Cyber Threat Analyst I

About The Position

Requirements

• Foundational knowledge of cyber security principles and system monitoring.
• Strong analytical thinking, curiosity, and problem‑solving skills.
• Clear communication and a collaborative approach to working with partners.
• A growth mindset and commitment to continual learning.
• Alignment with the APS Promise—designing for tomorrow, empowering others, and succeeding together.
• Bachelors degree in Information Technology or related field and one (1) year of prior relevant experience or equivalent combination of education and directly related experience.

Nice To Haves

• General knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Working knowledge of Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Familiarity with Endpoint Detection and Response (EDR) technology such as Carbon Black, CrowdStrike, FireEye, CyberReason, or comparable.
• Familiarity with Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, LogRhythm, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery is desired.
• Familiarity with cloud environments such as Microsoft Azure or Amazon AWS.
• Familiarity with PowerShell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.
• COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA CyberOps).

Responsibilities

• Monitor security activity, follow established procedures, and respond to potential cyber threats.
• Escalate alerts to senior analysts to support coordinated incident response.
• Maintain run‑books, documentation, and procedures to keep information accurate and current.
• Review system logs and threat intelligence to identify indicators of compromise.
• Report vulnerabilities and contribute suggestions for improving protections.
• Participate in training, exercises, and lab research to strengthen tools and processes.
• Support data collection for reporting, metrics, and compliance activities.
• Executes procedures for security monitoring, protections, and countermeasures to detect and respond to internal or external cyber attacks
• Escalates alerts and/or successful compromises to more senior threat analysts to support incident response.
• Maintains incident response run-books, department wiki pages, and procedures to evergreen state.
• Reviews Security Event and Information Management (SIEM) logs for indicators of compromise received from threat intelligence sources.
• Reports detected system vulnerabilities and may recommend improvements.
• Participates in cyber security incident response trainings and exercises.
• Performs lab research to improve and expand upon existing or emerging tools.
• Assists in performing duties to support successful metrics reporting and compliance audits