Duties & Responsibilities - Characterize and analyze network traffic to identify anomalous activity and potential threats.
- Coordinate with enterprise-wide cyber defense staff to validate network alerts.
- Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
- Provide daily summary reports of network events and activity relevant to cyber defense practices.
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
- Use cyber defense tools for monitoring and analysis of system activity to identify malicious activity.
- Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
- Examine network topologies to understand data flows through the network.
- Conduct research, analysis, and correlation across a wide variety of all source data sets.
- Identify applications and operating systems of a network device based on network traffic.
- Identify network mapping and operating system (OS) fingerprinting activities.
- Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new observed threats within the network environment or enclave.
- Notify designated managers and cyber incident responders of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
- Monitor external data sources (e.g., cyber defense vendor sites, Computer EmergencyResponse Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
- Work with stakeholders to resolve computer security incidents and vulnerability compliance.
|