownership, and closure.
o Manage, and update Plans of Action and Milestones (POA&Ms).
o Correlate events across a wide variety of source data (indications and warnings).
o Notify management of incidents that may require additional attention.
o Stay current with existing and evolving technologies to provide enhanced security service offerings to stakeholder groups.
o Act as a security consultant to help identify business needs and design appropriate security controls.
o Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
Manage security incidents. Act as a trusted point of contact and provide expertise for incidents and executes incident response activities including escalation to upper management.
oServe on the Cybersecurity Incident Response Team.
oRespond to alerts received from monitoring systems.
oPerform event correlation to gain situational awareness and determine the impact of anobserved attack.
oProvide timely analysis of events to distinguish malicious incidents and events frombenign activities.
oAnalyze malicious activity to determine weaknesses exploited, exploitation methods,and effects on systems and information.
oProvide recommendations for improvements as needed.

Basic Qualifications:
Bachelor's degree from an accredited college or university with course work in cybersecurity andinformation technology or a related field, and/or any combination of education, training, andexperience that provides the required knowledge, and expertise to perform the essentialfunctions of the position.
Three years of working experience in various aspects of information technology as ananalyst/engineer or similar professional level, including systems administration, networkingand/or application development.
Three years of working experience in cybersecurity as an analyst or security engineer.
Experience in incident handling/response and disaster recovery planning.
Experience in OS, network, and application hardening using baselines such as CIS or STIG.

Knowledge, Skills, and Abilities:
Working knowledge of computer network defense and vulnerability assessment tools and theircapabilities.
Working knowledge of network protocols (e.g., TCP/IP (Transmission Control Protocol/InternetProtocol), DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System).
Working knowledge of risk management processes (e.g., methods for assessing and mitigatingrisk).
Knowledge of new and emerging information technology (IT) and information security
technologies.
Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts andtools.
Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
Ability to accurately and completely source all data used in intelligence, assessment, and/orplanning products.
Skill in using incident handling methodologies.
Skill in collecting data from a variety of cyber defense resources.
Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
Skill in assessing security controls based on cybersecurity principles and tenets.
Skill in implementing security controls and tools.
Strong interpersonal and communication skills.
Ability to achieve goals through influence, collaboration, and cooperation.
Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Ability to produce technical documentation.
Ability to handle and maintain confidential information.
Ability to exercise judgment when policies are not well-defined.
Ability to think critically, analyze issues and solve sensitive and complex problems underpressure.
Ability to work effectively with an array of constituencies in a community that is bothdemographically and technologically diverse.

Competencies:
Decision Making
oDecisions may affect a work unit or area within a department. May contribute to business and operational decisions that affect the department.
Problem Solving
oProblems are varied, requiring analysis or interpretation of the situation. Problems are solved using knowledge and skills, and general precedents and practices.
Independence of ActionoResults are defined and existing practices are used as guidelines to determine specific work methods and carries out work activities independently; supervisor/manager is available to resolve problems.
Communication and Collaboration
o Contacts and information are primarily within the job s working group, department and/or center.
o Contacts and information sharing are external to the job s department, but internal to the center/centers (i.e. other departments/centers, central administration/services such as Human Resources, Payroll, Finance, Facilities, Mail Services, etc.)
o Contacts and information sharing are internal/external to the client, for the primary reason of scheduling, coordinating services, collaborating, etc.

Required Industry Certifications:
At least one relevant certification, e.g. Security+, GSEC, GCIH, GX-CS, SSCP, CEH, Pentest