Using data collected from cyber defense tools to analyze events within their organization to detect and mitigate cyber threats. Investigates, analyzes, and responds to cybersecurity incidents. Proactively searches for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs), and recommends mitigation plans.
Correlate incident data to identify vulnerabilities.
Analyze and report cyber defense trends.
Perform cybersecurity reviews and identify security gaps in security architecture to inform risk mitigation strategies.
Use cybersecurity products and security control technologies to reduce identified risk to an acceptable level.
Triage incidents to identify specific vulnerability, determine scope, urgency, and potential impact, make recommendations that enable expeditious remediation.
Perform both internal and external audits to meet compliance requirements.
Perform initial collection of images to relevant forensic standards; inspect to evaluate possible mitigation and remediation measures.
Perform incident response tasks to support deployable incident response teams, including forensic collection, intrusion correlation, tracking, threat analysis, and system remediation.
Bachelor’s degree in Information Security/Computer Science, or equivalent field.
2+ years of experience in Information Security or relevant field.
Competencies (Knowledge, Skills & Abilities):
SIEM, EDR, IPS/IDS, Anti-virus knowledge.
Familiar with programming and scripting languages.
Knowledge of host-based and network-based intrusion detection methodologies and techniques.
Knowledge of defense-in-depth principles and network security architecture.
Knowledge of best practices for incident response and incident management.
Knowledge of the stages of a cyberattack.
Knowledge of attackers relevant to the organization's tactics, techniques, and procedures.
Knowledge of different types of cyber attackers, their capabilities, and their objectives.
Knowledge of Windows, UNIX, and Linux operating systems.
Skilled in collecting data from a variety of cybersecurity resources.
Skilled in conducting trend analysis.
Skilled in using security event correlation tools effectively.
Skilled in effectively performing root cause analysis for cybersecurity issues.