CYBERSECURITY ANALYST JOB DESCRIPTION

A Cybersecurity Analyst is the practitioner who keeps an organization's detection and response machinery running. Undetected intrusions, unpatched vulnerabilities, and uninvestigated alerts are the direct result when this seat goes unfilled or underperforms. In enterprise IT security environments, the role spans SOC monitoring, incident response coordination, and vulnerability management — all measured against NIST framework controls and internal SLA thresholds. It sits within the security function, answering to a CISO or Security Director, and its output is what makes audit findings and board-level risk reports credible.

As the Cybersecurity Analyst, you monitor correlated security events, lead incident investigations, and translate threat intelligence into actionable remediation steps that protect the organization's information systems and data. You work within the security operations team under the direction of the CISO or Security Manager, collaborating daily with IT infrastructure owners, compliance leads, and vendor partners across the enterprise.

Career Impact: Hands-on ownership of SOC triage, malware analysis, and NIST-aligned vulnerability programs builds the technical depth that security engineering and analyst lead roles require.

Business Impact: When a phishing campaign targets the organization or an intrusion alert fires at 2 a.m., the decisions this analyst makes in the first hour determine whether an incident becomes a breach.

Growth Opportunity: Exposure to the full range of Prevent, Detect, and Respond domains - combined with a clear path toward certifications such as CISSP or CISM - substantially expands market value within three to five years.

• Monitor correlated log events and security alerts within the SIEM on a continuous basis to identify anomalous and unauthorized activity.
• Conduct threat and vulnerability assessments across internal systems to prioritize remediation based on risk severity.
• Investigate security incidents and data breaches, including forensic artifact collection and formal incident report preparation.
• Analyze suspicious emails, URLs, and domain indicators to identify malicious content and recommend remediation actions.
• Partner with IT process owners and compliance leads to support audit deliverables, control testing, and regulatory documentation.
• Research emerging threats and attacker tactics to propose detection improvements and update SOC playbooks.
• Enforce incident logging and ticket management procedures to ensure every security event is documented and tracked to closure.
• Develop and deliver security metrics and dashboard reports to provide leadership with accurate visibility into the security posture.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• 2 or more years of cybersecurity experience, with direct involvement in SOC operations or incident response.
• Knowledge of the Cyber Kill Chain, Diamond Model of Intrusion Analysis, and common attacker tactics, techniques, and procedures.
• Understanding of networking fundamentals including TCP/IP, DNS, and firewall rule logic across Windows and Linux environments.
• Familiarity with NIST Cybersecurity Framework controls and their application to enterprise risk assessment and remediation planning.
• Demonstrated ability to collect, preserve, and analyze digital evidence following chain of custody procedures.
• Strong written communication skills, with the ability to produce clear incident reports and stakeholder-ready documentation.
• Security+ certification obtained or in progress, with commitment to ongoing professional development.

• Experience working within a 24/7 SOC environment, including shift-based monitoring and Tier 1 to Tier 2 escalation workflows.
• Exposure to compliance regimes such as FFIEC, GLBA, SOX, or PCI DSS in an enterprise or financial services context.
• Industry certification such as GIAC, CySA+, CISM, or CISSP, or active pursuit of one within 12 months of hire.
• Prior experience authoring or maintaining incident response playbooks, threat hunting runbooks, or security awareness training content.

Mean time to detect (MTTD), reflecting how quickly alerts are identified and triaged within the SIEM queue.

Mean time to respond (MTTR), measuring how fast confirmed incidents are contained and closed by this analyst.

Vulnerability remediation rate, tracking the percentage of identified findings resolved within defined SLA windows.

Incident report accuracy rate, measuring completeness and factual correctness of formal post-incident documentation.

SOC playbook coverage ratio, reflecting the share of alert types backed by a current, tested response procedure.

Typical tools: SIEM platforms (commonly Splunk or ArcSight); IDS/IPS consoles (commonly Snort-based systems).

• Base Salary Range: $70,000 to $105,000 per year depending on experience and location.
• Bonus: Annual performance bonus of 5% to 10% of base salary is typical.
• Equity: Equity is uncommon at this level; RSUs may be offered at larger public companies.
• Health Benefits: Medical, dental, and vision coverage; employer typically covers 70% to 100% of premiums.
• PTO: 15 to 20 days annually, plus federal holidays and sick leave.
• Common Perks: Certification reimbursement, home office stipend for remote roles, and shift differential pay for 24/7 SOC schedules.

Figures are estimates based on general US market benchmarks and may be outdated. Adjust based on location, company size, and seniority level.

Employment contingent on a successful background check, which may include criminal history review consistent with applicable federal and state law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, or any other characteristic protected under applicable law. Candidates must be authorized to work in the United States. Reasonable accommodations for individuals with disabilities are available upon request throughout the hiring process.

The Cybersecurity Analyst owns threat and vulnerability assessments, malware analysis, and SOC mailbox management to safeguard internal information systems against intrusion. Working within the Cyber Division alongside IT team members, this analyst delivers detection and response capabilities that protect the organization from emerging and active threats.

Key Responsibilities

• Supports cyber security initiatives through both predictive and reactive analysis.
• Perform threat and vulnerability assessments and provide subject matter expertise on appropriate threat mitigation approaches.
• Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response.
• Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases.
• Use attack signatures and tactics, techniques and procedures (TTPs) to aid in threat detection and discovery.
• Conduct basic malware analysis of attacker tools and identify indicators of compromise (IOCs).
• Collaborate with other Cyber Division and IT team members to develop and implement innovative strategies for monitoring and preventing attacks.
• Conduct research on emerging security threats and propose additional components and techniques to proactively detect and prevent malicious activity.
• Manage the SOC mailbox, monitor and analyze emails for threats including phishing and malware, and escalate per procedures.
• Participate in investigations of information security incidents and prepare reports on intrusions as required.
• Log and record all security incidents to internal ticketing system and collect malware artifacts safely for analysis.
• Examine suspicious emails for malicious content and perform URL/domain analysis to identify and report malicious indicators.

Required Qualifications

• Associate's degree in Computer Science, Management and Information Systems, Business, or a related field.
• Security+ certification required within first year of employment.
• At least 18 months of technology experience in IT security or supporting security aspects of IT infrastructure or applications teams.
• Knowledge of Cyber Kill Chain and Diamond Model of Intrusion Analysis.
• Knowledge of SIEM, IDS, anti-virus/anti-malware, and firewall technologies.
• Understanding of networking and TCP/IP, with experience across Windows Server, Windows 10, Windows 7, Linux, and other operating systems.
• Ability to troubleshoot technical and security-related issues in a rapidly changing, high-intensity environment.
• Strong interpersonal and writing skills with a proactive, team-oriented approach.

Embedded within Corporate Security, the Cybersecurity Analyst delivers risk assessments, operational control evaluations, and compliance reporting across the Bank and its third-party providers. Working closely with senior analysts, stakeholders, and management, this analyst strengthens the organization's security and business resiliency posture through structured analysis and clear documentation.

Core Functions

• Assist with creating and maintaining project plans and business requirements that impact Corporate Security's objectives.
• Document work effort dependencies, assumptions, risks, and issues, and communicate results to the appropriate lead and stakeholder.
• Conduct risk assessments to identify risks to security and business resiliency controls and document overall effectiveness of operational controls within the Bank and third party providers.
• Conduct desk reviews and inspections of security assessments for the Bank and third party providers.
• Review internal and external security and technical test reports to validate the effectiveness of operational controls.
• Coordinate, develop, and support the management and maintenance of reports to Senior Management.
• Assist with the management of risk assessments and security initiatives from communication, approval, and report distribution to stakeholders, senior analysts, and management.
• Assist in the development of business unit analytics, department or operational procedures, reporting, financial analysis, communication, and strategic planning activities.

Qualifications and Experience

• Bachelor's degree in Business, Computer Science, Information Assurance, Management Information Systems, or related field.
• 3 - 5 years of experience in Risk Management, Business Analytics, Information Security, IT Audit, Physical Security, Business Resiliency, or a related field.
• General knowledge in cybersecurity areas including Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response, Security Strategy, Physical Security, and Business Resiliency.
• General knowledge of security controls for handling Personally Identifiable Information (PII) data, regulations, and security compliance requirements affecting financial institutions (FFIEC/GLBA).
• Basic technical skills in MS Excel, PowerPoint, Word, and Project.
• Good written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.
• Good interpersonal, negotiation, and influencing skills with the ability to facilitate discussions and bring issues to resolution.
• Good analytical and problem-solving skills with thoroughness and attention to detail.

Sitting at the intersection of cybersecurity consulting and regulatory compliance, the Cybersecurity Analyst assists and conducts cybersecurity services including vulnerability scanning, penetration testing, and incident response for a diverse client base. Operating across monitoring, testing, remediation, and documentation workstreams, this analyst supports client-facing engagements under the direction of the Vice President of Cybersecurity to reduce risk and strengthen compliance posture.

Duties

• Responsible for assisting and conducting cybersecurity services and collaborating with team members on the monitoring, testing, remediation, and documentation of ongoing projects.
• Report to the Vice President of Cybersecurity and operate in a consulting role to clients, working on projects jointly with other team members.
• Assist with the evaluation of policies, processes, procedures, and technical controls for compliance with regulations and standards including HIPAA, PCI, NIST, GDPR, ISO 27001, and other relevant requirements.
• Perform vulnerability scanning, penetration testing, network monitoring, log review, incident response, forensic collections, policy review, and configuration review with direction.
• Assist in the identification, response, investigation, and remediation of potential breaches and data security issues.
• Proactively identify security problems, monitor performance trends, perform upgrades, and make recommendations to security hardware, software, processes, and procedures as required.
• Maintain strict confidentiality of internal affairs and client work with attention to detail and accuracy in documentation and reporting.

Experience and Qualifications

• Associate's or Bachelor's degree in Information Security, Cybersecurity, Computer Science, Business, or Engineering; advanced degree a plus.
• Security+, SANS GIAC, or relevant vendor certifications for security products preferred.
• Minimum 2 years of information or cybersecurity-related experience.
• Experience working in a professional services environment preferred.
• Demonstrated skill in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions.
• Ability to pass background checks and availability for evening or weekend work as required by client needs.

Reporting to the IT and Network Team leadership, the Cybersecurity Analyst is accountable for CANARIE SIEM system administration and SOC operations supporting the National Research and Education Network. Partnering with institutional Cybersecurity Specialists and provincial partner teams, this analyst advances the organization's security posture through incident response coordination, security appliance administration, and collaborative program initiatives.

Primary Duties

• Cybersecurity Analyst is accountable for CANARIE Security Information and Events Management (SIEM) system administration, support, and Security Operations Center (SOC) operations.
• Work collaboratively with the National Research and Education Network (NREN) and institutional Cybersecurity Specialists on incident response, sharing of technical expertise, developing security processes, and generating security reports.
• Monitor CANARIE internal infrastructure via SIEM in collaboration with the IT Team, Network Team, and provincial and territorial partner teams.
• Administer security appliances and improve security posture by participating in the implementation of collaborative initiatives with National Research and Education Network partners.
• Provide technical support within CANARIE Cybersecurity Program initiatives and after-hours cybersecurity support on a rotating basis.
• Perform other related duties and responsibilities as required, including occasional domestic and international travel.

Skills and Qualifications

• College diploma or university degree, or a suitable combination of education, experience, or other relevant training.
• Relevant security certifications are an asset.
• Two or more years of progressive IT security experience with exposure to a Security Operations Center (SOC) environment.
• Relevant experience in publicly funded not-for-profit organizations is desirable.
• Knowledge and experience with information system architecture and security controls including firewalls, operating system configurations, databases, and information security policies and procedures.
• Knowledge of application security best practices, tools, and methodologies, as well as experience with SIEM operations, incident response, and vulnerability assessments.
• Proven experience installing and configuring open-source software, with strong working knowledge of the Microsoft Office suite.
• Demonstrated ability to gain trust and credibility from internal and external stakeholders.
• Bilingualism is preferred.

A key member of the security team, the Cybersecurity Analyst leads network activity correlation, incident report documentation, and regulatory compliance support to protect the organization against unauthorized use and emerging threats. Collaborating across IT process owners and legal and compliance functions, this analyst delivers response support and forensic analysis that reduces organizational risk and maintains audit readiness.

Functions

• Correlate network activity across networks to identify trends of unauthorized use.
• Review alerts and data from sensors and document formal, technical incident reports.
• Research emerging threats and vulnerabilities to aid in the identification of network incidents.
• Provide incident response support including mitigating actions to contain activity and facilitate forensics analysis when necessary.
• Partner with IT process and control owners and support legal and regulatory deliverables such as process documentation, testing, and remediation for internal or external audits.
• Keep abreast of current risks, security issues, threats, protection strategies, and legal and regulatory developments.
• Perform other duties as assigned.

Background and Experience

• Bachelor's or Master's degree in Business, Computer Science, Information Technology, or a related field from an accredited university.
• Certification in information security such as GIAC, CISM, or CISSP is a plus.
• 5+ years of experience in the computer industry in a hands-on technical or risk-related position, with 2+ years of direct experience as a Security Analyst.
• Recent experience with legal and regulatory frameworks such as civil procedure, EU Privacy, Sarbanes-Oxley, ITAR, or HIPAA.
• Knowledge of IT control frameworks such as COBIT, NIST, ITIL, and ISO 27001.
• Excellent written and verbal communication skills.

Reliable plant and infrastructure security depends on the Cybersecurity Analyst, who installs, configures, and maintains anti-virus and remote access solutions across DCS networks in collaboration with Production Engineers, internal IT, and Emerson partners. Based within a manufacturing environment, this analyst serves as the hands-on technical resource for endpoint security administration, system troubleshooting, and documentation that keeps critical operational systems running securely.

Accountabilities

• Work with internal stakeholders in plants such as Production Engineers, as well as internal IT and Emerson partners.
• Install, configure, and implement anti-virus and remote access tools and solutions.
• Set up and administer McAfee antivirus, Acronis backup, and Windows patching in a DCS network.
• Troubleshoot and maintain existing systems by identifying and correcting defects, and perform remediation testing and updates related to corporate software rollouts and patching.
• Maintain documentation for solution design and procedural work instructions, and provide training support as necessary.

Technical Qualifications

• Associate's degree in Computer Science or similar field; Bachelor's degree preferred.
• Minimum 3 years of experience in a relevant cybersecurity or IT infrastructure role.
• Knowledge of remote access to DCS systems and automation implementation best practices.
• Knowledge of Emerson Endpoint Solutions, DeltaV, GSDS, Rockwell Allen Bradley PLC, and Windows Server Update Services (WSUS).
• Proficiency with McAfee ePO, antivirus installation and administration, and ServiceNow or similar ticketing systems.
• Strong documentation skills using MS Office tools with attention to detail and commitment to high-quality, error-free deliverables.
• Exceptional verbal and written communication skills with the ability to manage multiple tasks involving planned projects and ad-hoc tasks.

As the Cybersecurity Analyst, this role leads risk and security assessments of acquired entities, PCI readiness activities, and process remediation strategies to meet Visa's key control requirements and regulatory obligations. The Visa security and compliance team relies on this work to manage third-party risk, maintain executive stakeholder alignment, and ensure that acquired organizations meet enterprise control standards across a complex regulatory landscape.

Strategic Responsibilities

• Perform risk and security assessments of acquired entities to identify, validate, and remediate risks, including interviews, document design assessments, and walkthroughs of key controls.
• Lead risk and security assessments for special projects involving acquired entities.
• Lead PCI-related readiness activities to ensure compliance with PCI requirements.
• Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks, and submitting assessment findings and recommendations.
• Develop trusted relationships with Business Partners, Visa IT Executives, Security and Compliance Officers, and other team members to gain consensus on strategies, recommendations, findings, and project plans.
• Maintain an understanding of the broad regulatory landscape affecting Visa business areas and remain current with emerging regulatory sentiments and solution trends.
• Maintain an understanding of emerging technologies including mobile and cloud technology, and contribute to process improvement of team processes, templates, and tools.

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Systems, Management Information Systems, or Business Administration; Master's degree preferred.
• 6+ years of experience in Cybersecurity, Audit, Risk, and Compliance, including leadership roles, with openness to relevant experience in finance, business administration, or information technology.
• 6+ years of direct participation across common industry security policy areas including ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others.
• 6+ years of audit and risk management experience with a broad understanding of the software delivery process, professional services consulting, and program management.
• 6+ years of experience providing information security or IT consulting services to a broad range of companies and federal and state agencies.
• Solid understanding of Enterprise Risk Management and Strategy frameworks, as well as current enterprise threat scenarios related to the financial industry.
• Demonstrated ability to manage large-scale, complex, multi-disciplined, cross-functional, and highly visible projects and programs.

Cybersecurity Analyst shapes the organization's security maturity by leading the development of incident response processes, vulnerability management programs, and metrics-driven dashboards that inform executive decision-making. The work directly supports the organization's ability to prevent, detect, and respond to threats across on-premise and cloud IT environments with minimal direction.

Role Responsibilities

• Carry out operational security activities such as vulnerability management, active directory assessments, hardening, email security, and IS/IT infrastructure auditing.
• Assess the current security monitoring posture and engage with vendors to drive process improvements, including recommendations of additional log sources and new use cases.
• Respond to security incidents quickly and efficiently to mitigate threats affecting the network and systems.
• Lead the development and implementation of incident reporting and incident response processes and procedures to address security incidents, breaches, and policy violations.
• Lead the development and implementation of technology, processes, and procedures to improve the overall security maturity of the organization.
• Provide technical security requirements and recommendations on new IT and business projects, and collate security data to generate metrics and dashboards for management review.
• Provide security engineering solutions and support during incidents, proactively considering the prevention of similar incidents in the future, and deliver metrics and KPIs that drive the maturity of the cybersecurity program.

Education and Experience

• Bachelor's degree in Computer Information Systems, Programming, Engineering, or a related field; equivalent experience accepted.
• 4 - 7 years of experience in cybersecurity domains, with a minimum of 4 years delivering security programs and providing security services.
• Strong knowledge of core IT and security infrastructures including Active Directory, Microsoft Windows security controls, SIEM, AV/EDR, IPS, and vulnerability scanners.
• Strong knowledge of all aspects of information security within the Prevent, Detect, and Respond domains, with familiarity with risk assessment, desktop security, and tools and techniques used to implement security controls.
• Strong communication, negotiation, and analytical skills with the ability to work remotely with minimal direction.
• Highly analytical and detail-oriented with organizational skills to manage assigned work to completion.

The Cybersecurity Analyst is primarily focused on security administration for ERP applications such as JD Edwards, Oracle HCM Cloud, PeopleSoft HCM, and PeopleSoft Financials. Working with internal clients, IT teams, and management, this analyst produces security solutions that protect application access, support SOX audit requirements, and enable compliant, well-documented enterprise operations.

Day-to-Day Responsibilities

• Provide end user and project support for security in PeopleSoft HCM and Financials, Oracle HCM Cloud, Coupa, and other applications as needed.
• Analyze business and user security needs, document requirements, and develop test plans for new and modified security architecture changes.
• Perform quality assurance testing and user acceptance testing for security-related changes, and develop general security reports and SQL scripts for analysis and ad hoc reporting.
• Create and deliver training, correspondence, presentations, and other materials for end users, and interact with internal clients to resolve security inquiries.
• Define, implement, and maintain application security processes and objectives based on user needs and a solid understanding of application security architecture, including basic SOX audit requirements.
• Perform other duties as assigned.

Professional Experience

• Bachelor's degree in Computer Information Systems, IT, Business, or a related field.
• Minimum 3 years of application access administration experience, including interacting with users and management to complete requests.
• Experience with security design, development, testing, training, and support as a Security Administrator, with knowledge of application security controls.
• Experience working with Oracle HCM Cloud and/or PeopleSoft core security preferred.
• Familiarity with ticketing systems.

Reporting to SOC leadership, the Cybersecurity Analyst performs 24x7x365 monitoring of correlated log events within a designated SIEM and conducts real-time triage as part of Tier 1 SOC resources. Partnering with Tier 2 teams and support personnel, this analyst strengthens the organization's detection capability by maintaining threshold oversight, escalating confirmed incidents, and continuously improving SOC playbooks.

Job Functions

• Perform 24x7x365 monitoring of correlated log events collected into a designated SIEM and conduct real-time triage of alerts as part of Tier 1 SOC resources.
• Report alerts and incidents using specific escalation notification procedures and open tickets for activities requiring escalation or support from other teams.
• Gather and research all information possible prior to escalating cases to Tier 2 when alerts reach predefined thresholds.
• Actively monitor indicators approaching security, service, and compliance thresholds and provide recommendations on the ongoing establishment and adjustment of thresholds.
• Execute analysis processes as required and assist in the general maintenance and improvement of processes and playbooks.

Knowledge Skills and Abilities

• Bachelor's degree or equivalent combination of education and experience.
• Experience working with operating systems and SIEM tools, ticketing systems, and cybersecurity analytics.
• Experience working with computer desktop packages such as Microsoft Word and Excel.
• Analytical and problem-solving skills for design, creation, and testing of security systems.
• Communication skills to interact with team members, management, and support personnel, with the ability to work independently and as part of a team.

Embedded within Align's managed security practice, the Cybersecurity Analyst assists cybersecurity managers in delivering assessments, gap analyses, and ongoing security projects to enterprise clients under the guidance of the Managing Director of Cybersecurity and CISO. Working closely with senior consultants and client stakeholders, this analyst refines internal security posture while building the firm's knowledge base through thought leadership, metrics reporting, and awareness training coordination.

What You'll Do

• Assist cybersecurity managers in analyzing, reviewing, and evaluating the cybersecurity controls, policies, and procedures of Align clients.
• Assist cybersecurity managers in delivering cybersecurity assessments and gap analyses of client network infrastructure and systems.
• Oversee, schedule, and manage multiple ongoing client cybersecurity projects including assessments, program manuals, incident response reports, and other deliverables.
• Manage all client reports and reporting deliverables by updating client portals and generating and delivering all reporting included with Align cybersecurity solutions.
• Coordinate all cybersecurity security awareness training services and deliverables to clients.
• Evaluate and assess different security technologies to expand Align's cybersecurity offering, and assist with business solution proposals and sales presentations.
• Contribute to thought leadership by authoring informational white papers and conducting training sessions with new products and technologies to increase the Align knowledgebase.
• Develop and maintain security tools, techniques, and procedures to facilitate security testing, vulnerability detection, validation, and mitigation.
• Work with the CISO to continually improve Align's internal security posture and provide hands-on cybersecurity support to address IT security issues as needed.
• Collect, report, and continually enhance security metrics, and stay abreast of relevant industry updates and changes via conferences, training, and events.

Position Requirements

• Bachelor's degree in Computer Science, Computer Engineering, or a related field with a concentration in cybersecurity; Master's degree is a plus.
• Interest in obtaining industry certification such as CISM, CISSP, or similar within the next 2-3 years.
• 1-2 years of relevant cybersecurity work experience in enterprise cybersecurity, with a preference for incident response.
• Experience in any discipline of cybersecurity including security testing, security integration and governance, malware analysis, incident response, cloud security, or risk and compliance.
• Familiarity with one or more of the following standards is preferable: ISO 27001, NIST Cybersecurity Framework, PCI-DSS, FINRA, SEC.
• Basic knowledge and experience with IT security technologies including firewalls, IPS, SIEM, DLP, network and host protection, application security, and data protection.
• Basic understanding of data security including classification, encryption, and DLP is a plus.
• Excellent writing skills with the capability to create well-formatted reports and client-facing documentation, and excellent consultative skills with experience preparing and presenting business solution proposals to senior executives.
• Solutions-oriented, highly motivated, and effective communicator with a positive, confident attitude and strong collaboration skills.

Reporting to OTA program leadership, the Cybersecurity Analyst performs user activity auditing of computer networks and provides investigative support to counterintelligence and law enforcement elements using industry standard monitoring tools within the State Department and external agencies. Partnering with the Intelligence Community, US Government organizations, and Law Enforcement, this analyst produces court-ready documentation and actionable intelligence reports that support active criminal investigations and insider threat mitigation.

Scope of Work

• Audit insider threat activities and recommend strategies and tools for assessing inappropriate use of the Department's networks and monitoring employee computer use and user behavior.
• Provide support to DS criminal investigators and perform in-depth log analysis to determine trends, patterns, and suspicious activity.
• Monitor, maintain, and operate the telecommunications firewall system and investigate abnormal phone activities.
• Interface and coordinate with other US Government, Intelligence Community, and Law Enforcement organizations performing insider threat auditing.
• Perform user activity monitoring, analysis, and reporting, employing technical and non-technical disciplines to transform data into actionable information.
• Conduct in-depth analysis of user activity data and perform data acquisitions from live hosts located worldwide using various Windows and forensics tools, ensuring chain of custody and control procedures.
• Perform assessments of malicious or suspicious activities to determine potential security risks, and prepare comprehensive court-ready case documentation, written notes, and reports.
• Assist in the development of OTA program policies, processes, and procedures, provide user support, and conduct group and one-on-one training sessions for case agents and supporting personnel.

Requirements

• Bachelor's degree with preferably 5 years of experience.
• 4 years of experience may be substituted in lieu of degree.
• CEH, CySA+, CISSP, Security+ CE, GSEC, or similar certification required.
• At least 2 years of experience in an IT or analyst role, preferably in a cybersecurity setting.
• Knowledge of database systems including Oracle and MS SQL.

Sitting at the intersection of intelligence analysis and defensive cyber operations, the Cybersecurity Analyst supports the DISA GSM-O II Task Number 07 Joint Force Headquarters DODIN by leveraging operational data to identify threats and reduce vulnerability exposure across Combatant Commands and partner agencies. Operating across collaborative forums and cross-functional fusion teams with 24/7 coordination with USCYBERCOM, this analyst delivers threat analysis and prioritized vulnerability scoring that informs centrally coordinated defensive cyber operations.

Work Activities

• Leverage intelligence and operational data, information, and processes to identify threats, improve security, and reduce the enterprise's exposure to vulnerabilities.
• Execute continuous network monitoring and incident and problem resolution, and triage events and incidents while developing AO-specific trends.
• Support various collaborative and cross-functional forums to achieve centrally coordinated, threat-informed, and prioritized vulnerability scoring and mitigation methodology.
• Provide situational understanding of the assigned operational environment, support the development and compliance of orders, and provide threat analysis and recommended reporting requirements in coordination with the Cross Functional Fusion Team.

Technical Qualifications

• Bachelor's degree in a related discipline with 4 to 15 years of applicable combined education and experience; additional related years of experience accepted in lieu of a degree.
• Security+ or other equivalent IAT Level II certification required.
• Active DoD TS/SCI clearance and eligibility for C/I Polygraph required.
• In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques, and cyber threat and adversary methodologies (TTPs).
• SIEM tool experience including ArcSight, Splunk, and Wireshark.
• Experience with DISA and DoD networks, knowledge of the DoD orders process, and demonstrated experience briefing Senior Executive Service and General Officer/Flag Officer leadership.
• Experience in building extended cyber security analytics and in intelligence-driven defense and cyber Kill Chain methodology.

A key member of a team dedicated to protecting clients, the Cybersecurity Analyst leads and manages the cyber security training and education program while making business-critical incident response decisions across multiple client environments. Collaborating across HR, Legal, Infrastructure, and Security Management functions, this analyst maintains situational awareness and delivers forensic investigations, threat monitoring, and compliance reporting that protect client operations and uphold safety standards.

Performance Expectations

• Lead and manage the cyber security training and education program, and make business-critical incident response decisions as part of a team dedicated to protecting clients.
• Perform incident handling duties for minor or significant security incidents within the defined computer security incident response process.
• Maintain situational awareness for cyber threats across multiple clients and act where necessary.
• Conduct forensic investigations for HR, Legal, or incident response-related activities.
• Manage and monitor cloud-based content filter for efficient school operations, and assess alerts and notifications of event activity and intrusion detection systems by responding accordingly to threats.
• Provide reports and documentation as requested by supervisor, and analyze data to provide management with critical decision-making information including forecasting and development of monitoring systems.
• Review current developments, literature, and technical sources of information related to job responsibilities, and ensure adherence to good safety procedures.
• Perform other duties as delegated by the Infrastructure and Security Manager and follow federal and state laws as well as company policies.

Qualifications and Experience

• Demonstrates enthusiasm and commitment toward the job and the mission of the company, supporting company goals and strategic priorities.
• Demonstrates ability to lead people and get results through others, with excellent oral, written, and interpersonal skills including active listening, negotiation, and influencing.
• Strong track record for analyzing complex problems and issues, identifying patterns, and recommending creative solutions.
• Ability to organize and manage multiple priorities, arrive on time consistently, follow instructions, and solicit feedback to improve performance.
• Proactive and takes initiative, thinks creatively, drives projects to completion, and insists on the highest level of quality.

The Cybersecurity Analyst protects the firm's employees and assets throughout the world, spanning security policy development, regulatory compliance, fraud investigations, executive protection, and cyber security under the direction of an aligned Threat Manager. Serving as liaison support for cross-functional partners and Global Security teams, this analyst enables continuous threat monitoring, case management, and best practice development that sustains the firm's global security operations.

Areas of Ownership

• Offer after-hours support to ensure continuity of service, and contribute to the development of job aids within the Threat Management team.
• Support the continued development of SOPs for WPV Case Management processes, and provide program support for other Global Security partners.
• Serve as liaison support for cross-functional partners, and provide case support for all Threat Managers as needed based on caseload and on-call support.
• Support the development of best practice documents and standard response protocols, and conduct supplemental threat assessments in support of Threat Managers.
• Utilize databases to execute long-term monitoring of persons of concern, and leverage partnerships to continuously monitor persons of concern.
• Support data integrity, case metrics, and trends analysis, and provide regular updates on all cases.

Experience and Qualifications

• BA or BS degree in History, Criminal Justice, Intelligence, or Political Science, or equivalent years of relevant experience.
• 1-3+ years of experience in a threat management, law enforcement, intelligence analysis, and corporate security role.
• Proficiency in MS Office suite.
• Strong communication and organization skills with the ability to think quickly and make decisions under pressure.
• Ability to work within a team environment, achieve buy-in from stakeholders, travel up to 10%, and work extended hours including nights and weekends on a regular basis.

As the Cybersecurity Analyst, this role analyzes and responds to security events, conducts threat hunting operations, and upgrades cybersecurity controls to protect sensitive information systems from unauthorized access and destruction. The security team relies on this work to maintain audit-ready documentation, prioritize vulnerability remediation, and balance business needs against security concerns across the enterprise.

Key Deliverables

• Analyze and respond to security events and conduct threat hunting operations to proactively uncover attacker activity.
• Investigate security incidents and data breaches, and monitor multiple security technologies to discover anomalies.
• Protect and monitor access to sensitive files and information systems against unauthorized access, modification, or destruction, and respond to security breaches and conduct root-cause analysis.
• Plan, implement, and upgrade cybersecurity controls and countermeasures, and analyze vulnerabilities to prioritize organization-specific recommendations.
• Consider business needs against security concerns and articulate issues and options, and assist with internal and external security audits.
• Help maintain appropriate security documentation for applications and systems, and participate in professional development opportunities to expand job knowledge.

Minimum Qualifications

• Two or more years of experience in Cybersecurity or System Administration
• One year is specific to developing, implementing, and monitoring IT security systems and enterprise security programs.
• Industry certifications preferred.
• Hands-on administration experience across a wide range of security technologies.
• Excellent organizational skills and ability to communicate with internal and external stakeholders.
• Technical capacity, problem-solving and analysis skills, adaptability, self-motivation, and ability to integrate within team activities and meet deadlines.

The Cybersecurity Analyst will develop technical and operational views, reports, and summaries to provide Army leadership with a continuous, accurate situational understanding of the cyber posture of Army Operational Technology. Working with Army site teams worldwide and reporting through the program chain, this analyst creates secure solutions for enterprise-wide OT systems by executing cyber threat assessments, RMF artifact development, and incident management support that enable mission resiliency and security.

Engineering Responsibilities

• Assist in the design, development, testing, and implementation of cyber applications, secure operating systems, and database products to find secure solutions for enterprise-wide cyber systems and networks supporting OT issues including architectures, firewalls, electronic data traffic, and network access.
• Assist in developing comprehensive technical and operational solutions to enable resiliency, security, and production objectives at Army sites worldwide.
• Perform research and analyses at all levels of total system product including concept design, fabrication, installation, operation, maintenance, and disposal.
• Integrate architectural features into existing infrastructures and develop cybersecurity architectural artifacts for Risk Management Framework (RMF) activities.
• Develop and execute Operational Technology Cyber Threat Assessments, analysis, mitigation methodology development, and standardized security processes.
• Support cyber-related incident management activities, provide mitigation strategies to Army leadership, and conduct analysis of completed cyber risk assessments to identify and recommend technical and operational solutions.

Education and Experience

• Bachelor's degree required.
• Minimum DoD 8570/8140 IAT or IAM Level III certification required.
• At least 3 years of experience in the security assessment, installation, or maintenance of ICSs, BCSs, or SCADAs.
• Experience with IT and OT in an operational environment, and with Incident Response, SOC support, and Defensive Cyber Operations (DCO) support.
• Strong knowledge base preferred in real-time security situational awareness, operational network systems, and security monitoring.
• Ability to clearly present and communicate technical approaches and findings.

Reporting to DCO leadership, the Cybersecurity Analyst provides network operations and maintenance for critical network defense infrastructure, monitoring equipment for misconfigurations, anomalous activity, and intrusion attempts on a 24/7 basis. Partnering with coworkers and leadership through shift-based operations, this analyst coordinates incident response, forensic analysis, and antivirus support that protect the confidentiality, integrity, and availability of customer data in a Department of Defense environment.

Operational Focus

• Provide network operations and maintenance for critical network defense infrastructure, and protect the confidentiality, integrity, and availability of the customer's data.
• Monitor equipment for misconfigurations, anomalous activity, and network intrusion attempts, and monitor, detect, analyze, and respond to network defense incidents.
• Review, interpret, log, and act upon cyber intelligence reports as necessary, and review and respond to SPAM reported by users.
• Maintain domain antivirus support systems, initiate incident response and handling, and assist with forensic analysis.
• Monitor and use network security systems including Firewalls, IPS/IDS, SNORT rules and alerts, network forensics tools, network flows, collection and display systems, and network replay devices.
• Maintain a 24/7 work schedule, document daily events accurately with details, and brief coworkers and leadership on events.

Background and Experience

• Degree in Information Technology; BS with 5-7 years, MS with 3-5 years, or PhD with 0-2 years of experience.
• CompTIA Cybersecurity Analyst (CySA+) certification required.
• Meet DoD 8570 requirements for IAT-II with CSSP Incident Responder certification within 4 months.
• 4+ years of experience in Network Administration, Systems Administration, and Network Security.
• SIEM tool experience and strong desire to learn and work in a live Network Operations and Security environment.
• Windows Administration skills, Microsoft Office user skills, and basic use of command line interface.
• Willingness to work shift to provide 24/7/365 operations support.