Cyber Threat Analyst II

• Bachelors degree in Information Technology or related field and two (2) years of prior relevant experience or equivalent combination of education and directly related experience.

Preferred Special Skills, Knowledge or Qualifications:

• Demonstrated knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Proficiency in Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Experience deploying and configuring Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, LogRhythm, or comparable.
• Experience deploying and configuring Endpoint Detection and Response (EDR) technology such as Carbon Black, CrowdStrike, FireEye, CyberReason, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery
• Familiarity with cyber security operations within cloud environments such as Microsoft Azure or Amazon AWS
• Skill in cyber security research, planning and implementation of technology and techniques to protect Company networks and data; Familiarity with PowerShell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.
• Basic knowledge of electrical industrial control systems (ICS) and related ICS/SCADA communication protocols is desired.
• Preferred Certifications: COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA CyberOps).

1) Executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems.

2) Handles escalated alerts and/or successful compromises to support incident response investigations.

3) Assists in remediating cyber security incidents as assigned.

4) Identifies and corrects detected information system vulnerabilities.

5) Participates in cyber security incident response trainings and exercises.

6) Provides information to management regarding the negative impact on the business caused by data theft, destruction, alteration or denial of service to information and systems.

7) Assists leaders in processing and disseminating information from threat intelligence sources.

8) Supports system processes to help identify and select cyber security tools and platforms.

9) Assists in documenting exception reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines.

10) Develops and delivers trainings to support managed security service provider (MSSP) contractors.

11) May help train and assist entry level employees

Key Level Differentiators:

- Works to achieve operational targets which has some impact on the overall achievement of results for the department.

- Works to achieve operational targets within Cyber Security area with direct impact on department results

- Work is of limited scope, typically on smaller, less complex projects/ assignments.

- Analyzes standard to moderately complex technical problems and solves them using judgment and prior experience.

- Under limited supervision, implements or supports projects/assignments.

- Conducts research and analysis to solve cyber security moderately complex attacks and related problems.

- Decision making has limited impact on department.