Cyber Security Analyst
The Security Cyber Analyst is an entry level position in the Security Cyber Analysts job family and works within the Security business unit. They deal with the low complexity security and cyber threats and research and identify potential threats and vulnerabilities in order to minimise the window of attach and limit the amount of time an adversary has to gain access to the network before they are discovered.
Experience & Qualifications:
- Business Science Degree or Information Security related degree or a closely related field
- Security certification (CISSP), CISM or related certification would be advantageous
- SANS certification(s) Experience
- At least 3 – 5 years of technology experience, including trouble-shooting and performing root cause analysis of complex IT solutions
- At least 1 – 2 years’ experience working in a SOC / CSIRT
- Experience with intelligence analysis processes, including Open Sources Intelligence (OSINT) and closed source intelligence gathering, source verification, data fusion, link analysis and threat actors
- Experience in security incident management processes and tools Experience with Threat Intelligence Platforms and Providers
- Research experience in tracking cyber threat and malware campaign activity
Role / Responsibilities:
Execute threat intelligence strategy
The Security Cyber Analyst uses their creativity and intellectual rigour to assist with the execution of the threat intelligence strategy that will drive the business to become proactive, focused and preventative. These individuals will embed the use of intelligence into core business by aligning the delivery of intelligence and threat feeds to formal decision making. This employee will measure the effectiveness of cyber hunting capabilities to ensure appropriate plans are in place to address lower performance and ineffective practices.
Produce cyber threat intelligence
These individuals produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of client, community and open source reporting. They collect, organise, analyse, interpret and summarise threat and vulnerability reports and data to provide actionable intelligence and situational awareness to decision makers. This employee will build a threat intelligence repository to understand threat actor tactics, techniques and procedures (TTP). They create partnerships and relationships with 3rd parties for intelligence sharing, evaluating threat intelligence providers, platforms, and data feeds to drive greater business value. They provide subject matter expertise, technical deliverables oversight of cyber projects and initiatives to enhance and improve cyber threat intelligence capabilities and maturities.
The Security Cyber Analyst will perform research into less complex targeted attacks, crime ware campaigns, malware and other emerging technologies and techniques to identify and report on cyber attacks. They actively monitor and research cyber threats and trends with a direct or indirect impact to the client’s brand, regional business operations, technology infrastructure and client trust.
Security Cyber Analysts will promote awareness of emerging cyber threats and determine the appropriate responses. They will utilise intelligence to support security services and professional services as part of digital forensics and incident response engagements, security event management, breach detection and malware analysis. They will be required to perform situational tasks such as malware analysis, reverse engineering and exploit evaluation as and when required. They act as a point of escalation for security investigations and incidents to provide guidance and oversight on incident resolution and containment techniques.
Produce intelligence reports
These individuals will participate in and contribute to regular threat focus meetings. They will produce actionable intelligence on threats for delivery to clients in the form of technical reports and/or client briefings. The Security Cyber Analyst will contribute to the enhancement and optimisation of implemented reporting mechanisms to demonstrate the value of the cyber intelligence function with tangible benefits.
The individual in this position demonstrates investigative and analytical problem solving skills. They display critical thinking and contextual analysis abilities with a passion for information security and service excellence. They are proactive in their approach and conduct research on emerging trends, establishing pre-emptive and practical plans to counter potential threats. The Security Cyber Analyst demonstrates excellent verbal and written communication skills and the required interpersonal skills to engage with a variety of internal and external stakeholders.
Personal Attributes and Skills and knowledge Required
- Possess knowledge and understanding of IT industry environment and business needs
- Demonstrate an understanding of the use of strategic, operational, tactical intelligence and its applicability to the business
- Possess an understanding of the current vulnerabilities, response and mitigating strategies as well as tactics, techniques, procedures (TTP), indicators and observables
- Possess good knowledge of the kill-chain and how it can be used to enhance cyber security practices
- Possess good knowledge of threat and risk modeling and cyber security models (predict, protect, detect, respond)
- Demonstrate good verbal and written communication skills Demonstrate investigative and analytical problem solving skills · Demonstrate critical thinking and contextual analysis skills
- Possess an understanding of STIX, TAXII, CyBox and OpenOIC exchange formats Display a proactive approach
What would make you a good fit for this role?
In this position you will be required to:
- Execute a threat intelligence strategy to support the business to become proactive, focused and preventative and implement appropriate plans to address lower performance and ineffective cyber hunting practices.
- Produce intelligence outputs, threat and vulnerability reports, data and actionable intelligence and situational awareness to facilitate decision making.
- Research and identify potential threats and vulnerabilities and develop action plans to counter emerging cyber intelligence threats.
- Perform situational tasks such as malware analysis, reverse engineering and exploit evaluations.
- Participate in meetings and produce technical reports on intelligence threats and mechanisms depicting the value of the cyber intelligence function.