Reporting to the office of the Global Information Security Officer, the Cyber Defense Analyst is responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks.
Duties and Responsibilities
• Characterize and analyze network traffic to ide ntify anomalous activity and potential threats to network resources.
• Coordinate with enterprise-wide cyber defense staff to validate network alerts.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Isolate and remove malware.
Ability to interpret the information collected by network tools.
Knowledge of the following:
• Cyber threats and vulnerabilities.
• Authentication, authorization, and access control methods.
• Host/network access control mechanisms
• Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Network traffic analysis methods.
• Developing and deploying signatures.
• detecting host and network-based intrusions via intrusion detection technologies
• Incident handling methodologies.
• packet-level analysis
FireEye Helix and Endpoint experience.