Company: Barton Malow Holdings
Job Location: Southfield, MI
Position: Cybersecurity Analyst
REQ ID: 10822
POSITION SUMMARY
The Cybersecurity Analyst reports to the Director of IT and is responsible for various cybersecurity matters within the organization. This position is pivotal in maintaining a proactive cybersecurity stance within the organization by promptly addressing security incidents, fostering preparedness through simulations, and ensuring that all stakeholders are well-informed about potential threats and preventive measures.
KEY JOB RESPONSIBILITIES:
- Respond to tickets generated by the Managed Detection and Response (MDR) provider.
- Develop and maintain technical procedures and plans focused on incident handling.
- Monitoring, identifying, and tracking vulnerabilities found in the organization’s technical environments. Staying updated on potential weaknesses and documenting them.
- Perform internal security audits to assess the organization’s security posture, identify potential weaknesses, and implement corrective measures.
- Plan and hosts tabletop exercises designed to simulate potential cybersecurity incidents.
- Conduct research, analysis, and correlation across a wide variety of data sources.
- Educate and raise awareness among the user community about various security threats, best practices, and measures to mitigate risk.
REQUIRED KNOWLEDGE, EDUCATION, EXPERIENCE, SKILLS, AND ABILITIES:
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field or equivalent work experience.
- 2-3 years of experience in cyber threat intelligence, vulnerability management, security engineering, incident response, or offensive security required.
- Strong technical skills with prior knowledge of a wide variety of tools, and technologies, and experience deploying and monitoring these capabilities to identify cyber threats.
- Conceptual and technical knowledge of modern IT environments including server configuration/architecture, cloud, database management/configuration, networking protocols/designs, and access management/access controls.
- Prior experience writing and using scripted tooling in support of intelligence collection is preferred.
- Experience in open-source collection, use of online tools, experience querying internal databases of information in support of investigative efforts.
- Experience documenting cyber threat intelligence in a consumable manner that non-IT professionals can easily understand.
- Experience with the application of common cybersecurity frameworks. e.g, NIST CSF, MITRE ATT&CK
- Demonstrated interpersonal skills and ability to work effectively and collaboratively with a wide range of stakeholders.
- Strong verbal and written communication skills.
- Ability to prioritize risk reduction and remediation tasks to support a vulnerability management program.
- Cybersecurity training or certifications from organizations such as SANS/GIAC, TCM, OffSec, CompTIA, ISC(2) is preferred.