Cyber Security Analyst

1.      Demonstrated experience in cyber security or related IT field.

2.      Demonstrated experience with adversarial tactics, techniques, & procedures (TTPs).

3.      Demonstrated experience with computer attack methods and system exploitation techniques.

4.      Demonstrated experience with cyber security principles for Linux, Windows, virtual platforms, networking, and Cloud.

5.      Demonstrated experience with network architectures and fundamentals.

6.      Demonstrated experience developing risk management methodologies.

7.      Demonstrated experience analyzing test results to develop risk and threat mitigation plans.

8.      Demonstrated experience with market-leading vulnerability management tools including the ability to deploy, configure, and run these tools.

9.      Demonstrated experience with vulnerability concepts and prevalent vulnerability types such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), path traversals, denial of service (DoS), buffer overflows, command injection, race conditions, open redirects, privilege escalation, authentication bypasses, XML External Entity (XXE) attacks and similar.

10.  Demonstrated experience with privilege and high/low trust boundaries and what defines a vulnerability vs. weakness.

11.  Demonstrated experience with vulnerability and risk scoring frameworks and methodologies such as CVSSv2 and CVSSv3.

12.  Demonstrated experience with vulnerability repositories (NVD, CVE MITRE, and VULdb) and exploitation techniques (MITRE ATT&CK and DEFEND).

13.  Demonstrated experience with web application (OWASP) and OS-level vulnerability categories and documentation.

14.  Demonstrated experience communicating how an attacker would exploit vulnerabilities and the types of attacks they could be used for.

15.  Demonstrated experience with the general threat landscape of an IT network and how vulnerabilities and exploitation of them impact it