Cyber Security Analyst III

Company: Navy Federal Credit Union
Location: Pensacola
Posted on: May 16, 2022

Job Description:

YOUR LIFE'S MISSION: POSSIBLEYou have goals, dreams, hobbies and things you're passionate about.
What's Important to You Is Important to Us
We're looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them-friends, family and passions. And we're looking for team members who are passionate about our mission-making a difference in military members' and their families' lives. Together, we can make it happen.
Don't take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes - 2021 The Best Employers for New Grads
• Forbes - America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
• 2021 People Companies that Care
• Fortune Best Workplaces for Women
• Fortune 100 Best Companies to Work For -
• Fortune Best Workplaces for Millennials
• Computerworld - Best Places to Work in ITBasic PurposeTo provide 3rd Tier Intermediate cybersecurity event detection and threat analysis for complex events in cloud and hybrid environments. To lead the analysis of Cyber event data and other sources for indicators of cyber threat/attack and potential network compromise. Collaborate in complex, sensitive incident response activities applying knowledge of computer and network architecture to provide analysis during investigations, identifying adversarial activity and methods for future detection and prevention. Serve as subject matter expert within Information Security to identify threats within the Navy Federal environment through real time analysis of logs and alerts.
  Responsibilities
  
  • Develop content for cyber defensive tools.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Coordinate with enterprise-wide cyber defense staff to validate network alerts.
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
  • Perform security reviews and identify security gaps in hybrid security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
  • Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
  • Examine network topologies to understand data flows through the network.
  • Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
  • Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
  • Work with stakeholders to resolve computer security incidents and vulnerability compliance.
  • Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
  • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
  • Perform cyber defense trend analysis and reporting.
  • Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Incident Response Teams (IRTs).
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
  • Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Perform advanced security event detection and threat analysis for complex and/or escalated security events
  • Perform advanced intelligence analysis using analytical tradecraft methods and forensic tools
  • Provide log/network/malware/device analysis; make recommendations for remediation of security vulnerability conditions
  • Provide independent critical thinking to diagnose and analyze threat intelligence data; and make decisions on the most effective response and remediation
  • Leverage Open Source research, network, and host forensic analysis, log review and correlation to support investigations
  • Perform other duties as assigned
    Qualifications
    
    • Intermediate skill monitoring and analyzing logs and alerts from a variety of different technologies, including IDS/IPS, firewall, proxies, and anti-virus across multiple platforms
    • Intermediate skill to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats
    • Intermediate skill in cloud security event detection, threat analysis of complex events, and content management
    • Effective skill to leverage online research tools to identify and navigate online forums, specialized Web sites, social media, and traditional sources
    • Experience in coordinating and responding to events on all of the monitored networks and the systems on those networks
    • Experience in collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources to document results, analyze findings and provide business unit intelligence
    • Experience in incident response in hybrid models
    • Intermediate experience in analyzing, correlating log events for cloud technologies during complex investigations and to develop detections
    • Experience in analyzing security systems, and how changes in conditions, operations, or the environment will affect these outcomes.
    • Experience in applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
    • Intermediate knowledge of security architectures, devices, proxies, and firewalls
    • Intermediate knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
    • Outstanding verbal and written communication skills for reporting complex technical situations to various audiences, including executive leadership and nontechnical staff.
    • Intermediate research, analytical, and problem solving skills
    • Intermediate skill presenting findings, conclusions, alternatives and information clearly and concisely
    • Intermediate skill working with all levels of management, supervisors, stakeholders and vendors
    • Required: Experience with Security Tools related to Enterprise Log Management, IDP/IDS, Antivirus, Firewalls, Proxies, DLP, Forensic Analysis, Malware analysis and SIEM
    • Required: Experience in Cybersecurity analysis, incident response, or a related field with increasing responsibility
    • Desired: Intermediate skill in analyzing log events for cloud technologies to facilitate development of cyber defense detections
    • Desired: AZ-900, AZ-140, AZ-500 or other related Cloud Security certifications
    • Desired: CySA+, CASP+, CISSP or other related Information Security certifications
    • Desired: Bachelor degree in cybersecurity or related discipline
    • Desired: Intermediate skill in identifying gaps in technical capabilities
    • Desired: Intermediate knowledge of IT security standards and frameworks (e.g., MITRE ATT&CK )
    • Desired: Intermediate skill in analyzing log events for cloud technologies to facilitate development of cyber defense detections
    • Desired: Experience creating correlation content in a SIEM tool
      Hours: Monday - Friday, 8:00AM - 4:30PM (Shift Work required, Evenings and/or weekends Required, Holidays required)
      
      Location: 820 Follin Lane, Vienna VA 22180 - 5550 Heritage Oaks Dr Pensacola, FL 32526 - Remote
      
      
      • Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report onsite 4-16 days each month. The number of days reporting onsite will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and onboarding process.
        Salary: Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain competitive. You are paid within the salary range, based on your experience, location and market position.
        
        Salary range: $83,100 to $142,000Equal Employment OpportunityNavy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability
        
        COVID-19 Vaccine Information
        
        As a COVID-19 safety measure, our employees must either provide proof of COVID-19 vaccination or follow additional safety protocols, including testing.
        
        Disclaimer
        
        Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.
        
        Bank Secrecy Act
        
        Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.
        
        Employee Referrals
        
        This position is eligible for the TalentQuest employee referral program. If an employee referred you for this job, please apply using the system-generated link that was sent to you.

Keywords: Navy Federal Credit Union, Pensacola , Cyber Security Analyst III, Professions , Pensacola, Florida