Cybersecurity Monitoring Analyst

Role Purpose

To provide 'eyes on glass' real-time 24x7 monitoring of cybersecurity events, detect potential threats, perform initial triage, and escalate incidents. The Cybersecurity Monitoring Analyst supports the organization’s defense by analyzing logs and network traffic, developing use cases and conducting threat hunting scenarios, and reporting on vulnerabilities, ensuring compliance with KPIs, budgets, and organizational policies within the set KPIs, agreed budgets and adopted policies and procedures.

Knowledge and Experience

Experience

• Minimum or no prior experience is required.

Minimum Experience if available in:

• Experience applying industry best practices in service delivery and using metrics to measure service performance.
• Experience analyzing security event logs, intrusion alerts, and network traffic anomalies to detect threats.
• Experience in insider threat investigations and providing analysis for incident response.
• Experience with security monitoring, detecting, and responding to cybersecurity threats in real-time.
• Experience handling evidence for audits and working within compliance frameworks related to cybersecurity.

Knowledge

• Knowledge of popular security tools such as full packet capture, SIEM systems, DLP, Email Gateway and intrusion detection & prevention systems (IDS/IPS).
• Familiarity with cyberattack stages, the cyber kill-chain model, and various classes of attacks (e.g., passive, active, insider, close-in, distribution).
• Knowledge of cyber risk, threat vectors, vulnerabilities, and security countermeasures.
• Understanding security event logs, intrusion alerts, and network traffic anomalies for detecting threats.
• Knowledge of insider threat investigations, reporting processes, and investigative tools.
• Understanding security countermeasure design and conducting reviews to identify risks.
• Familiarity with evasion strategies, threat actor tactics, and threat anticipation methods.
• Knowledge of cybersecurity audit, compliance and regulatory requirements, including handling and providing evidence to audit teams.
• Understanding of threat hunting scenarios and developing cybersecurity monitoring use cases for improved detection.

Education and Certifications

• Bachelor’s degree in computer science, Engineering, Information Systems (or other relevant technical disciplines).
• Preferred Certifications (minimum one):
  
  • Certified Ethical Hacker (CEH)
  • Security+
  • CySA+
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Detection Analyst (GCDA)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Continuous Monitoring Certification (GMON)
  • eLearnSecurity Certified Threat Hunting Professional (eCTHP)
  • Any SIEM or Monitoring-Specific Certifications

Key Accountability Areas

Key Activities

SOC Monitoring and Analysis

• Monitor cybersecurity alerts across IT and OT systems, ensuring continuous 24x7 coverage to detect and escalate potential security incidents.
• Analyze and correlate logs from SIEM systems and various security tools to identify and assess suspicious activity.
• Track and document suspicious network activity in accordance with organizational procedures, escalating issues when incidents exceed predefined thresholds.
• Analyze network traffic for potential threats using packet analysis tools and investigate network anomalies to identify malicious activity.
• Perform preliminary triage on alerts to determine if they require further investigation or escalation and ensure thorough documentation.
• Integrate security systems and controls with business assets, including SIEM integration, to enhance real-time monitoring and detection capabilities.
• Report and escalate detected cybersecurity incidents, including initial incident reporting, to appropriate teams for further investigation and resolution.
• Conduct security controls reviews and recommend enhancements based on industry best practices to strengthen the organization's security framework.
• Proactively suggest improvements to security monitoring processes, leveraging trends and patterns observed during threat detection.
• Develop cybersecurity monitoring use cases to improve detection capabilities and conduct threat hunting scenarios to identify undetected malicious activities that evade traditional defenses.
• Maintain situational awareness and manage multiple security monitoring tasks simultaneously to ensure effective response to ongoing threats.
• Contribute to the identification of opportunities for continuous improvement of systems, processes considering leading practices, changes in business environment, cost reduction and productivity improvement.
• Handle and provide evidence for cybersecurity defense-specific audits and regulatory requirements, ensuring accurate and timely response to audit requests.
• Support and coverage of Cybersecurity defense functions (VM, TI, IR, TH and Assurance) as per business need.
• Support cybersecurity defense audit, compliance, risk and regulatory requirements.

Policies, Processes and Procedures

• Conduct day-to-day activities while ensuring compliance to policies and procedures.
• Assist in developing security dashboards and reports to highlight system vulnerabilities, threats, and overall cybersecurity posture.
• Develop and deliver Management, Operational, and Investigative reports, providing detailed insights into security events, trends, and system vulnerabilities for decision-makers.
• Provide regular dashboards and KPI statistics to track cybersecurity monitoring performance and overall security posture.
• Collaborate with other teams to ensure consistent application of security controls and alignment with organizational objectives.

Company Industry

• Airlines
• Aviation

Department / Functional Area

• IT Software

Keywords

• Cybersecurity Monitoring Analyst