Cyber Defense Analyst

Job Title: Cyber Defense Analyst

Location: Rockville Maryland

Duration: 12 Months

Job Profile Summary:

The Cyber Defense Analysts role primarily includes security assessments data analysis and incident response activities. Team members are expected to collaborate and support each others areas and assist in monitoring and responding to security events generated by internal systems or through external alerts.

Job Description:

Essential Functions:

• Perform assessments of systems and networks within the College environment and identify where those systems/networks deviate from approved configurations or College policy.
• Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
• Conduct vulnerability scanning activities across the enterprise.
• Analyze scan results to identify security weaknesses misconfigurations and areas of elevated risk.
• Correlate vulnerability data with current threat intelligence to assess exploitability and potential impact.
• Produce detailed reports on identified vulnerabilities severity levels business impact and remediation status.
• Coordinate and support remediation efforts across business owners and support teams.
• Supports security awareness and education efforts for the College community i.e.
• Employees Students Contractors Volunteers etc.
• Analyze data from cyber defense tools (e.g. Vulnerability Management tools EDR SEG IDS alerts firewalls network traffic logs) for the purposes of mitigating threats.
• Review SIEM and/or audit logs to identify anomalous activity and potential threats to network resources.
• Perform continuous monitoring and analysis of system and user activity to identify malicious activity.
• Maintain detailed tracking of vulnerabilities including deadlines remediation progress ownership and closure.
• Manage and update Plans of Action and Milestones (POA&Ms).
• Correlate events across a wide variety of source data (indications and warnings).
• Notify management of incidents that may require additional attention.
• Stay current with existing and evolving technologies to provide enhanced security service offerings to stakeholder groups.
• Act as a security consultant to help identify business needs and design appropriate security controls.
• Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Manage security incidents. Act as a trusted point of contact and provide expertise for incidents and executes incident response activities including escalation to upper management.
• Serve on the Cybersecurity Incident Response Team.
• Respond to alerts received from monitoring systems.
• Perform event correlation to gain situational awareness and determine the impact of an observed attack.
• Provide timely analysis of events to distinguish malicious incidents and events from benign activities.
• Analyze malicious activity to determine weaknesses exploited exploitation methods and effects on systems and information.
• Provide recommendations for improvements as needed.

Basic Qualifications:

• Bachelors degree from an accredited college or university with course work in cybersecurity and information technology or a related field and/or any combination of education training and experience that provides the required knowledge and expertise to perform the essential functions of the position.
• Three years of working experience in various aspects of information technology as an analyst/engineer or similar professional level including systems administration networking and/or application development.
• Three years of working experience in cybersecurity as an analyst or security engineer.
• Experience in incident handling/response and disaster recovery planning.
• Experience in OS network and application hardening using baselines such as CIS or STIG.

Knowledge Skills and Abilities:

• Working knowledge of computer network defense and vulnerability assessment tools and their capabilities.
• Working knowledge of network protocols (e.g. TCP/IP (Transmission Control Protocol/Internet Protocol) DHCP (Dynamic Host Configuration Protocol) DNS (Domain Name System).
• Working knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
• Knowledge of new and emerging information technology (IT) and information security technologies.
• Knowledge of data backup types of backups (e.g. full incremental) and recovery concepts and tools.
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to accurately and completely source all data used in intelligence assessment and/or planning products.
• Skill in using incident handling methodologies.
• Skill in collecting data from a variety of cyber defense resources.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in assessing security controls based on cybersecurity principles and tenets.
• Skill in implementing security controls and tools.
• Strong interpersonal and communication skills.
• Ability to achieve goals through influence collaboration and cooperation.
• Ability to communicate complex information concepts or ideas in a confident and well organized manner through verbal written and/or visual means.
• Ability to produce technical documentation.
• Ability to handle and maintain confidential information.
• Ability to exercise judgment when policies are not well-defined.
• Ability to think critically analyze issues and solve sensitive and complex problems under pressure.
• Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.

Competencies:

• Decision Making
  • Decisions may affect a work unit or area within a department. May contribute to business and operational decisions that affect the department.
• Problem Solving
  • Problems are varied requiring analysis or interpretation of the situation. Problems are solved using knowledge and skills and general precedents and practices.
• Independence of Action
  • Results are defined and existing practices are used as guidelines to determine specific work methods and carries out work activities independently; supervisor/manager is available to resolve problems.
• Communication and Collaboration
  • Contacts and information are primarily within the jobs working group department and/or campus.
  • Contacts and information sharing are external to the jobs department but internal to the campus/campuses (i.e. other departments/campuses central administration/services such as Human Resources Payroll Finance Facilities Mail Services Student Services etc.)
  • Contacts and information sharing are internal/external to the College for the primary reason of scheduling coordinating services collaborating etc.

Required Industry Certifications:

• At least one relevant certification e.g. Security GSEC GCIH GX-CS SSCP CEH Pentest.