The Cyber Defense Analyst I uses information collected from a variety of sources to monitor network activity and analyze it for evidence of anomalous behavior. Identifies, triages, and reports events that occur in order to protect data, information systems, and infrastructure. Finds trends, patterns, or anomaly correlations utilizing security-relevant data. Recommends proactive security measures. Conducts analysis to isolate indicators of compromise. Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.
- Use cyber defense tools to monitor, detect, analyze, categorize, and perform initial triage of anomalous activity.
- Generate cybersecurity cases (including event’s history, status, and potential impact for further action) and route as appropriate.
- Leverage knowledge of commonly used network protocols and detection methods to defend against related abuses.
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Requires DoD 8570 compliance with CSSP Analyst baseline certification. Candidate must possess Information Assurance Technical (IAT) Level I (possess one: A+ CE, CCNA-Security, CND, Network+ CE, SSCP) or Level II (possess one: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP) certification. Must have Computing Environment (CE) certification which can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Full Scope Polygraph minimum