Cyber Defense Analyst

Working knowledge of computer network defense and vulnerability assessment tools and their capabilities.

• Working knowledge of network protocols (e.g., TCP/IP (Transmission Control Protocol/Internet Protocol), DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System).
• Working knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of new and emerging information technology (IT) and information security

technologies.

• Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to accurately and completely source all data used in intelligence, assessment, and/or planning products.
• Skill in using incident handling methodologies.
• Skill in collecting data from a variety of cyber defense resources.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in assessing security controls based on cybersecurity principles and tenets.
• Skill in implementing security controls and tools.
• Strong interpersonal and communication skills.
• Ability to achieve goals through influence, collaboration, and cooperation.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to produce technical documentation.

Perform assessments of systems and networks within the College environment and identify where those systems/networks deviate from approved configurations, or College policy.
o Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
o Conduct vulnerability scanning activities across the enterprise.
o Analyze scan results to identify security weaknesses, misconfigurations, and areas of elevated risk.
o Correlate vulnerability data with current threat intelligence to assess exploitability and potential impact.
o Produce detailed reports on identified vulnerabilities, severity levels, business impact, and remediation status.
o Coordinate and support remediation efforts across business owners and support teams.
o Supports security awareness and education efforts for the College community, i.e. Employees, Students, Contractors, Volunteers, etc.

• Analyze data from cyber defense tools (e.g. Vulnerability Management tools, EDR, SEG, IDS alerts, firewalls, network traffic logs) for the purposes of mitigating threats.

o Review SIEM and/or audit logs to identify anomalous activity and potential threats to network resources.
o Perform continuous monitoring and analysis of system and user activity to identify malicious activity.
o Maintain detailed tracking of vulnerabilities, including deadlines, remediation progress, ownership, and closure.
o Manage, and update Plans of Action and Milestones (POA&Ms).
o Correlate events across a wide variety of source data (indications and warnings).
o Notify management of incidents that may require additional attention.
o Stay current with existing and evolving technologies to provide enhanced security service offerings to stakeholder groups.
o Act as a security consultant to help identify business needs and design appropriate security controls.
o Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

• Manage security incidents. Act as a trusted point of contact and provide expertise for incidents and executes incident response activities including escalation to upper management.

o Serve on the Cybersecurity Incident Response Team.
o Respond to alerts received from monitoring systems.
o Perform event correlation to gain situational awareness and determine the impact of an observed attack.
o Provide timely analysis of events to distinguish malicious incidents and events from benign activities.
o Analyze malicious activity to determine weaknesses exploited, exploitation methods, and effects on systems and information.
o Provide recommendations for improvements as needed.