Job Description

Job Summary

This is a multi-level position and placement is dependent upon skills, knowledge and experience, scope and number of products managed by the selected candidate.  Please note this is a NERC CIP position and requires NERC CIP background investigation prior to start.

Cyber Security Analyst is a hands-on practitioner and representative of the cybersecurity defense team. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cybersecurity and systems administration. The role also requires an understanding of business and governance process. Responsible for the overall  cybersecurity management lifecycle of the IT and OT programs. They must understand applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs). 

Job Responsibilities

Provides technical expertise and support to clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.
Reviews complex architecture design diagrams and documents for new technologies and changes to existing technologies to determine risks and provide recommendations and mitigations
Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
Follows cyber security news and alerts, understands complex attack vectors and risks, and identifies and evaluates emergent cyber security threats and vulnerabilities. Recommends appropriate corrective actions for information security incidents and provides risk mitigation recommendations to management and team.
Designs process flows to be implemented in security automation tools to automatically respond to threats quickly
Provides technical expertise in threat/risk assessments
Defines, designs, and implements strategies to protect against emerging threats using security tools
In addition to the below requirements candidates should be proficient with vulnerability mgmt. solutions such as Tenable and have an understanding of NIST CSF.

Job Specific Qualifications

Bachelor’s degree in Computer Science, Information Systems, Cyber Security, Engineering or related discipline with 2 or more years of experience in Information Security or areas required below.  Without a bachelor’s degree, must have a minimum of 6 years of experience in Information Security or areas required below.
Proficient with vulnerability mgmt solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source
Broad knowledge of information systems including Windows and *nix operating systems security, network security, systems development, communication networks, and security software/hardware
Experience conducting org-wide vulnerability scanning and remediation processes
Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle
Experience with cloud computing; able to implement strong security to protect cloud first environment
Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, encryption, identity and access control systems, anti-malware, and security event analysis

Desired:

Experience in Operational Technology (OT) Security is a plus
Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, or Google Cloud Platform (GCP)
Experience with cyber investigations and/or threat hunting, or using information security technologies such as antivirus, IDS/IPS, SIEM, endpoint detection & response, DLP, data encryption, proxies, and network access control, as well as security policies and procedures, and incident response

Minimum Years of Experience

2 years of experience

Education

Bachelor