The Cyber Security Analyst reports to the Director of Information Cyber Security and is responsible for investigating computer-related incidents within the organization. He/she is also responsible in responding to and/or triaging the issue, in working with the CSIRT to mitigate the damages and in thoroughly investigating the situation by taking detailed notes throughout the entire process. A prior experience in computer investigations or general computer forensics is desired.
1. Liase with the Managed Security Services provider
2. Participate in the drafting and reviewing of incident response process documentation.
3. Coordinate the response, escalation, tracking and analysis of incidents at remote offices.
4. Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, data breaches, wtc.
5. Participate in threat hunting activities to proactively search for threats in the enterprise environment
6. Research and be familiar with the latest informationsecurity threats and counter measures.
7. Recommend security enhancements and purchases consistent with information security strategy and evolving threats
8. Provide forensic analysis of network packet captures, DNS, Proxy, NetFlow, malware, host-based security and application logs as well as the logs from various types of security sensors
9. Assist in identifying and remediating gaps as identified throught the investigation
10. Review log-based data in raw form and by utilizing SIEM or aggregation tools
11. Maintain an up-to-date understanding of industry practices