This position is a hybrid role at the Pantex plant in Amarillo, TX. Some on-site work is required in this position. If offered the role, relocation assistance will be available.

The Cyber Defense Analyst uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within CNS's networks for the purposes of mitigating threats. Job functions include:

• Develop content for cyber defense tools
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Coordinate with enterprise-wide cyber defense staff to validate network alerts
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
• Perform cyber defense trend analysis and reporting
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Examine network topologies to understand data flows through the network
• Reconstruct a malicious attack or activity based off network traffic
• Provide daily summary reports of network events and activity relevant to cyber defense practices
• Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
• Additional responsibilities as necessary

Bachelor's degree in Computer Science, Information Security, Information Systems or a related field with at least two (2) years of relevant professional experience, and 5 years of cyber defense experience in an enterprise network environment.

• Ability to recognize and categorize types of vulnerabilities and associated attacks
• Knowledge of adversarial tactics, techniques, and procedures
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Knowledge of authentication, authorization, and access control methods
• Knowledge of network access, identity, and access management
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of incident response and handling methodologies
• Knowledge of Windows/Unix ports and services
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
• Knowledge of the use of sub-netting tools
• Knowledge of Virtual Private Network (VPN) security
• Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations
• Experience using cyber defense, vulnerability assessment, and analysis tools, and familiarity with their capabilities
• Experience with network tools (e.g., ping, traceroute, nslookup)
• Relevant cybersecurity experience including SIEM operations, event management and incident management Experience
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
• Ability to review logs to identify evidence of past intrusions
• Ability to analyze malware
• Ability to identify applications and operating systems of a network device based on network traffic
• Ability to perform packet-level analysis