Job Summary
The Cybersecurity Analyst will help mature the company's cybersecurity posture through operational practices, governance, risk, and compliance. They will be the third-party Security Operations Center's primary contact and lead security events, incident response, and remediation from a technical position. Provide lessons learned and recommendations to update security policies and controls.
Key Responsibilities
Cybersecurity Investigations
- Work with third-party SOC as primary escalation point to lead Containment, Eradication, and Remediation steps during cybersecurity events and incidents.
- Triage and investigate phishing emails, and act as an escalation point for phishing escalations.
- Mentor the IT staff on how to perform investigations.
Azure and Exchange Online Reviews and Investigations
- On-prem AD and Azure AD: Review, investigate, and recommend for Identity Access Management and Privileged Access Management alerts.
- Exchange Online: Review and investigate focused on phishing and quarantined emails. Hunt for accounts with forwarding rules.
Recommend improvements to Cybersecurity Controls
- Use lessons learned from security events, incidents, phishing, and Vulnerability management to recommend new controls
- Research threat groups to keep Cybersecurity Governance, Risk, and Compliance team updated on current and potential threat actions
- Attack surface management scanning and reporting
Governance, Risk, Compliance
- Work with the Cybersecurity Manager to write, edit, and review policies and procedures for the company.
- Write or review Request for Proposals to vendors for services
- Assists with user awareness training
Qualifications
- Education Minimum Required: Associate degree or equivalent. Preferred, Graduate of a college or university program in Cybersecurity, Digital Forensics, Information Assurance, or a related study
- Antisyphon classes such as SOC Core Skills, Getting Started in Security
- Experience - Minimum Required: 2 or more years in Security Operations working Incident Response. Preferred: Hands on experience NIST Incident and Response or SANS Incident Response cycles.
- Familiar with the Pyramid of Pain
- Familiar with the Cybersecurity Kil Chain
- Familiar with the Diamond Model of Intrusion Analysis
- Familiar with Mitre ATT&CK, CAR, and D3fend
- Familiar with NIST Cybersecurity Framework
- User awareness training
- Job Specific Skills, minimum required:
- Windows System Administration
- Linux System Administration
- Email administration
- Writing and Editing
- Knowledge of Cybersecurity Incident Response processes
- Valid passport for travel to Canada and Mexico
- Preferred: Python or PowerShell scripting
- Understand Incident Response cycle
- Technical skills gained in Security Operations Center or Incident Response role.
Working Conditions
The following working conditions are present or expected on a daily basis:
- Travel may be required
- Ability to conduct presentations.
- Manual dexterity required to use desktop computer and peripherals
IMPORTANT NOTE
The organization reserves the right to change, amend or disuse this job description at any time. This document is intended to provide an overview of the required responsibilities and qualifications.
