The Cyber Defense Analyst’s role primarily includes security assessments, data analysis, and incident response activities. Team members are expected to collaborate and support each other’s areas and assist in monitoring and responding to security events generated by internal systems or through external alerts.

Knowledge and Skills:

Working knowledge of computer network defense and vulnerability assessment tools and their capabilities.
• Working knowledge of network protocols (e.g., TCP/IP (Transmission Control Protocol/Internet Protocol), DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System).
• Working knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of new and emerging information technology (IT) and information security
technologies.
• Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to accurately and completely source all data used in intelligence, assessment, and/or planning products.
• Skill in using incident handling methodologies.
• Skill in collecting data from a variety of cyber defense resources.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in assessing security controls based on cybersecurity principles and tenets.
• Skill in implementing security controls and tools.
• Strong interpersonal and communication skills.
• Ability to achieve goals through influence, collaboration, and cooperation.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to produce technical documentation.

• Ability to handle and maintain confidential information.
• Ability to exercise judgment when policies are not well-defined.
• Ability to think critically, analyze issues and solve sensitive and complex problems under pressure.
• Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse

Job Description:

Perform assessments of systems and networks within the College environment and identify where those systems/networks deviate from approved configurations, or College policy.
o Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
o Conduct vulnerability scanning activities across the enterprise.
o Analyze scan results to identify security weaknesses, misconfigurations, and areas of elevated risk.
o Correlate vulnerability data with current threat intelligence to assess exploitability and potential impact.
o Produce detailed reports on identified vulnerabilities, severity levels, business impact, and remediation status.
o Coordinate and support remediation efforts across business owners and support teams.
o Supports security awareness and education efforts for the College community, i.e. Employees, Students, Contractors, Volunteers, etc.
• Analyze data from cyber defense tools (e.g. Vulnerability Management tools, EDR, SEG, IDS alerts, firewalls, network traffic logs) for the purposes of mitigating threats.
o Review SIEM and/or audit logs to identify anomalous activity and potential threats to network resources.
o Perform continuous monitoring and analysis of system and user activity to identify malicious activity.
o Maintain detailed tracking of vulnerabilities, including deadlines, remediation progress, ownership, and closure.
o Manage, and update Plans of Action and Milestones (POA&Ms).
o Correlate events across a wide variety of source data (indications and warnings).
o Notify management of incidents that may require additional attention.
o Stay current with existing and evolving technologies to provide enhanced security service offerings to stakeholder groups.
o Act as a security consultant to help identify business needs and design appropriate security controls.
o Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Manage security incidents. Act as a trusted point of contact and provide expertise for incidents and executes incident response activities including escalation to upper management.
o Serve on the Cybersecurity Incident Response Team.
o Respond to alerts received from monitoring systems.
o Perform event correlation to gain situational awareness and determine the impact of an observed attack.
o Provide timely analysis of events to distinguish malicious incidents and events from benign activities.
o Analyze malicious activity to determine weaknesses exploited, exploitation methods, and effects on systems and information.
o Provide recommendations for improvements as needed.

Qualification:

• Bachelor's degree from an accredited college or university with course work in cybersecurity and information technology or a related field, and/or any combination of education, training, and experience that provides the required knowledge, and expertise to perform the essential functions of the position.
• Three years of working experience in various aspects of information technology as an analyst/engineer or similar professional level, including systems administration, networking and/or application development.
• Three years of working experience in cybersecurity as an analyst or security engineer.
• Experience in incident handling/response and disaster recovery planning.
• Experience in OS, network, and application hardening using baselines such as CIS or STIG.