Senior Analyst, Cyber Security

General Definition of Work

The cybersecurity senior analyst, under intermittent supervision, performs highly complex work with intermediate decision-making discretion related to supporting the development and implementation of programs that identify and manage operational technology cyber security threats and deliver protection capabilities and solutions to reduce security-related risks. This includes discovering vulnerabilities and risks in networks, software systems and data centers with ongoing vulnerability scans, monitoring network data, and ensuring hardware and software applications are updated. Employee performs district-level work to carry out Board of Education policies under the direction of the Cybersecurity Officer.

Essential Functions

• Adhere to all state, federal, and local laws, policies, and procedures
• Analyze, investigate, and resolve cyber security incidents related to operational and information technology environments
• Correlate event data from security platforms, systems, firewalls, secure email, and web gateways for potential threats and drive mitigation actions
• Initiate escalation procedures to counter-act potential threats and vulnerabilities, document findings, and recommend remediation and prevention procedures
• Write and publish cyber incident reports detailing incident findings and mitigation/remediation recommendations
• Create, update, and maintain security investigation playbooks/runbooks
• Create and develop new detection methods and enhancements to existing security technologies
• Identify Indicators of Compromise (IOCs) and integrate those into security technologies and SIEMs
• Provide technical recommendations for existing security products to create actionable alerts and reduce false positive rates
• Manage all district infrastructure, security assets, and Microsoft software licenses, from acquisition to dissemination, to meet project needs for district initiatives
• Perform related work as assigned or required

Knowledge, Skills, Abilities

• Knowledge and understanding of the principles, practices, and procedures of cybersecurity

• Knowledge in performing programming and scripting tasks, network traffic analysis, and using advanced network security tools
• Knowledge in conducting analysis of log data, data correlation, and device support of intrusion analysis
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs)
• Operating knowledge of computer programs, including email, word processing, spreadsheets, and databases
• Strong problem solving and critical thinking skills
• Skilled in communication, both verbal and written

• Ability to work effectively in a deadline-driven, rapidly changing team environment

• Ability to present complex technical issues and their impact in an easy-to-understand manner
• Ability to research and track Advanced Persistent Threats (APT's) campaigns
• Ability to problem-solve utilizing sound judgment

• Ability to take initiative and work independently

• Ability to provide high-performing technical expertise with minimal oversight
• Expert in delivering enterprise cyber security and incident handling and reporting

• Ability to establish and maintain positive relationships; work collaboratively within and across departments, external agencies, and the public
• Ability to perform detailed work, planning, risk assessments, and associated risk mitigation actions