Primary Responsibility: The Cyber Security Analyst serves as the technical escalation point and mentor for lower-level analysts. Maintains an expert awareness of the current threat landscape. Creates and updates policies and procedures based on current industry standards. Trains junior analysts on current techniques. Reviews junior analyst's findings and results and provides feedback. Studies trends and combines them with threat intelligence to guide cyber security operations. This position requires an analytical, detailed-oriented individual able to quickly triage events (assess the priority, determine risk).
Using the Cyber Kill Chain, indicators of activity and indicators of compromise with current intelligence information to proactively review customers environments searching for anomalous behavior across network, host and logs data. Creates and reviews and queries to search for advanced threats.
Coordinate with intelligence analysts to correlate threat assessment data. Conduct research, analysis, and correlation across a wide variety of all source data sets in order to hunt for malicious activity in customer environments.
Lead an Incident Response Team to investigate and remediate active threats while accurately documenting results using standard incident response techniques. Be able to collect and analyze intrusion artifacts and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying network intrusion. Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion. Respond and communicate to customers during process. Write and publish after action reviews.
Knowledge/Skills Ability: Be able to demonstrate expert working knowledge and understanding of the following:
Current Incident Response Methodologies
Current Cyber Investigative Techniques
Current Cyber Threat Trends
Concepts and practices of processing digital forensic data.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Cyber threats and vulnerabilities.
Specific operational impacts of cybersecurity lapses.
Cloud based Infrastructure (AWS, Azure, GCP)
Administration of Windows and Unix/Linux operating systems.
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
Hacking methodologies and conducting forensic analyses in Windows or Unix/Linux environment.
System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications.
How to perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
Knowledge of types of digital forensics data and how to recognize them.
Security Information and Event Management tools - Searching, aggregating, and correlating data.
Anti-forensics tactics, techniques, and procedures.
Skill in analyzing anomalous code as malicious or benign, analyzing volatile data, identifying obfuscation techniques, and basic malware analysis.
One or more of the following: Python, C++, Java, Bash, Powershell
Minimum Experience/Education: Bachelor's Degree in information security, Information Technology, Mathematics, or Computer Science or equivalent experience. 6+ years' SOC experience or log & information collection and analysis in a production networks (may be subsisted for training/certificates); must be able to obtain and maintain IT Security certifications