System Analyst, Cybersecurity Operations

Overview

The System Analyst will join Con Edison's Cybersecurity Operations team. This team implements and utilizes various tools and processes to build, run, and enhance the organization's cybersecurity programs. The System Analyst will contribute to the company's threat management program by developing use cases on our Threat Intelligence Platform (TIP), analyzing threat intelligence, performing impact assessments and investigations, enabling and performing threat hunts, and assisting in attack surface reduction efforts. They will support the Cybersecurity Operations Center (CSOC) through enablement and the development and introduction of new technologies, solutions, and capabilities, as well as provide advanced analysis and support. The System Analyst will also contribute to Purple Team efforts. They will create new and tune existing cybersecurity alerts, as well as lead the onboarding and transition of new alerts and security tools for the CSOC. They will also assist in monitoring trends, scenarios, and the changing threat landscape and will coordinate with the broader Information Security and infrastructure teams to take appropriate actions on both immediate needs and regularly scheduled cadences. The team also has related responsibilities to provide guidance and direction to its counterparts and stakeholders to bolster the overall security posture and capabilities of the organization's cybersecurity program.

Responsibilities

Core Responsibilities

- Create new and tune existing cybersecurity alerts

- Lead the onboarding of and training for new security tools and alerts

- Monitor, assist in troubleshooting, and perform power use functions in a variety of security tools

- Support and, when required, lead incident response efforts and threat detection capabilities

- Enable the CSOC by developing and providing new capabilities and solutions

- Perform blue and purple team functions

- Define, design, and implement strategies to protect against emerging threats using security tools

- Correlate security events to identify threats and implement countermeasures to reduce attack surface

- Develop scripts and tools to automate tedious processes and increase efficiency

- Effectively communicate technical concepts to non-technical audiences

- Provide technical expertise and support to business partners and leadership on cybersecurity threat assessments, development, testing and the implementation

- Implement & operate applicable information security plans, procedures, and control techniques designed to prevent cyber-attacks & events

- Create accurate documentation that provides concise explanations and conveys informative descriptions of findings, including technical explanations/walkthroughs, root causes, impact, and remediation/mitigation strategies

- Collaborate across the organization to build out improvement opportunities

- Monitor cybersecurity threats and vulnerabilities and provide support as necessary to incident response team

- Must be available 24/7, on call, and/or participate in off-hour emergency response activities as required

- Defines, designs, and implements strategies to protect against emerging threats using security tools

- Act as advanced support and escalation for the cybersecurity operations center

- Continuously perform capability enhancements with tools and processes

- Manage and lead information security projects for the cybersecurity operations team

- Hold seats on projects to articulate requirements and build solutions with the project teams

- Continuously implement efficiencies using current toolsets

- Implement advanced alerting and increased visibility using current and new toolsets, automation, and process

- Lead incident responses and events

- Stay abreast of TTPs, global security incidents, industry trends, advisories, publications, research, talks, and other relevant developments

- Develop scripts and tools to automate tedious processes and increase efficiency

- Assist in preparing standards, baselines, and documents for the installation of security, infrastructure, cloud, and application technologies

- Assist in preparing detailed bid specifications for the installation

- Assist the technical evaluations of contractor proposals, software, or hardware

- Perform other related tasks and assignments as required

Qualifications

Required Education/Experience

- High School Diploma/GED and 5 years of IT experience or

- Associate's Degree and 4 years of IT experience or

- Bachelor's Degree and 2 years of IT experience

Relevant Work Experience

- At least 1 year in a cybersecurity role Required

- Less than 2 years Possess a deep understanding of general information security concepts and defensive controls, such as risk management, governance, compliance, least privilege, network monitoring, malware protection and analysis, endpoint security, DLP, intrusion detection/prevention, and SIEM systems Required

- Less than 2 years Be familiar with assessment frameworks, such as MITRE ATT&CK, PTES, OSSTMM, OWASP Testing Guide, etc. Required

- Less than 2 years Possess a thorough understanding of network architecture and design, network protocols, covert channels, encryption, and data exfiltration Required

- Less than 2 years Be experienced with Windows, Mac, Linux, Unix operating systems, virtualization, storage, databases, and other related systems and technologies and their respective security considerations Required

- Less than 2 years Possess a detailed understanding of systems/network hardening, secure coding practices, and mitigation/remediation strategies Required

- Less than 2 years Be able to communicate to both technical and executive/business audiences Required

- Less than 2 years Be able to work independently and within a team Required

- Less than 2 years Be comfortable and effective working remotely within a distributed team Required

- Less than 2 years Build cooperative relationships with stakeholders throughout the organization Required

- Less than 2 years Exemplify the companys core values and act as a role model Required

- Less than 2 years Leverage critical thinking and creativity; think outside the box and do not rely on tooling Required

- Less than 2 years Effectively manage large amounts of information from complex environments and applications Required

Skills and Abilities

- Articulate and responsive to colleagues

- Demonstrated analytical skills

- Strong written and verbal communication skills

- Strong verbal communication and listening skills

- Possesses flexibility to work in a fast paced, dynamic environment

- Well organized, detail oriented and flexible to handle multiple assignments

Licenses and Certifications

- Other: Security+, Pentest+, CySA+ 1 Year Preferred

Physical Demands

- Must push, pull, lift up to 25 pounds

- Must sit or stand to use a keyboard, mouse, and computer for entire shift

Additional Physical Demands

- Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.