A Cyber Defense Analyst’s job is to use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
Below is a sampling of the tasks and responsibilities for the Cyber Defense Analyst’s specialty:
Analyze network traffic to identify anomalous activity and potential threats to network resources.
Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
Perform event correlation using information gathered from a variety of sources to gain situational awareness and determine the effectiveness of an observed attack.
Perform security reviews and identify security gaps and make strategy recommendations to eliminate risks.
Perform cyber defense trend analysis and reporting and provide daily summary reports of network events and activity relevant to cyber defense practices.
Receive and analyze network alerts from various sources and determine possible causes of such alerts.
Provide timely detection, identification, and alerting of possible attacks/intrusions, and misuse activities and distinguish these incidents and events from benign activities.
Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
Isolate and remove malware.
Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.
Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
As a rule the certifications, education, and training recommendations for entry level employment are more flexible than mid-level and leadership level employment.
Recommended Certifications: Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments,
Recommended Education: A minimum of an AS degree in the following areas is helpful, but not always a requirement in areas like: Computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering.