CYBER DEFENSE ANALYST

Education and work experience:

Higher education (University degree or higher) in in Information Technology sphere and not less than 2 years of work experience as Cyber Defense Analyst.

Main functions:

• Implementation and support of the KPO Cybersecurity and Information Security programs. Ensure business continuity based on KPO Strategy and KPO Cyber Security Strategy;
• Fulfilment and creation of information security controls to keep the KPO Information systems and network fully compliant to the accepted regulative documentation to sustain their confidentiality, integrity and availability;
• Performing of the internal forensics and investigations on information security incidents and breaches. Support and maintenance of IT security systems/software according to Information Security Standards;
• Plan and implement the cyber security activities with purpose of delivery their confidentiality, integrity and availability. Identify and evaluate risks and controls, particularly of critical systems and applications. Support and maintain IT security policy compliance and implementation for KPO digital assets and computer network;
• Take an active role in driving cybersecurity projects forward, contributing to the enhancement of the Company Cyber Security Maturity. Ensure that cybersecurity processes and controls are meticulously aligned with the organization's IT Security framework.
• Be responsible for the measuring and tracking of in-place controls to support compliance in the protection of information assets;
• Detect and respond to security incidents: investigate, analyse root causes, and implement appropriate cyber security controls, identify risks. Participation in cybersecurity incidents resolution by providing technical expertise, root-cause analysis and collaborating with cross-functional teams.
• Facilitate the implementation of process changes to address emerging technology and information risk requirements or address weaknesses discovered through monitoring, testing, or audit procedures. Organise protection against the non-authorized access, copying and distribution of information, processed and stored in KPO IT systems;
• Establish new and review of existing controls to cover the entire KPO network.
• Provide technical expertise and facilitate the design, deployment, and maintenance of security solutions. Carry out the works on protection of KPO operational information resources against the non-authorized access, and ensure systems cybersecurity;
• Analyze and recommend new solutions for testing to enhance the Company’s cybersecurity compliance checks and controls. Research and evaluate emerging cyber security threats and ways to manage them.
• Carry out internal information security investigation in cases of contradicting to policies and procedures established in KPO;
• Propose, improve, revise the Company’s cybersecurity regulative documentation.
• Review cyber technical risks and assessment results and communicate key concerns and questions to the application/systems data owners;
• Assess risks associated with the KPO Infrastructure and cybersecurity practices, ensuring a comprehensive understanding of potential exposures. Address identified vulnerabilities by executing risk mitigation strategies.
• Perform work on implementation of special technical and software security measures, enabling organisational and technical measures of information systems security, to carry out testing and research with the purpose of finding and selecting the most practical solutions;
• In emergency situations, on the site facilitate in the Business Continuity and Disaster Recovery processes: recovery of business processes, ensuring Cyber Security systems resilience in the Fall-Back Site (FBS) at Czech Camp.
• Evaluate cyber security risks of the systems’ technology, and mitigation strategies. Carry out selection, studying and generalisation of normative and methodical materials on security tools and mechanisms;
• Detect, respond and investigate to Cyber Security threats. Enhancing and improving (EDR) Extended Detection and Response system policies to respond to modern cyber security threats.
• Initiate and conduct Information and Cyber Security Projects. Participate in the project’s preparation, planning and scheduling for technical security activities, as well as in development of the necessary technical documentation;
• Ensure the established Cyber Security controls are being properly conducted to support compliance in the protection of information assets. Communicate cybersecurity findings to the respective technical personnel to ensure IT systems are configured properly and according to the established baselines.
• Develop, revise procedures and perform experimental research on technical security and information protection;
• Ensure the IT processes, access levels and policies are both logically and technically distinguished to segregate duties and support the least access principle.
• Develop and regular update related Information and Cyber Security technical documentation. Analise the efficiency and security of the solutions that are employed to automate and orchestrate repetitive tasks and recommend process changes for improvement. Develop, operate and maintain cybersecurity solutions (systems, assets, software, controls and services) within KPO Network.
• Carry out a comparative analysis of research and test data, to define possible sources and channels of information leakage;
• Conduct thorough vulnerability management of KPO Network with respective tools: analyze scan results, prioritize vulnerabilities, and collaborate with the various Company’s Divisions to remediate vulnerabilities.
• Perform technical maintenance of information security systems, recommend and propose cyber security measures and efficiency improvements;
• Continuously maintain and fine tune cybersecurity tools of (EDR) Endpoint Detection Response, (XDR), Extended Detection and Response vulnerability and configuration management, patch and incident management systems.
• Perform control checks of systems operability and efficiency, prepare the acts of control checks, analyse the checks results.
• Provide evidences and any required data or information to an ongoing Audit and risk assessments, and implement audit recommendations;
• Study and summarise industry best practices of cyber security and defense, propose improvements to the existing processes. Stay updated on the latest threats, vulnerabilities, and security trends. Utilize threat intelligence sources to enhance security posture.

Necessary knowledge and skills:

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and The National Institute of Standards and Technology (NIST);
• Understanding of Information Technologies systems, knowledge of operating systems, telecommunications, databases, applications, etc.;
• Cybersecurity education and training standards, methodologies and frameworks. Cybersecurity related laws, regulations and legislations;
• Cybersecurity recommendations and best practices. Cybersecurity standards, methodologies and frameworks. Cybersecurity controls and solutions;
• System administration skills; programming languages; scripting languages; cyber security certifications are preferable;
• Advanced forensics, malware assessment, threat intelligence. Ethical hacker certification or training is a major advantage;
• Uses knowledge of IT environment to scope the extent and impact of any vulnerability, attack or breach. A mindset of continuous growth, curiosity, and asking WHY;
• Strong knowledge of cyber security operations concepts, cyber threat and vulnerability management processes and Cyber Security Operations Centers (CSOC);
• Extensive security operations, incident response, incident detection, malware detection, and threat response hands-on knowledge;
• A solid understanding of log and monitoring management systems, security event monitoring systems, threat intelligence, network-based and host-based intrusion detection systems, firewall technologies and Endpoint detection and response solutions;
• Deep understanding of IAM technologies, controls, and standard methodologies (Lightweight Directory Access Protocol (LDAP), directories, certificates, Multi Factor authentication (MFA), Adaptive authentication, Public Key Infrastructure (PKI));
• Demonstrated hands-on knowledge with managing and ensuring the timely response, triages and investigations of security events and incidents;
• Hands-on knowledge on cyber security tools;
• Strong leadership skills and the ability to work effectively with business managers and IT teams;
• Strong decision-making skills, problem solving and excellent analytical ability;
• Excellent prioritization skills to meet deadlines, manage workload effectively, use time wisely and avoid distractions, adapt to changes and re-evaluate priorities in time;
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism;
• Ability to prioritize and complete work to given quality standards by agreed-upon deadlines.