Lead Cyber Security Operations Analyst
- JOB SUMMARY
The Lead Cyber Security Operations Analyst works both independently and collaboratively with EBSI Managed Security Service Provider, Incident Response Team, Information Security Engineers, IT systems engineers, and software engineers. The primary responsibility for this individual will be operate as the tier three security operations analyst, subject matter expert, e-discovery/Digital forensics and cyber threat intelligence fusion cell on the cybersecurity operations team.
- ESSENTIAL FUNCTIONS
Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.
- Lead cyber security operations analysts have the responsibility of being the highest technical escalation point of a cyber incident investigating and determining, based on analysis, if an Incident is to be decleared and board reportable.
- Manage internal/external interactions and communications with stakeholders in a professional manner , referring problems to and communicating with the appropriate department manager/director.
- Follow legal evidentiary chain of custody during compromise investigations by documenting and communicating findings in the system of record for case management solution and after-action reporting
- Perform and validate network and host level digital forensic investigations to determine root cause of the compromise, intrusion, or breach
- Develop and implement cyber security playbooks and process flows in line with industry best pracitces and standards
- Developing, implementing, and documenting signatures and behavioral detection/prevention strategies that keep pace with emerging cyber threats
- Identify, drive, track, and document compromise remediaton efforts
- Declare EBSI official Incidents and be the transition point to the Incident Response team
- Process cyber threat intelligence in accordance with the "intelligence cycle": direction, collection, processing, analysis, dissemination, and feedback from open source, paid subscriptions, and government sources.
The above statements are intended to describe the nature of work performed by those in this job and are not an exhaustive list of all duties. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities to this job at any time which reflects management's assignment of essential functions.
III. MINIMUM EDUCATION, EXPERIENCE, SKILLS
- 3+ years of relevant commercial security operations experience or equivalent USCYBERCOM National Defense Team, MSSP, CERT, CNDSP work experience
- Must have at least one of the following cyber security technical certifications: SEC+/GSEC/CCSP/CYSA+
- In addition to one of the following: GCIH/GCFA/GNFA/GREM
- Familiarity with Linux, Windows, and cyber forensic evidence concepts
- Knowledge of malware families and network attack vectors.
- Knowledge about exploits, vulnerabilities, and cyber attacks
- Familiarity with performing host and network level analysis to determine if compromise occured.
- Familiarity with the Lockheed Cyber Kill Chain and MITRE AT&CK frameworks
- Must have the ability to attain at least a Secret US government clearance
- Possess planning, interpersonal, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
- Ability to speak both extemporaneously and in formal business settings.
- Have the ability to apply logic and reason to solve complex problems.
- Ability to establish and maintain multi-functional and positive working relationships.
- Advanced computer skills and proficiency.
- Strong interpersonal and networking skills with a solid ability to work in a team environment.
- Ability to work under stressful and tight deadlines as well as the ability to lead in a fast-paced environment.
- Above average computer hardware and software knowledge.
- Ability to multi-task, discerns patterns in detail.
- Think through problems for logical solutions and remain calm and professional under stress.
- Strong decision-making ability during both crisis and non-crisis situations.
- Able to work with highly confidential information.
- PHYSICAL/MENTAL DEMANDS AND WORK ENVIRONMENT CHARACTERISTICS
The physical/mental demands are representative of those that must be met by an individual to successfully perform the essential functions of the job.
The work environment characteristics described here are representative of those an individual would encounter while performing the essential functions of the job.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical/Mental Demands and Work Environment Characteristics :
☒ Ability to organize/coordinate ☒ Comprehend and follow instructions
☒ Direct, control and plan ☒ Independently make quick decisions to solve complex issues
☒ Problem Solve ☒ Analyze/Interpret data and information
☒ Perform with frequent interruptions ☒ Make decisions using sound judgment
☐ Supervise/Manage others
☐ Good eye/hand coordination ☐ Visual Acuity
☒ Use keyboard/computer/phone ☐ Detect/Distinguish smell
☐ Detect/Distinguish hearing ☐ Maintain stationary position
☐ Position self to move ☐ Move/Traverse
☐ Ascend/Descend (climb) ☐ Reaching
☐ Calibrate precise ☐ Ability to safely operate hand tools
☐ Move/Transport [X] lb. ☐ Repetitive movement activities
☒ Regular and predictable attendance
☐ Work around extreme temperatures - cold or hot
☐ Work around noise above conversation level
☒ Work in restricted access to laboratory area
☐ Exposure to dust/gas/fumes/steam/chemicals
☐ Work with Select Agents as defined by the CDC
☐ Work irregular hours that often include nights and weekends
☐ Work in multiple locations
20% travel; international included