Primary mission is to detect, analyze, investigate, and defend against sophisticated digital attacks. The Cyber Analyst Associate will conduct analyses and investigations with guidance from senior members of the team. As a member of the Cyber Security Operation Center Organization, the successful incumbent will work alongside their peers towards this mission in the Cyber Security Operation Center.
The Cyber Analyst (Junior Level) will have a technical education background and knowledge of any of the following: forensics, malware studies, programming, OSI models, network theory, etc. Significant training on cyber/security analysis will be provided to the successful incumbent.
- Employ advanced forensic tools
- Perform network traffic analysis
- Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
- Applies technical principles, theories, and concepts to complete assignments of limited scope.
- Provide recommendation for containment measures in industry automation environments together and with guidance of the senior level member of the team
- Performs standard work described above and consults other, more senior members of the team to work through more complex, less clearly-defined issues
- Review threat data from various sources and develops custom signatures for Open Source Intrusion Detection
- Systems (IDS) or other custom detection capabilities
- Demonstrates a basic grasp of knowledge and principles in field of specialization
Required Knowledge/Skills, Education, and Experience
- BS/BA in related discipline, or advanced degree, where required, or equivalent combination of education and experience. Disciplines may include computer science, computer engineering, mathematics and physics.
- Certification may be required in some areas.
- Typically 1-2 years of work experience and experience in a related field preferred, but not required. Successful demonstration or potential to perform key responsibilities as presented above. Advanced degree may be substituted for experience, where applicable.
- Familiar with Information Assurance Engineering concepts and related tools focusing on disciplines related to
- Intrusion Detection / Prevention, Forensics, Network and Operational Security analysis.
- Demonstrated ability to learn in a fast-paced environment
- Written and verbal communication skills
Preferred Knowledge/Skills, Education, and Experience
- May have knowledge or experience in some of the following areas:
- Firewalls, Proxies, VPN, covert tunneling, Layer 3 switching, intrusion detection systems and data reconstruction
- Windows File System structure, and ability to recover deleted files, search hidden files, access the ADS and analyze disk slack space
- UNIX/LINUX system administration, configuration, troubleshooting, scripting skills
- Understanding of complex Network Infrastructures
- Ability to analyze the Windows registry
- Network signature analysis with tools such as SNORT, NetFLOW, WireShark, tcpdump or related tools
- Central log collection, indexes, searching and analysis
- Interpret logs in the context of security events/intrusions and make accurate conclusions
- General understanding of production plant and automation environments