Information Security Privacy Analyst IV

Cyber Threat Analyst - IV

The CISO Operations portfolio is in need of a Cyber Threat Analyst supporting its CSOC Support Team (CST) program. This resource will be working directly with the Threat Management / Threat Hunt Team to identify and assess the capabilities and activities of cyber criminals and/or foreign intelligence entities; produce analysis to help initialize and/or support law enforcement as well as counterintelligence activities and investigations.

Strong working knowledge of:

Cyber Threat Intelligence Analysis and Reporting

Cyber Defense Techniques

Adversary Tactics, Techniques, and Procedures (TTPs)

Boolean Logic

TCP/IP Fundamentals

Network Level Exploits

Threat Management

Excellent oral and written communication skills

Excellent interpersonal and organizational skills

Experience in Operations Centers, Incident Response, Threat Hunting, and Cyber Forensics are a plus

Tasks will include the following:

y to perform Threat Hunting within domains/networks utilizing Cyber Forensics resources.

Characterize and analyze network traffic to identify anomalous and potential threats to network resources.

Coordinate with enterprise-wide cyber defense staff to validate network alerts.

Document and escalate incidents (including events history, status, and potential impact for further action) that may cause on-going and immediate impact to the environment.

Perform cyber defense trend analysis and reporting.

Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of and observed attack.

Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

Determine tactics, techniques, and procedures (TTPs) for intrusion sets.

Conduct research, analysis, and correlation across a wide range of variety of all source data sets (indications and warnings).

Isolate and remove malware.

Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the events history, status, and potential impact for further action in accordance with the organizations cyber incident response plan.

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Knowledge, Skills, and Abilities (KSAs)

Knowledge:

Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

Knowledge of cyber threats and vulnerabilities.

Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge of authentication, authorization, and access control methods.

Knowledge of cyber defense and vulnerability assessment tools and their capabilities.

Knowledge of database systems.

Knowledge of incident response and handling methodologies.

Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge of network traffic analysis methods.

Knowledge of new and emerging information technology (IT) and cybersecurity technologies.

Knowledge of operating systems.

Knowledge of security system design tools, methods, and techniques.

Knowledge of Virtual Private Network (VPN) security.

Knowledge of what constitutes a network attack and a network attacks relationship to both threats and vulnerabilities.

Knowledge of adversarial tactics, techniques, and procedures.

Knowledge of network tools (e.g., ping, traceroute, ns lookup).

Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WMAN).

Knowledge of file extensions (e.g... dell, .bat, .zip, .tar, gzip, etc.).

Knowledge of interpreted and compiled computer languages.

Knowledge of cyber defense and information security policies, procedures, and regulations.

Knowledge of common attack vectors on the network layer.

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tap dump).

Knowledge of operating system command-line tools.

Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.