The Cyber Security Analyst is a central role as part of the front line of cyber defense, detecting and responding to incidents and keeping abreast of emerging trends. The role serves as the escalation point collaborating with the Managed Detection and Response (MDR) provider to triage alerts based on relevance and urgency and provides analysis to business stakeholders about the overall security posture in order to mitigate risk. Responsibilities include threat detection and response, security toolset configuration, leveraging various Threat Intelligence sources to hunt and classify malicious behavior, and coordinating the Vulnerability Management process.
Responsibilities
- Work with the Manager of Cyber Security to establish and enhance the Cybersecurity program, implementing projects that reduce risk and satisfy business security requirements.
- Monitor, research and classify security events and incidents triggered by endpoint and network security tools.
- Maintain and follow runbooks/playbooks for security event alerts and incidents.
- Analyze and share Threat Intelligence and determine impact for the organization.
- Implement and maintain the Threat Intelligence Platform for curated threat intelligence and case management.
- Develop and coordinate processes for Continuous Logging and Monitoring, SIEM and Incident Response.
- Monitor and report on emerging risk and compliance with organizational security policies.
- Enhance key performance indicators, metrics and ongoing monitoring.
- Support internal and external audits and assessments and recommend appropriate mitigations to treat identified risks.
- Support the Vulnerability Management program by conducting recurring scans of all systems and applications, providing guidance to IT teams for the remediation of identified vulnerabilities.
- Participate in business continuity and disaster recovery planning, as well as change management forums.
- Stay current on topics in Information Security by researching emerging trends, technologies, threats, and vulnerabilities.
- Minimum of 1 to 2 years' experience in Security Operations and/or other IT-related fields (Networking, Systems Administration).
- Bachelor's degree in a technology field preferred.
- Certification in one or more areas, or willingness to obtain: BTL1, CISSP, GIAC, OSCP, Sec+, CEH or similar.
- Familiarity with scripting (Python, Bash and/or PowerShell).
- Familiarity with the NIST Cybersecurity Framework, MITRE ATT&CK, OWASP Top 10, CWE/SANS Top 25, NIST 800-53, ISO 27001/27002, and CIS CSC.
- Experience developing and maintaining policies, procedures, standards, and guidelines.
- Experience working in a regulated environment preferred.