Cyber Threat/Incident Analyst (Associate/Sr./Engineer/Sr. Engineer)

Company

Federal Reserve Bank of Atlanta

As an employee of the Atlanta Fed, you will help support our mission of promoting the stability and efficiency of the U.S. economy and financial system. Your work will affect the economy of the Southeast, the United States, and the world. The work we do here is important, and how we do it is just as important as what we do. We live our values of integrity, excellence, and respect every day. We do the right thing, we do things right, and we treat people right. A career at the Federal Reserve Bank of Atlanta gives you the chance to do work that touches lives and helps communities prosper.

We are a dynamic hybrid workplace environment that requires at least 2 days a week in the office.

Position Summary:

The Threat and Vulnerability Management team provides vulnerability management and incident response services for the 6th Federal Reserve District. Under direct supervision from management and other team members, the TVM Analyst uses existing processes and procedures to solve routine or standard problems required to protect the organization’s information assets. Participates in one functional area defined below as primary responsibility and assists in other areas as requested. Works with critical and sensitive information daily and is relied upon to maintain intended security safeguards.

Key Responsibilities:

Participates in one functional area defined below as primary responsibility and assists in other areas as requested.

• Foundational Skills:
  • Limited prior knowledge and experience with:
    • The MITRE ATT&CK framework.
    • Digital Forensics and Incident Response (DFIR).
    • Common cyber-attacks, malware, and the risk they pose.
    • Security Information Event Manager (SIEM) technology: searches, log analysis, and creation of alerts/alarms.
    • Typical enterprise networking architecture, protocols, and packet analysis.
    • Current trends in malware, cyber-attacks, and OS/application vulnerabilities.
    • Web application vulnerabilities, such as injection, configuration, information leakage, and typical threats, attacks, and countermeasures.
    • Dynamic web application vulnerability assessment scanners: configuration, scanning, and interpreting/triaging test results.
    • Enterprise network vulnerability scanning applications, including use and administration.
    • Communicating with stakeholders regarding cyber topics, can drive results to reduce risk in the environment.
    • Threat hunting methodologies and frameworks.
    • Cloud service provider technologies and security.
• Function Areas:
  • Flaw Remediation
    • Applies patches, configurations, group policy objects, or other remediation activities to workstations and other endpoints using a variety of toolsets.
    • Reviews reports and conducts additional research on how to remediate vulnerabilities.
    • Coordinates remediation activities.
  • Host Vulnerability Assessment
    • Manages and maintains network scanning configuration (but not infrastructure).
    • Measures, reports, analyzes, and communicates vulnerabilities in terms of both risk and compliance.
    • Notifies stakeholders of vulnerabilities, collaborates on remediation recommendations, tracks and escalates remediation performance.
  • Incident Response
    • Manages all aspects of information security incidents. Prepares through exercises and continuous learning, performs evidence collections and analysis, contains and eradicates threats, documents activities, manages stakeholder communication and involvement, and conducts Lessons Learned reviews.
    • Communicates threats, impacts, and trend information to leadership and stakeholders.
    • Lead remediation projects where security gaps have been identified.
  • Incident Detection
    • Augments national SOC detection capabilities by implementing local detection interests. Collaborates with stakeholders on detection capabilities and use case design.
    • Monitors and analyzes logs and data, produces reports and real-time alerts.
    • Leverages industry frameworks to understand attacker tactics, techniques, and procedures to prioritize detection use cases.
    • Hunts for threats based on attack methods discovered from incidents, industry reports and intel.
  • Web Application Vulnerability Assessment
    • Identifies, validates, reports, and escalates vulnerabilities in web applications using dynamic and integrated application security testing (DAST & IAST).
    • Collaborates with stakeholders to understand vulnerability risks and remediation techniques.
    • Configures and maintains dynamic and/or integrated scanning applications.
  • Other Position Priorities:
    • Participates on workgroups and awareness activities, as requested by supervisor.
    • Represents the Information Security Department in client interactions, as requested by supervisor.
    • Stays current on new and emerging technologies.

Education: Bachelor’s degree or equivalent work experience. Advanced Degree Preferred

Experience:

• Associate: 0-2 years of professional experience
• Senior: 2+ years of professional experience
• Engineer: 5+ years of experience
• Senior Engineer: 7+ years of experience

Qualifications:

• Cybersecurity Frameworks
• Cybersecurity Principles
• Vulnerability Management Tools
• Patching Software Experience – Big Fix, SCCM, or Ansible preferred
• SIEM
• Scripting Languages – SQL and PowerShell preferred
• Reporting – Microsoft Excel, PowerBI, or Tableau preferred
• Written/Verbal Communication
• Certifications/Licenses (preferred): ISC2, CompTIA, Cisco

Our total rewards program offers benefits that are the best fit for you at every stage of your career:

• Comprehensive healthcare options (Medical, Dental, and Vision)
• 401K match, and a fully funded pension plan
• Paid vacation and holidays; flexible work environment
• Generously subsidized public transportation
• Annual tuition reimbursement
• Professional development programs, training and conferences
• And more…

This is not necessarily an exhaustive list of all responsibilities, duties, performance standards or requirements, efforts, skills or working conditions associated with the job. While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed when circumstances change (e.g. emergencies, rush jobs, change in workload or technological developments).

The Federal Reserve Bank of Atlanta is an equal opportunity employer.

Full Time / Part Time

Full time

Regular / Temporary

Regular

Job Exempt (Yes / No)

No

Job Category

Work Shift

First (United States of America)

The Federal Reserve Banks believe that diversity and inclusion among our employees is critical to our success as an organization, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

Privacy Notice