Researching emerging threats and vulnerabilities to aid in the identification of network incidents, and supports the creation of new architecture, policies, standards, and guidance to address them
Knowledge and practical implementation of secure system configuration and hardening standards
Design, configure and integrated secure solutions in the technology domains assigned
Provide incident response support, including mitigating actions to contain activity and facilitating forensics analysis, system hardening and recovery when necessary
Provides installation, system configuration, hardening and optimization for infrastructure, application, and security components and systems such as servers, workstations, mobile devices, directory services, operating systems, middleware, IOT, web and next generation firewalls, machine and human behavior learning tools, host-based security system, security event and incident monitoring systems, virtual, physical, and cloud platforms.
Identifies configuration gaps independently and/or with vendors to reduce cybersecurity risks
Reviews alerts and data from sensors and documents formal, technical incident reports
Tests new systems and manage cybersecurity risks and remediation system testing, baseline, and best practices
Responds to computer security incidents according to the computer security incident response policy and procedures
Provides technical guidance to first responders for handling information security incidents
Provides timely and relevant updates to appropriate stakeholders and decision makers
Communicates investigation findings to relevant business units to help improve the information security posture
Validates and maintains incident response plans and processes to address potential threats
Compiles and analyzes data for management reporting and metrics
Monitors relevant information sources to stay up to date on current attacks and trends
Analyzes potential impact of new threats and communicates risks back to detection analyst, architect, technology SME, and management functions
Performs root-cause analysis to document findings, and participate in root-cause elimination activities as required
Uses judgment to form conclusions that may challenge conventional wisdom
Hypothesizes new threats and indicators of compromise
Monitors threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
Identifies the tactics, techniques and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.