fbpx Skip to main content

Network Security Analyst

Job Overview

The Network Security Analyst helps ensure that information systems and computer networks are secure. This position includes protecting against malicious actors and cyber-attacks, as well as monitoring network traffic and server logs for unusual activity. The Network Security Analyst looks for vulnerabilities in computer networks and creates recommendations to minimize threats. The Network Security Analyst investigates security breaches, develops remediation strategies for any security issues/incidents, and leverages security and operational tools in an attempt to monitor, detect, react, and prevent threats on the corporate network. This position leverages various tools and techniques, works as part of a coordinated team, and keeps up to date on the lates developments in an ever-changing landscape.

Organizational Impact

The organization impact of a Network Security Analyst is significant. This role is responsible for ensuring the security and integrity of an organization's computer networks and systems. By identifying and mitigating potential security threats, a Network Security Analyst helps to protect the organization's sensitive data and intellectual property. This can prevent costly data breaches, downtime, and reputational damage. Additionally, a Network Security Analyst can help an organization comply with regulatory requirements and industry standards, which can improve the organization's overall reputation and credibility. Overall, the role of a Network Security Analyst is critical to the success and security of an organization.

Key Systems

- Firewall systems

- Intrusion detection and prevention systems

- Virtual private network (VPN) systems

- Security information and event management (SIEM) systems

- Vulnerability assessment and management systems


The most important five systems for a Network Security Analyst would be:

- Firewall systems

- Intrusion detection and prevention systems

- Virtual private network (VPN) systems

- Security information and event management (SIEM) systems

- Vulnerability assessment and management systems


Inputs

- Security policies and procedures

- Network infrastructure and architecture

- Threat intelligence and analysis

- Security tools and technologies

- Business objectives and priorities


Outputs

- Security assessments and vulnerability reports

- Network security policies and procedures

- Incident response plans and procedures

- Security awareness training materials

- Recommendations for security improvements and risk mitigation strategies


Activities

  • Investigate security breaches, incidents and alerts
  • Develop, deploy and tune SIEM content such as correlation rules, dashboards, reports and models
  • Serving as technical SME to support the Microsoft Defender EDR platform. Developing use cases, threat detection logic and rules, and alerting in Defender EDR platform for response by Incident Detection & Response analysts
  • Operationalizing Indicators of Compromise from intelligence feeds by developing, testing, deploying, monitoring and alerting rules into Defender EDR Platform.
  • Identify, review and remediate system vulnerabilities
  • Develop and implement SOC and IR systems integrations through automation and orchestration including API, PowerShell, and other automation techniques
  • Perform Ethical Hacking and other proactive security measures to identify risk
  • Installing, managing, and administering security software
  • Develop and implement new SOC and IR playbooks for alert enrichment and triage, and threat hunting
  • Ability to integrate data sources from a Cybersecurity standpoint into a SIEM/Splunk/SOAR environment is highly desired.
  • Monitor computer networks and systems for threats and security breaches
  • Test systems for potential vulnerabilities
  • Develop systems and processes for security best practices throughout the company
  • Prepare reports on security incidents
  • Architects, designs, implements, maintains and operates information system security controls and countermeasures
  • Review system logs for threat and anomaly identification and opportunities for system optimizations

Recommended Items

  • Security policies and procedures
  • Incident response plan
  • Network diagrams and documentation
  • Access control policies and procedures
  • Risk assessment and management plan

Content Examples

  • Security assessment reports
  • Network diagrams and topology maps
  • Incident response plans and procedures
  • Security policies and procedures documentation
  • Risk management and vulnerability assessment reports

Sample Event-Driven Tasks

- Monitor network traffic for suspicious activity and investigate any anomalies

- Respond to security incidents and perform forensic analysis to determine the root cause

- Conduct vulnerability assessments and penetration testing to identify potential security weaknesses

- Implement and maintain security controls such as firewalls, intrusion detection/prevention systems, and access controls

- Stay up-to-date with the latest security threats and trends, and make recommendations for improving the organization's security posture.


Sample Scheduled Tasks

- Conduct regular vulnerability scans on network systems and applications

- Review and analyze security logs to identify potential security threats

- Perform routine security audits to ensure compliance with industry standards and regulations

- Monitor network traffic for suspicious activity and investigate any anomalies

- Update and maintain security policies and procedures to reflect changes in technology and threats.


Sample Infill Tasks

- Conduct vulnerability assessments and penetration testing on network systems

- Monitor network traffic and analyze logs for suspicious activity

- Implement and maintain firewalls, intrusion detection/prevention systems, and other security measures

- Develop and enforce security policies and procedures for network users

- Stay up-to-date on emerging threats and technologies in the field of network security


Skip to content