Performs advanced analysis of adversary tradecraft, malicious code, and capabilities. Provides cyber threat and intelligence analysis, and develops briefings and reports to distribute and aid in information sharing and protection efforts. Develops and maintains subject matter expertise of Advanced Persistent Threats and assists with Incident Response efforts.
Serves as the expert which shall be responsible for providing expert cyber threat and intelligence technical support to all sites listed in the place of performance. The Advanced Cyber Threat Analyst II is required to provide expert technical support to monitor, correlate, identify, analyze, mitigate, manage, track and support processes for all security incidents. The Advanced Cyber Threat Analyst II shall have knowledge of, and experience in, the following:
1. Cyber Security Policy and advanced cyber security threat mitigation at the Expert level
2. Advanced Cyber security tools, network topologies, intrusion detection, PKI, and secured networks
3. Implementation of cyber security regulations
4. Tracking all activity, insuring timely resolution of problems
5. Coordinating the development of advanced security signature or access control mechanisms that can be implemented on security systems such as intrusion prevention - detection systems, firewalls, routers or endpoint in response to new or observed threats within the enterprise
6. Leading the identification of advanced security systems and controls to ensure the monitoring and configuring of security appliances
7. Ensuring that Analysts receive and analyze alerts from various enterprise level sensors and determine possible causes of such alerts
8. Performing advanced analysis of adversary tradecraft, malicious code, and capabilities
9. Creating and leading processes that support the analysis of log files from a variety of enterprise level systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs
10. Identifying anomalous activity and potential threats to enterprise resources
11. Monitoring external and internal data sources in order to maintain enterprise threat conditions
12. Leading the processes which support event correlation by using information gathered from a variety of system and sensor sources within the enterprise;
13. Managing the collection and advanced analysis of intrusion artifacts and using discovered data to enable mitigation potential of incidents within the enterprise.
14. Providing advanced network event analysis and intrusion analysis.