Cyber Defense Analyst Job Profile

What is a Cyber Defense Analyst?

The Cyber Defense Analyst uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.

Professional Certification

Cyber Defense Analyst must know:

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • authentication, authorization, and access control methods.
  • cyber defense and vulnerability assessment tools and their capabilities.
  • computer algorithms.
  • encryption algorithms
  • cryptography and cryptographic key management concepts
  • database systems.
  • host/network access control mechanisms (e.g., access control list, capabilities lists).
  • vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • incident response and handling methodologies.
  • cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  • information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • network traffic analysis methods.
  • new and emerging information technology (IT) and cybersecurity technologies.
  • operating systems.
  • how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • policy-based and risk adaptive access controls.
  • system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • key concepts in security management (e.g., Release
  • Management, Patch Management).
  • Knowledge of security system design tools, methods, and techniques.
  • telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
  • Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization.
  • Virtual Private Network (VPN) security.
  • what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • Insider Threat investigations, reporting, investigative tools and laws/regulations.
  • adversarial tactics, techniques, and procedures.
  • network tools (e.g., ping, traceroute, nslookup)
  • defense-in-depth principles and network security architecture.
  • different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
  • Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).
  • interpreted and compiled computer languages.
  • collection management processes, capabilities, and limitations.
  • front-end collection systems, including traffic collection, filtering, and selection.
  • cyber defense and information security policies, procedures, and regulations.
  • the common attack vectors on the network layer.
  • different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • system administration, network, and operating system hardening techniques.
  • applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • encryption methodologies.
  • signature implementation impact for viruses, malware, and attacks.
  • Windows/Unix ports and services.
  • security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • OSI model and underlying network protocols (e.g., TCP/IP).
  • relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities.
  • Personally Identifiable Information (PII) data security standards.
  • Payment Card Industry (PCI) data security standards.
  • Personal Health Information (PHI) data security standards.
  • systems security testing and evaluation methods.
  • countermeasure design for identified security risks.
  • network mapping and recreating network topologies.
  • packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • the use of sub-netting tools.
  • operating system command-line tools.
  • embedded systems.
  • Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • how to use network analysis tools to identify vulnerabilities.
  • penetration testing principles, tools, and techniques.
  • Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Key skills the Cyber Defense Analyst include:

  • developing and deploying signatures.
  • detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
  • determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • evaluating the adequacy of security designs.
  • using incident handling methodologies.
  • using protocol analyzers.
  • collecting data from a variety of cyber defense resources.
  • recognizing and categorizing types of vulnerabilities and associated attacks.
  • reading and interpreting signatures (e.g., snort).
  • assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • performing packet-level analysis.
  • recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • conducting trend analysis.
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • use cyber defense Service Provider reporting structure and processes within one’s own organization.

Cyber Defense Analyst must able to:

  • analyze malware.
  • conduct vulnerability scans and recognize vulnerabilities in security systems.
  • accurately and completely source all data used in intelligence, assessment and/or planning products.
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
  • interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?