Previous Job
Previous
Security Threat Analyst
Ref No.: 20-01041
Location: Jacksonville, Florida
Job Description: JOB SUMMARY
The IT Security Threat Analyst, under limited supervision, develops, maintains, and implements a comprehensive information security monitoring and threat analysis program including defining security policies, processes and standards for large and complex environments. Responsible for comprehensive threat analysis and recommending the appropriate course of action and escalating. Perform audit assessments and define processes and standards to ensure that security configurations are maintained and proactively identifies that they have not been inappropriately modified. Assist third-party incident response teams and law enforcement agencies by providing logs, reports, alert notifications, and other requested information.

Essential Functions
The essential functions listed represent the major duties of this role, additional duties may be assigned.
Serves as a liaison with IT and business area partners to identify, understand, document and advise on security requirements, impacts and risks and threats. Provides third level, threat analysis by:
Proactively and automatically correlates and analyzes threat data from various sources and analyzes network events to establish the identity and modus operandi of malicious users active in the computing environment or posing potential threats to the computing environment
Independently, but with some level of guidance from Senior IT Threat Analyst, conducts industry research and technical evaluation of all-sources and vendor supplied intelligence--with specific emphasis on network operations and advanced,sophisticated cyber tactics, techniques, and procedures
Preparing assessments and cyber threat profiles of current events based on collection, research and analysis of open source information.
Under some level of guidance, develops and publishes high-quality intelligence work products and after-action reviews.
Assist in performance of incident response and forensic security investigations.
Proven technical knowledge of security and technical architectures, tools and controls with specific demonstrated experience in proactive detection, mitigation, and resolution of advanced cyberattacks and./or threats
Proven technical knowledge of security and technical infrastructures including security firewalls, data loss prevention, encryption, and end point protection appliances
Demonstrated knowledge of information threat analysis and detection concepts and principles and impact
Experience working and managing vendor performance and service level agreements
Conducts and, at times, leads root cause analysis of any monitoring alerts and threats identified by third-party vendor, or internal systems and workforce. Once root cause is determined, proposes and works with other teams, if required, to implement appropriate security controls and solutions that will mitigate risk and vulnerabilities, as well as safeguard our systems and data.
Assists in the preparation of detailed technical papers, presentations, recommendations, and findings for Management and other Technology Leaders
Can be asked to provide briefings and presentations to colleagues and leadership supporting analysis of cyber threats
Serves as first point of contact for third party monitoring vendor and internal areas that identify any monitoring alerts and threats
Develops and maintains documentation for security monitoring and threat procedures and security diagrams

Years of Experience
6+ years related work experience or equivalent combination of transferable experience and education

Education Level
Related Bachelor's or Master's degree or additional related equivalent work experience

Additional Required Qualifications:
•Strong technical knowledge of security and technical architectures, tools and controls with specific demonstrated experience in proactive detection, mitigation, and resolution of advanced cyberattacks and./or threats
•Strong technical knowledge of security and technical infrastructures including ecuritsy firewalls, data loss prevention, encryption, and end point protection appliances
•Demonstrated knowledge of information threat analysis, threat modeling, and detection concepts and principles and impact
•Experience working and managing vendor performance and service level agreements
•Knowledge of network infrastructure including routers, switches, firewalls and associated network protocols and concepts.
•Strong technical knowledge of current systems, software, protocols and standards. (including TCP/IP and network administration/protocols).
•Experience developing, documenting and maintaining security procedures.
•In-depth knowledge of operating systems and security applications
•Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
•Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
•Ability to manage tasks independently and take ownership of responsibilities
•Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
•Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyberattacks
•High critical thinking skills required to evaluate complex, multi-sourced security intelligence information, analyze and confirm root cause, an independently, or at times with the assistance of a Senior IT Threat Analysts or third-party vendor, identify mitigation alternatives and solutions that safeguard our technical environment.
• Demonstrated advanced proficiency with Network components and design and tools used to administer security in these environments.
• Demonstrated advanced proficiency with Windows environments and tools used to administer security in these environments
• Demonstrated advanced proficiency of UNIX/Linux environments and tools used to administer security in these environments
• Demonstrated advanced proficiency with Database environments and tools used to administer security within the various databases, e.g., UDB, DB2, SQL and Oracle
• Advanced level experience with application design and development to include next generation programming and scripting. Ability to perform application security testing.
• Proficiency with productivity tools are required, e.g., Windows Explorer, Word, Excel, PowerPoint, Outlook, Visio etc.

Additional Preferred Qualifications:
• 3 years of Security Operations Center Threat Analysis experience including, but not limited to investigations, threat hunting, and incident response
• Relevant certifications
• Experience using Agile methodology

SPECIAL SKILLS DESIRED

*** Cyber Intelligence, Surveillance, and Reconnaissance (ISR) team is seeking a threat analyst with experience and demonstrated proficiency with Social Engineering Education, Process Review, Simulated Phishing Campaigns, Suspicious Email Reporting, and Covert Social Engineering Operations.

Functions may include:
Implementation of an integrated Simulated Phishing Platform with automated awareness training that provides continuous simulated phishing testing campaigns with integrated training and reporting., integrated suspicious email button and reporting, and USB drive testing.

The individual would also support targeted Social Engineering education to high risk areas. Identification and analysis of high risk areas/processes that are susceptible to social engineering attacks that would have a large impact on the organization and recommend changes, and facilitation of covert options to test high risk areas of the organization; identify deficiencies and work with appropriate business/IT leaders to address accordingly.
Comments for Suppliers: *** Cyber Intelligence, Surveillance, and Reconnaissance team is for a threat analyst with experience and a demonstrated proficiency with Social Engineering Education, Process Review, Social Engineering Technical Solutions, Simulated Phishing Campaigns, Suspicious Email Reporting, and Covert Social Engineering Operations.

This candidate will have to complete all advanced checks as outlined in the handbook.