Sign In




Cyber Defense AnalystCyber Defense AnalystFalseFalse214889,<p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;"><strong>PRIMARY PURPOSE OF POSITION:</strong><br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">Perform the Security Monitoring process and escalate relevant issues to the Cyber Defense and Monitoring Team Lead.   Identify potential security incidents and forward to the Incident Handling & Response team for analysis and remediation as appropriate. Uses data collected from a variety of cyber defense tools (e. g. , IDS alerts, firewalls, network traffic logs. ) to analyze events that occur within their environments for the purposes of mitigating threats. </p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;"> </p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;"><strong> PRIMARY DUTIES AND ACCOUNTABILITIES:</strong><br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including, but not limited to: log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status. Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts. Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. <br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis.   Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack. <br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets. <br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Provide daily summary reports of network events and activity relevant to cyber defense practices. Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. <br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Maintain adherence to Corporate Security Operations Center standards, policies & procedures<br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies<br></p><br><p style="MARGIN-BOTTOM:0px;MARGIN-TOP:0px;">- Participate in efforts to analyze & define security filters & rules for a variety of security parameters<br></p>