Cyber Security Analyst

SUMMARY: The Cybersecurity Analyst is responsible for monitoring, documenting, and supporting the cybersecurity posture of the organizations's information technology systems. This role involves reviewing alerts, assisting in the maintenance of cybersecurity configurations, assessing weaknesses, vulnerabilities and escalating potential vulnerabilities or incidents to senior team members. The Cybersecurity Analyst also contributes to the documentation of cybersecurity events and helps ensure compliance with established cybersecurity policies and procedures. This role uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purpose of mitigating threats. ESSENTIAL DUTIES AND RESPONSIBILITIES: Provide timely detection, identification, and alerting on potential attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities Aid in the protection of the company's network and sensitive information using cyber defense tools for continual monitoring and analysis of systems to identify malicious activity including: Identifying cyber threat tactics and methods Identifying and correcting gaps in the company's cybersecurity posture Testing information systems for vulnerabilities Documenting and escalating incidents Analyzing network alerts from various sources within the enterprise and determining possible causes of such alerts Identifying and analyzing anomalies in network traffic or log data Monitoring risks and implementing cybersecurity systems to prevent attacks or breaches Responding to urgent cybersecurity events and incidents Reviewing events and incidents to understand root causes Monitoring reputation for hostile content directed towards organizational or partner interests Recommend procedures and/or changes to procedures necessary for good cyber hygiene Improve the overall cybersecurity posture of the organization's systems Determine the operational and safety impacts of cybersecurity lapses Prepare threat and target briefings and situational updates Monitor threat activities and prepare threat activity reports Manage and report on adversarial activities EDUCATION AND REQUIRED EXPERIENCE: A degree in business or technology is preferred (associate's or bachelors)3-5 years of experience in IT security Experience with SIEM, intrusion detection (IDS) and intrusion prevention (IPS) systems preferred Basic scripting (Python, PowerShell, Bash) Experience with vulnerability management Experience with network packet analysis Experience with log analysis and log management Experience with Cloud Security Management interfaces Experience with enterprise authentication systems, such as directory services or identity management platforms Experience with Incident handling and response preferred Working knowledge or core cybersecurity concepts such as the CIA triad, encryption algorithms, and risk management processes Working knowledge of computer networking protocols including how traffic flows within a network Working knowledge of cybersecurity laws and regulations Working knowledge of cybersecurity threats, threat characteristics, and vulnerabilities, and threat hunting Ability to prioritize security requests according to urgency and established criteria Ability to organize information and alerts from multiple sources to create a holistic picture of cybersecurity threats General understanding of security frameworks (NIST, MITRE Attack) preferred Familiarity with the variations, similarities, and differences between IT and OT network environments Experience working on project teams and project management is preferred Intermediate understanding of Threat Intelligence research and methodologies Familiarity with adversarial TTPs SKILLS, QUALIFICATIONS, AND OTHER REQUIREMENTS: Demonstrate excellent communication (written, verbal and listening) and interpersonal skills Superior organizational skills and attention to detail Must possess a proven ability to deliver high-quality customer service Ability to triage and prioritize security related data quickly Ability to respond to work after hours and weekends as needed PHYSICAL DEMANDS: Requires sufficient personal mobility and physical reflexes, to permit the employee to function in a general office environment and accomplish tasks and duties as outlined above. WORK ENVIRONMENT: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually quiet.