placeholder
Sign in

Advanced Track: Cybersecurity Analyst and Network Computer System Administrator

Hour-based
ONET: 15-1122.00

4

Years

2000h

On-the-job training
On-the-job training
  • Analyze and report organizational security posture trends.
  • Analyze and report system security posture trends.
  • Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.
  • Assess adequate access controls based on principles of least privilege and need-to-know.
  • Assess all the configuration management (change configuration/release management) processes.
  • Assess and monitor cybersecurity related to system implementation and testing practices.
  • Assess the effectiveness of security controls.
  • Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the network environment or enclave.
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
  • Conduct cursory binary analysis.
  • Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
  • Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
  • Coordinate incident response functions.
  • Coordinate with enterprise-wide cyber defense staff to validate network alerts.
  • Coordinate with intelligence analysts to correlate threat assessment data.
  • Correlate incident data and perform cyber defense reporting.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
  • Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
  • Develop content for cyber defense tools.
  • Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
  • Document and escalate incidents (including eventÕs history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
  • Employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
  • Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
  • Ensure the execution of disaster recovery and continuity of operations.
  • Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.
  • Enter media information into tracking database (e.g., Product Tracker Tool) for digital media that has been acquired.
  • Examine network topologies to understand data flows through the network.
  • Identify and analyze anomalies in network traffic using metadata.
  • Identify applications and operating systems of a network device based on network traffic.
  • Identify network mapping and operating system (OS) fingerprinting activities.
  • Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.
  • Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
  • Isolate and remove malware.
  • Maintain deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission.
  • Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
  • Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise.
  • Monitor operational environment and report on adversarial activities which fulfill leadershipÕs priority information requirements.
  • Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's c
  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
  • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation.
  • Perform cyber defense trend analysis and reporting.
  • Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
  • Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.
  • Perform file system forensic analysis.
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
  • Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs).
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
  • Perform static analysis to mount an "image" of a drive (without necessarily having the original drive).
  • Perform static malware analysis.
  • Perform virus scanning on digital media.
  • Perform Windows registry analysis.
  • Plan and recommend modifications or adjustments based on exercise results or system environment.
  • Process image with appropriate tools depending on analystÕs goals.
  • Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies).
  • Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
  • Provide current intelligence support to critical internal/external stakeholders as appropriate.
  • Provide daily summary reports of network events and activity relevant to cyber defense practices.
  • Provide evaluation and feedback necessary for improving intelligence production, intelligence reporting, collection requirements, and operations.
  • Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations.
  • Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations.
  • Provide subject-matter expertise and support to planning/developmental forums and working groups as appropriate.
  • Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
  • Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities.
  • Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
  • Recommend computing environment vulnerability corrections.
  • Reconstruct a malicious attack or activity based off network traffic.
  • Report intelligence-derived significant network events and intrusions.
  • Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information.
  • Serve as technical expert and liaison to law enforcement personnel and explain incident details as required.
  • Track and document cyber defense incidents from initial detection through final resolution.
  • Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
  • Utilize deployable forensics toolkit to support operations as necessary.
  • Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
  • Verify minimum security requirements are in place for all applications.
  • Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date.
  • Work with stakeholders to resolve computer security incidents and vulnerability compliance.
  • Write and publish after action reviews.
  • Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies.
  • Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
Interested in this apprenticeship?
Sign up to receive notifications about changes and updates about Advanced Track: Cybersecurity Analyst and Network Computer System Administrator.
Program
Headquarters location
Garden Grove, CA (92840)
Website
State
FIND APPRENTICESHIPS BY STATE
AlabamaAlaskaAmerican SamoaArizonaArkansasCaliforniaColoradoConnecticutDelawareFloridaGeorgiaGuamHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaNorthern Mariana IslandsOhioOklahomaOregonPennsylvaniaPuerto RicoRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaVirgin IslandsWashingtonWashington D.C.West VirginiaWisconsinWyoming
calendar.svg
Get on our calendar
Not sure if WorkHands is right for you? Chat with our team today
sendEmail.svg
Send us an email
We'll get back to you shortly
Platform
How It WorksPricingFAQsResourcesStatusJoin
Learn
NewsletterHelp CenterReleasesInterviews
Company
About UsTerms of ServicePrivacy PolicySecurityContact Us
Subscribe to receive the latest apprenticeship news every month
© 2024 WorkHands All Rights Reserved.
Made in the USA.