Senior Cyber Defence Analyst

Key accountabilities

Vulnerability assessment and management

• conducts assessments of threats and vulnerabilities
• determines deviations from acceptable configurations, and from enterprise or local policy
• assesses the level of risk
• develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations

Cyber defence analysis

• uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network, to protect information, information systems and networks from threats
• performs real-time cyber defence incident handling (e.g. forensic collections, intrusion correlations and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)

Cyber operations

• analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community
• synthesizes and places intelligence information in context, and draws insights about the possible implications
• conducts research and analysis, and correlates across a wide variety of all source data sets (indications and warnings)

Cyber investigations

• identifies, collects and seizes documentary or physical evidence
• gathers digital media and logs associated with cyber intrusion incidents, investigations, and operations
• conducts analysis of log files, evidence, and other information to determine best methods for identifying the perpetrators(s) of a network intrusions or other crimes

Digital forensics

• creates forensically sound duplicates of evidence (I.e. forensic image) that ensures the original evidence is not unintentionally modified during analysis processes
• performs timeline analysis
• reviews forensic images and other data sources (e.g. volatile data) for recovery of potentially relevant information

Decision making authority

• makes decisions related to the day-to-day implementation and development of the cyber security function
• in consultation with the Manager, IT Product:
  • makes decisions on security requirements to protect FCC's assets
  • makes decisions on the appropriate approach to continue operating and efficiently recover critical business functions after a disaster
  • decides the appropriate strategic and tactical enterprise security controls to invest in

Reporting relationships

• reports to Manager, IT Product
• no formal direct reports but provides coaching and mentorship to peers in the cyber security disciplines

Knowledge and skill

• strong interpersonal skills and the ability to communicate technical information in easy to understand language
• ability to use security event correlation tools
• ability to recognize and categorize types of vulnerabilities and associated attacks
• ability to conduct cyber forensic investigations, including collection of intrusion artifacts (e.g. source doe, malware) and using discovered data to enable mitigation of potential cyber events
• knowledge of penetration testing principles, tools, and techniques
• ability to perform assessments of systems and networks to identify vulnerabilities

Knowledge is generally acquired by having completed:

• bachelor’s degree in Computer Science, Mathematics or Engineering
• 6 to 8 years of cyber security experience
• or an equivalent combination of education and experience

Working conditions

• work is performed under normal office conditions with limited auditory strain consisting of normal office sounds
• visual requirements and exertion may consist of in excess of 5 to 8 hours a day of computer usage
• travel may be required overnight up to 10 days per year for training purposes