2021 Cyber Intelligence Analyst (Rolling Intake)

The Cyber Intelligence Analyst primary function is to fulfil various roles in Emerson Computer Incident Response Team's (CIRT) mission to defend Emerson information systems and resources against cyber security threats.

The Cyber Intelligence Analyst is responsible for delivering effective and efficient enterprise-wide security incident response. By proactively detecting advanced threats targeting Emerson's information infrastructure and coordinating enterprise-wide incident response, they ensure that information security incidents are properly identified, escalated, and resolved.

The Cyber Intelligence Analyst will perform highly technical duties including system analysis, malware analysis, indicator extraction, signature development, and network traffic analysis. Reporting will include lessons learned, root cause analysis, campaign development, and both tactical and strategic mitigations. The employee will be expected to analyze various forms of forensic data to determine the root cause, develop a timeline for IR activities, and articulate findings in technical detail as well as at an executive summary level.

This individual focuses on executing incident response plans, processes, and procedures and performing root cause analysis. They need to be able to define the severity of threats, risks and vulnerabilities and prioritize them accordingly. They are is also responsible for the contextual analysis of indicators of compromise and attacker tactics, techniques and procedures (TTP).

Responsibilities

• Detection
• Responsible for monitoring all incoming alerts (Network / EndPoint / Suspicious Email)
• Responsible for validating incoming alerts if true or false positive
• Responsible for acquiring pertinent data to analyze a security incident
• Responsible for determining the severity of a validated security incident
• Responsible for monitoring and ensuring continuous communications with the Site Administrators in order to resolve the incident
• Responsible to contain the hosts with active compromises beyond 48 hours of sending remediation emails
• Responsible to inform incidents to the rest of the team as necessary
• Responsible for Root Cause Analysis of an incident
• Document analysis
• Contribute to the automation of processes and capabilities

Requirements

• Education
• BS in Information Technology/Engineering/any Science or related area may be substituted with years of experience in the field.
• Fluent in English
• Principal Function Responsibilities
•  
• Monitor, identify, respond, investigate and document the resolution of computer and network security compromises
• Provide remediation support to compromised computers or IT systems
• Global coordination of security incidents to Business Unit stakeholders
• Carry out data analysis to determine the root cause of security incidents
• Responsible for researching and maintaining proficiency tools; including researching techniques, countermeasures and trends in computer and network vulnerabilities
• Contribute to alert signatures tuning;
• Maintain an understanding of current and emerging information security threats and vulnerabilities

Job-Related Experience

• Basic Information Security Knowledge and Familiarity with Operating Systems knowledge required.
• OSI layer
• Windows Systems Structure
• Windows Startup
• Windows Directory Structure
• Windows Registry Directory Structure
• Networking
• TCP/IP - 3-way handshake, client-server communications
• IP addressing
• Subnetting
• Routing
• Analysis
• Email Headers
• Email flow
• Windows Event Logs - Security
• EDR Logs
• Firewall Logs
• Familiarity with Programming Languages
• HTML, javascript, python, JSON - can visually discern between code and language structure
• Specific Knowledge
• 3+ years of experience working in an information security role.

Skills

• Solid working knowledge of Microsoft Windows Operating System, including registry, event logs and other common forensic artifacts
• Solid working knowledge in TCP/IP and networking fundamentals, architecture and security infrastructure best practices
• Ability to document technical analysis and generate reports
• Data analysis and correlation
• Packet Capture Analysis
• Experience in performing static and dynamic analysis of suspect malware
• Knowledge in basic encryption
• Knowledge in basic scripting languages such as Powershell and Python
• Regular Expressions (RegEx)
• Business Understanding
• Must have excellent written and verbal skills
• Exceptional interpersonal skills, with a focus on rapport-building, listening and questioning skills.
• Experience in effectively communicating with a broad base of end-users and multiple management layers.
• Strong desire to grow technically and professionally
• Must have strong personal initiative
• Strong sense of accountability
• Must have an outstanding attitude and desire to ensure customer satisfaction