Remote - Cyber Security Analyst

ESSENTIAL DUTIES & RESPONSIBILITIES:

• Performs threat and vulnerability assessments and provides subject matter expertise on appropriate threat mitigation approaches
• Supports cyber security initiatives through both predictive and reactive analysis
• Identifies intrusion activity by leveraging alert data from multiple sensors and systems and determines priority for response
• Monitors, evaluates, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases
• Uses attack signatures and tactics, techniques and procedures (TTPs) to aid in threat detection and discovery
• Conducts basic malware analysis of attacker tools and identifies indicators of compromise (IOC)s
• Collaborates with other IT team members to develop and implement innovative strategies for monitoring and preventing attacks
• Conducts research on emerging security threats
• Proposes additional components and techniques that could be used to proactively detect and prevent malicious activity
• Manage the SOC mailbox, and monitor and analyze the emails for threats including phishing and malware, and escalates per procedures
• Participates in the investigations of information security incidents and may prepare reports on intrusions as required
• Maintains an understanding of the current threats, vulnerabilities, response and mitigation strategies used to support cyber security operations
• Logs and records all security incidents to internal ticketing system
• Collects malware artifacts safely for analysis and incident investigations
• Examines suspicious emails for malicious content and provide recommendations on remediation actions
• Performs URL/domain analysis to identify and report any malicious indicators associated with the resource and evaluates associated risks
• Provides other services as a key member of the Cyber Division including but not limited to: • Information security review and approval of changes to COH networks, servers and end devices in collaboration with the Infrastructure Team
• Security sensor policies for IDS/IPS, Firewalls, web security gateways and logging
• Continuous control monitoring including baseline security configuration monitoring
• Investigations and forensics
• Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis
• Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies
• Other duties as assigned

Education and/or Experience:

• Experience in the information security field required.
• Bachelor’s Degree in relevant field of study or equivalent combination of education and experience required
• IT certifications -CISSP required.
• IT certifications- CEH, GICSP, Cisco CCENT/CCNA preferred.
• Knowledge of cyber security frameworks such as NIST CSF, CIS, and Mitre ATT&CK.
• Experience performing vulnerability scanning, penetration testing, and vulnerability management.
• Experience performing threat modeling and security review to assess new designs and security requirements for new technologies.
• Experience with responding to security related incidents, incident response, conducting table top exercises.
• Experience with developing procedures and runbooks for a SOC.
• Experience with analyzing system, application, security, network logging data from a SIEM to create actionable work tasks for a SOC, or other IT staff.
• Experience with Windows Servers, enterprise anti-virus, endpoint security, application listing technologies, SIEM, logging configurations, IDS/IPS, authentication methods, TCP/IP, packet capture and analysis, Microsoft AZURE Cloud Services.
• Ability to effectively communicate technical information to a non-technical audience.