Information Security Specialist

Overview

• Manage network, intrusion detection and prevention systems.
• Conduct periodic compromise assessments across selected networks and propose recommendations based on assessment results.
• Conduct physical security assessment of the organization’s systems, including servers and networks, ensuring that any unauthorized external physical interference is not actually possible.
• Conduct ongoing network hunt activities.
• Conduct proactive vulnerability assessment across the network, subnetworks and service traffic to identify potential points of intrusion.
• Research and develop methods of tracking and detecting malicious activity within a network.
• Develop tools, signatures, and methods of detection for use in incident response activities.
• Develop SIEM integrations, dashboards, and analytics to illuminate and visualize threat activity.
• Analyze network traffic to provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• Uses data collected from a variety of cyber defense tools (e.g., anti-virus, IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments, perform cyber defense trend analysis and reporting, and perform event correlation to mitigate threats and gain situational awareness and determine the effectiveness of an observed attack.
• Carries out triage to ensure that a genuine security incident is occurring.
• Coordinate with entity-wide cyber defense staff to validate network alerts.
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
• Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
• Isolate and remove malware.
• Develop content for cyber defense tools use them for continual monitoring and analysis of network activity to identify malicious activity.
• Assist in the construction of signatures which can be implemented on cyber defense tools in response to new or observed threats within the network environment.
• Analyze and report organizational security posture trends.