Cybersecurity Operations Analyst Ii

Purpose Statement: The Security Operations Analyst uses advanced network and host-based tools to search through datasets to detect and respond to imminent and potential threats that evade traditional security solutions. The Security Operations Analyst is responsible for day-to-day security threat monitoring, analysis, and response. Responsible for managing security incidents and reviewing security alerts, known or suspected security threats, as part of the incident response lifecycle. The Security Operations Analyst is focused on adhering to threat intelligence gathering and integration, forensics, incident response, & vulnerability management best practices.

Key Job Accountabilities:

- Conduct operational monitoring and investigate incidents using SIEM and UEBA technologies, packet captures, reports, data visualization, and pattern analysis. Perform real-time alert monitoring and risk mitigation.
- Serve as an escalation point for other analysts during the course of advanced incident investigation and provide Incident Response (IR) support when analysis confirms actionable incident.
- Use logs & forensic data to develop timeline for an incident to understand what happened in detail.
- Investigate, document, and report on information security issues and emerging trends.
- Provide intermediate-level event analysis, incident detection, and guidance on response action plans for events and incidents. Support the analysis of the results of a wide range of threat detection and incident response platforms.
- Leverage threat intelligence (to include Open-Source Intelligence (OSINT)) to identify and search for new malicious Indicators of Compromise (IOCs).
- Leverage security tool stack to implement new or enhanced threat detection logic, signatures, and/or IOCs.
- Leverage variety of security tools and offensive security techniques to assist in the planning & executing of ethical penetration tests for the evaluation of cybersecurity risk.

Additional Accountabilities:

- Maintain knowledge of cybersecurity best practices and emerging technology, including frameworks and regulations & current threat trends.
- Provide threat and vulnerability analysis as well as security advisory services. Analyze and respond to previously undisclosed software and hardware vulnerabilities.
- Develop and implement appropriate security operations documentation, including runbooks, playbooks, and procedures.
- Creation of operational dashboards and will regularly report key performance indicators and metrics.
- Collect and analyze artifacts including malicious executables, scripts, documents, and packet captures.
- Exhibit strong critical thinking and problem solving skills with sound judgement.
- Maintain or develop professional contacts within the various communities in support of operations.
- Configuration & sustainment of data sources; fine tuning of alerts to enable operational monitoring.
- Additional duties as required.

Education/Experience Qualifications:

- A minimum of a _Bachelor’s degree_ is required; a _Bachelor’s degree in IT or cybersecurity related field_ is preferred.
- _ 3-5 years_ or more years of related experience is required.

An equivalent combination of education, certifications, or experience sufficient to successfully perform the key job accountabilities may be considered.

Other Qualifications:

- Experience analyzing possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.
- Foundational knowledge of advanced cyber threats, threat vectors, attacker methodology to include, tools, tactics, and procedures and how they tie into the Cyber Kill Chain or ATT&CK framework.
- Experience with premium threat intelligence tooling and/or open source intelligence techniques.
- In depth
- hands on experience with technical security solutions (firewalls, SIEM, NIDS/NIPS/HIDS/HIPS, AV, DLP, proxies, network behavioral analytics, endpoint, and cloud security).
- GCIA, GCIH, GCFE, GCFA, OSCP, GPEN, or CEH not required, but is preferred

Work Environment:

- The work setting should consist of an office environment with suitable lighting, comfortable temperatures, and a low noise level.
- This document does not represent a contract of employment and is not intended to capture every possible assignment the incumbent could be asked to perform._