Cybersecurity Analyst

Main responsibilities

The Security Analyst Cybersecurity provides support business, asset and owners and other stakeholders in identifying security requirements, developing security concepts and solutions and support the implementation of security functions or updates by providing expertise and advice. The Security Analyst Cybersecurity is also responsible for proactively and iteratively identifying new attacks or attacks underway and then working with the incident response team to contain and remediate the incident in order to minimize the impact as quickly as possible.

Reference Tasks

The obligations defined in the respective sections of the service description specify the framework within which the resource is to be used primarily. The tasks listed below are examples of important tasks to be performed by the CyberSecurity Security Analyst .

• Provide advice and recommendations

• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.

• Plan and recommend modifications based on exercise results or system environment.

• Recommend computing environment vulnerability corrections.

• Assess adequate access controls based on principles of least privilege and need-to-know.

• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations

• Support the creation of new architecture, policies, standards, and guidance to address them

• Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies

Trend analysis and reporting

• Perform cybersecurity trend analysis and reporting.

• Analyze and report organizational security posture trends and system security posture trends.

Incident and Threat Management Support

• Research threats and vulnerabilities to aid in the identification of incidents and vulnerabilities

• Provide incident management support, including mitigating actions to contain activity and facilitating incident analysis when necessary

Certification :

At least one certificate related to information security analytics or information security management.:

• CISSP: Certified Information Systems Security Professional
• CISA: Certifies Information Systems Auditor
• CISM: Certified Information Security Manager
• GSEC: GIAC Security Essentials
• GCCC: GIAC Certified Critical Controls
• CEH: EC Council Certified Ethical Hacker
• ECSA: EC Council Certified Security Analyst
• ISO 27001 Lead Auditor
• ISO 27001 Lead Implementer

The person we need should have experience and expertise in performing security risk assessments, defining security requirements as well as designing solutions on public cloud technologies (i.e. offering IaaS/PaaS services like compute, storage, Kubernetes, and managed databases leveraging OpenStack)