Cybersecurity Analyst

About The Position

Requirements

• Ability to apply cybersecurity, privacy principles, computer networking concepts and protocols, and network security methodologies to assess and counter potential threats before they occur.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Knowledge of cyber defense and information security policies, procedures, and regulations.
• Knowledge of the common attack vectors on the network layer.
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• Skill in collecting data from a variety of cyber defense resources.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITILv4]).
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of network traffic analysis methods.
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored).
• Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
• Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
• Knowledge of how to use network analysis tools to identify vulnerabilities.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in performing packet-level analysis.
• 5+ years experience in identifying, detecting, and combating active and potential cybersecurity threats in a SOC/NOC environment.
• Ability to interact with a wide variety of individual personalities constructively and professionally.
• Interface with security analysts from government and non-government entities to conduct joint cyber security mitigation activities.
• Excellent problem-solving skills.
• Effective communication and interpersonal skills while interacting with users on a layman level.
• Demonstrate honesty, integrity, and respect for others, while being flexible and open to change.
• Ability to read, write and understand spoken and written English.
• Ability to write business reports and correspondence.
• Ability to clearly give verbal and written direction to assigned Information Technology staff.

Nice To Haves

• Recommended Certifications:  Security+, CSSP Analyst, CCNP Security, Server Platform Certifications (Microsoft, Linux), Cloud Security Certifications are a plus
• Experience in the Airline industry a plus.

Responsibilities

• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Use cyber defense tools for continual monitoring and analysis of the system to identify malicious activity.
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Receive and analyze network alerts from various sources within the enterprise and determine probable causes of such alerts.
• Perform cyber defense trend analysis and reporting.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Identify and analyze anomalies in network traffic using metadata.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Identify applications and operating systems of a network device based on network traffic.
• Be accessible via company phone and email 24/7 in case of emergency.