Cybersecurity Analyst - IT Security Services

Summary

The Cybersecurity Analyst is responsible for monitoring, analyzing, and responding to security alerts and events from CRD systems and users. Working as an Integral part of Cybersecurity team the Analyst is responsible for the support and maintenance of technologies to uphold security operations of the CRD. The primary objective of the role is the analysis and categorization of alerts or other events, including ongoing maintenance and configuration of systems, policies, and tools, as well as assisting with supporting the design and integration of new technology focused tools and applications from a cybersecurity perspective.

Key Duties & Responsibilities

• Monitor the CRD technology landscape for security incidents, unusual activity, and events.
• Monitor security events and alerts utilizing security response tools such as EDR, SEIM, IDS/IPS, email security, user reports, and others.
• Perform security investigations as required using threat intel sources.
• Perform post-event analysis of security incidents and create incident reports.
• Run vulnerabilities scans and report findings and work collaboratively with IT application and infrastructure teams to action vulnerability findings.
• Threat hunting activities as required using threat intel sources.
• Perform risk assessments and compliance reporting including cloud security.
• Performs penetration tests, TTE's and other red team exercises.
• Assists in development and promotion of security best practices.
• Installs and integrates security software and devices.
• Maintains and operates security software and devices.
• Participate in Incident Response and Disaster Response planning and testing.
• Work with other IT teams to ensure security systems are maintained and integrated.
• Conduct forensic analysis of security incidents as required.
• Follows all policies, procedures and standards of the CRD.
• Performs other related duties as required.

Additional Information

Please upload certifications listed below with your application submission:

• OSCP
• SC-200

Key Skills & Abilities

• Knowledge of security principles and best practices
• Familiarity with security tools and technologies such as: Security Information and Event Management (SIEM) systems, ZTNA (Zero Trust Network Architecture), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), firewalls, Endpoint Detection and Response (EDR) and Antivirus (AV) systems, Network Access Control (NAC) systems, Data Loss Prevention (DLP) systems, vulnerability scanners, firewalls, red team/penetration testing tools, and security education and awareness platforms.
• Knowledge of networking protocols and OT technologies
• Proficiency in utilizing various security assessment tools and frameworks for both IT/OT including but not limited to Kali Linux, Nessus, Burp Suite, CIS benchmarks, MITRE ATT&CK
• Experience with virtualization technologies such as VMware
• Experience with Microsoft Security stack (MDO, MDE, MDI, Purview and Sentinel )
• Familiarity with cloud computing platforms such as AWS or Azure
• Experience with scripting languages such as Python or PowerShell
• Familiarity with web application security concepts such as OWASP Top 10
• Familiarity with Cybersecurity Frameworks for both IT/OT such as NIST CSF 2.0, ISO27001/27002 and IEC 62443) etc.
• Strong assessment and problem-solving skills, including attention to detail, ability to research, analyze, interpret, and summarize issues.
• Excellent verbal and written communication skills and ability to maintain good working relationships with professionalism, tact, confidentiality, and discretion.
• Ability to excel in a dynamic environment, including working under pressure with unpredictable variables and meeting deadlines.
• Willingness to learn and keep skill set current with the latest security trends and threats.
• Ability to occasionally adjust hours of work to respond to operational requirements.
• Experience with CrowdStrike Falcon suite, Rapid7, Sentinel/Elastic SIEM, Microsoft Security Stack, Darktrace and Metasploit would be beneficial

Qualifications

Certifications