Cyber Threat Analyst II

About The Position

Requirements

• Bachelors degree in Information Technology or related field and two (2) years of prior relevant experience or equivalent combination of education and directly related experience.
• Foundational knowledge of cyber security principles and system monitoring.
• Strong analytical thinking, curiosity, and problem‑solving skills.
• Clear communication and a collaborative approach to working with partners.
• A growth mindset and commitment to continual learning.
• Alignment with the APS Promise—designing for tomorrow, empowering others, and succeeding together.

Nice To Haves

• Demonstrated knowledge of enterprise networks, security architectures, and defensive strategies including security log configuration and monitoring; analysis of TCP/UDP traffic such as Netflow, DNS, and packet captures (PCAP); firewall, IDS, and proxy technologies; anti-malware prevention; analysis of current threats, vulnerabilities, and attack trends.
• Proficiency in Windows and Linux system administration, database technologies, network security, and digital forensic & incident response (DFIR) investigation techniques and tools.
• Experience deploying and configuring Security Information Event Management (SIEM) technology such as Splunk, Kibana, McAfee Nitro, IBM QRadar, LogRhythm, or comparable.
• Experience deploying and configuring Endpoint Detection and Response (EDR) technology such as Carbon Black, CrowdStrike, FireEye, CyberReason, or comparable.
• Familiarity with endpoint telemetry technology such as Sysmon, OSSec, and OSQuery
• Familiarity with cyber security operations within cloud environments such as Microsoft Azure or Amazon AWS
• Skill in cyber security research, planning and implementation of technology and techniques to protect Company networks and data; Familiarity with PowerShell and Python scripting languages to assist in automating routine tasks and enrichment of threat intelligence data.
• Basic knowledge of electrical industrial control systems (ICS) and related ICS/SCADA communication protocols is desired.
• Preferred Certifications: COMPTIA (Security+, CySA+); EC-COUNCIL (CND, CEH, ECSA); SANS/GIAC (GSEC, GCIH, GPPA, GISF, GISP); CISCO (CCNA CyberOps).

Responsibilities

• Executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems.
• Handles escalated alerts and/or successful compromises to support incident response investigations.
• Assists in remediating cyber security incidents as assigned.
• Identifies and corrects detected information system vulnerabilities.
• Participates in cyber security incident response trainings and exercises.
• Provides information to management regarding the negative impact on the business caused by data theft, destruction, alteration or denial of service to information and systems.
• Assists leaders in processing and disseminating information from threat intelligence sources.
• Supports system processes to help identify and select cyber security tools and platforms.
• Assists in documenting exception reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines.
• Develops and delivers trainings to support managed security service provider (MSSP) contractors.
• May help train and assist entry level employees