Job Details

  • Title: Cybersecurity Defense Analyst
  • Code: RCI-5064
  • Location: Saint Paul Minnesota (MN) 55117
  • Posted Date: 09/11/2020
  • Duration: 12 Months
Talk to our Recruiter

  Job Description

Cybersecurity Defense Analyst

 

Provide cyber defense services through threat hunting, incident response, and security content development to help protect the enterprise which includes internal and external computing assets, data, customers and brand reputation.

Core Job Responsibilities

• Monitor and respond to cyber-based threats to and deploy countermeasures as needed.

  • Use security technologies and tools, such as SIEM, IDS/IPS, endpoint detection and response (EDR), and Cyber Threat Intelligence (CTI) tools to protect the enterprise.
  • Participate in threat hunting missions and remediate gaps that are identified.
  • Contribute to the development of detections using MITRE ATT&CK and Cyber Kill chain frameworks.
  • Automate manual tasks through technology integrations via scripting and orchestration of playbooks.
  • Support the advancement of cyber threat intelligence and vulnerability management programs to ensure consistent detection, analysis, response, and monitoring of cybersecurity threats including actors, campaigns and vulnerabilities.
  • Compose and deliver Situation Reports for key stakeholders.
  • Participate in cross-team coordination to achieve defined security goals as well as meet technical requirements in support of detailed implementation plans for security projects.
  • Perform assessment of cybersecurity incidents to identify the root cause, respond, and recover the environment.
  • Contribute to the development and refinement of metrics packages.

Qualifications

  • Bachelor’s degree in Cybersecurity or IT related field
  • 3+ years of experience working in the Information Technology field.
  • 1+ years of experience directly related to the area of incident response, digital forensics, malware analysis, threat hunting, cyber threat intelligence, or content development/tuning, preferred.
  • Preferred experience working with Cloud and/or ICS/SCADA environments
  • GIAC (GCIH, GICSP, GRID, GSEC, GCFA, GREM), OSCP or equivalent certifications preferred.
  • Be a team player committed to the mission and continuous development of the Cyber Threat Action Center, peers, and customers.
  • Experience with programming and scripting languages, preferably Python and PowerShell.
  • Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.
  • Be available for on-call duty to handle high-impact cybersecurity incidents.
  • Be driven for personal development through security conferences, Capture the Flags (CTF), lab time and research.