Cyber Defense Analyst (Onsite)

Job Title: Cyber Defense Analyst (Onsite)

Location: Rockville, Maryland

Duration: 12 Months

Summary:

The Cyber Defense Analyst s role primarily includes security assessments, data analysis, and incident response activities. Team members are expected to collaborate and support each other s areas and assist in monitoring and responding to security events generated by internal systems or through external alerts.

Essential Functions:

• Perform assessments of systems and networks within the College environment and identify where those systems/networks deviate from approved configurations, or College policy.

• Supports security awareness and education efforts for the College community, i.e.

• Employees, Students, Contractors, Volunteers, etc.

• Analyze data from cyber defense tools (e.g. Vulnerability Management tools, EDR, SEG, IDS alerts, firewalls, network traffic logs) for the purposes of mitigating threats.

• Review SIEM and/or audit logs to identify anomalous activity and potential threats to network resources.

• Perform continuous monitoring and analysis of system and user activity to identify malicious activity.

• Maintain detailed tracking of vulnerabilities, including deadlines, remediation progress, ownership, and closure.

• Manage, and update Plans of Action and Milestones (POA&Ms).

• Correlate events across a wide variety of source data (indications and warnings).

• Notify management of incidents that may require additional attention.

• Analyze malicious activity to determine weaknesses exploited, exploitation methods, and effects on systems and information.

• Provide recommendations for improvements as needed.

Basic Qualifications:

• Bachelor's degree from an accredited college or university with course work in cybersecurity and information technology or a related field, and/or any combination of education, training, and experience that provides the required knowledge, and expertise to perform the essential functions of the position.

• Three years of working experience in various aspects of information technology as an analyst/engineer or similar professional level, including systems administration, networking and/or application development.

• Three years of working experience in cybersecurity as an analyst or security engineer.

• Experience in incident handling/response and disaster recovery planning.

• Experience in OS, network, and application hardening using baselines such as CIS or STIG.

Knowledge, Skills, and Abilities:

• Working knowledge of computer network defense and vulnerability assessment tools and their capabilities.

• Working knowledge of network protocols (e.g., TCP/IP (Transmission Control Protocol/Internet Protocol), DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System).

• Working knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

• Knowledge of new and emerging information technology (IT) and information security technologies.

• Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

• Ability to accurately and completely source all data used in intelligence, assessment, and/or planning products.

• Skill in using incident handling methodologies.

• Skill in collecting data from a variety of cyber defense resources.

• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

• Skill in assessing security controls based on cybersecurity principles and tenets.

• Skill in implementing security controls and tools.

• Strong interpersonal and communication skills.

• Ability to achieve goals through influence, collaboration, and cooperation.

• Ability to communicate complex information, concepts, or ideas in a confident and well organized manner through verbal, written, and/or visual means.

• Ability to produce technical documentation.

• Ability to handle and maintain confidential information.

• Ability to exercise judgment when policies are not well-defined.

• Ability to think critically, analyze issues and solve sensitive and complex problems under pressure.

• Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.

Required Industry Certifications:

• At least one relevant certification, e.g. Security , GSEC, GCIH, GX-CS, SSCP, CEH, Pentest .