Identifies, analyzes, monitors, mitigates and manages threats and vulnerabilities to IT systems and networks.
Uses defensive measures and multi-source information to report events and respond to incidents.
Uses data collected from cyber defense tools to analyze events that occur within their organization to detect and mitigate cyber threats.
Performs vulnerability assessments of systems and networks. Identifies where they deviate from acceptable configurations or applicable policies. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Conducts authorized attempts to penetrate computer systems or networks and physical premises, using realistic threat techniques, to evaluate their security and detect potential vulnerabilities.
Investigates, analyzes and responds to cybersecurity incidents.
Collects and analyzes digital evidence, investigates cybersecurity incidents to derive useful information to mitigate system and network vulnerabilities.
Identifies, collects, examines and preserves evidence using controlled and documented analytical and investigative techniques.
Analyzes (by disassembling and/or decompiling) malicious software, understands how it works, its impact and intent and recommends mitigation techniques and incident response actions.
Collects and analyzes multi-source information about cybersecurity threats to develop deep understanding and awareness of cyber threats and actors’ Tactics, Techniques and
Procedures (TTPs), to derive and report indicators that help organizations detect and predict cyber incidents and protect systems and networks from cyber threats.
Proactively searches for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs) and recommends mitigation plans.