The Cybersecurity Analyst fulfills the following tasks:
●Conducts threat monitoring and analysis using various threat detection, investigation and response (TDIR) capable tools, such as security information and event management (SIEM) and extended detection and response (XDR) platforms.
●Conducts multi-telemetry based threat investigations to identify cyber threats coming both internally and externally of the organization.
●Triages alerts from detection platforms, identifying and removing false positive issues and escalating genuine identified attacks.
●Documents formal, technical incident reports for consumption by infrastructure teams and senior leadership.
●Provides infrastructure teams with incident support, including mitigating actions to contain activity and advisory for remedial actions.
●Works with threat detection content development teams to enhance/tune detection platforms, and create new e detection content
●Carries out root cause analysis and investigations to advise on prevention mechanisms and configuration changes.
●Works with Threat Intelligence platform to research emerging threats and exploits to aid in the discovery of incidents. Maintains knowledge of latest security technologies and mitigations.
●Works with threat hunting tools to optimize TDIR capabilities through threat hunting findings
●Supports the development and running of reporting for compliance and infrastructure teams as well as performance reporting for the security operations team.
●Carries out analysis and testing for the purposes of identifying vulnerabilities, misconfigurations or other exposures, and the validation of user policies.
●Works efficiently to meet organization specific SOC metrics and SLAs
Requirements
A successful Cybersecurity Analyst candidate will have the expertise and skills described below.
Education, Training and Previous Experience
Candidates will be evaluated primarily on their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
●BS or MA in computer science, information security, cybersecurity or a related field
●3+ years of experience in IT audit, network operations, enterprise risk management, penetration tester, red team/incident responder, or as a junior security operations analyst.
●3+ years of experience with regulatory compliance and information security management frameworks (such as International Organization for Standardization [ISO] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
●Certified Cybersecurity Analyst+ (CompTIA CySA+)
Business and Technical Experience
●Experience monitoring security information and event management (SIEM) systems & tools
●Experience with network and security technologies, such as firewalls, IDS/IPS,
●Experience configuring and utilizing and vulnerability assessment technologies
●Experience with monitoring networks, detecting threats, and responding to incidents.
●Experience with report writing, investigational techniques and communicating to large audiences.
Knowledge and Skills
●Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
●An ability to effectively influence others to modify their opinions, plans or behaviors
●An understanding of organizational mission, values, goals and consistent application of this knowledge
●Strong problem-solving, critical thinking and troubleshooting skills
●Ability to establish and maintain effective working relationships with others
