Special Skillset (optional):
- Executes decision-making authorities and establishes cyber incident response direction for organization and cyber defense fusion operations.
- Single Point of Contact (SPOC) when a cybersecurity incident is declared.
- Manages Cybersecurity incident response lifecycle during a cybersecurity incident.
- Provides Cybersecurity Incident After-Action Reporting.
- Analyze the cybersecurity incident data, determine impact of the incident, classify or re-classing the cyber incident category, impact, scope, severity, or appropriate response procedures.
- Gathers information regarding cybersecurity incident, catalogs, and maintains the integrity of collected data for evidence.
- Provides escalation support for Cyber Command Center Analyst and Cyber Incident Coordinators.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
- Conduct real-time analysis using the SIEM, Cloud, Endpoint and Network based technologies, and other security analytics tools with a focus on identifying anomalous activity, security events/alerts and rule out false positives