Cyber Security Intelligence Center Analyst (SMP)

Job Purpose

Identify, analyze, monitor, mitigate and manage cybersecurity operation, threats, threat intelligence and
vulnerabilities to IT & OT systems and networks. Use defensive measures and multi-source information to report
events and respond to incidents.

Position Accountability Description

Cybersecurity Operation and Incident Response

1. Analyze risk assessments to identify cybersecurity threats and vulnerabilities, evaluating the cybersecurity posture of systems, networks, and data.
2. Respond to cybersecurity incidents and breaches, including investigation and remediation efforts, and coordinate with stakeholders to recover from cybersecurity breaches.
3. Develop and implement incident response plans and procedures to guide the organization's response to cybersecurity incidents.
4. Define, implement incident response framework, policies, formal guidelines, requirements, and escalation path for Cybersecurity operation.
5. Define and conduct threat assessment methodologies for penetration testing and red teaming, vulnerability assessment, social engineering, sourcing code analysis, threat hunting, etc.
6. Perform vulnerability assessment to identify, quantify, and prioritize cybersecurity vulnerabilities across the organization's networks, systems, and applications.
7. Monitor Dammam Airport systems compliance with cybersecurity, resilience, and dependability requirements
8. Prepare updates and reports to Cybersecurity Intelligence Centre Manager.
9. Comply with all Dammam Airport policies and procedures including safety and reporting hazards.
10. Use cybersecurity tools to protect information, systems and networks from cyber threats.
11. Conduct authorized attempts to penetrate computer systems or networks and physical premises, using realistic threat techniques, to evaluate their cybersecurity and detect potential vulnerabilities.

Cybersecurity Monitoring and Threat Intelligence

12. Develop and maintain regular cybersecurity monitoring activities to detect and respond to potential cybersecurity incidents in real-time.
13. Track threat intelligence sources to gather information on emerging cyber threats, trends, and vulnerabilities, translating this intelligence into actionable insights.
14. Analyze cybersecurity alerts and incidents escalated by monitoring tools, investigate potential breaches, and take remedial actions.
15. Deploy and maintain cybersecurity tools and technologies to enhance threat detection and strengthen the organization's cybersecurity posture.
16. Utilize the triage process based on incident impact, risk, asset category and other parameters.
17. Collect, analyse, and disseminate of cyber threat intelligence relevant to Dammam Airport and Dammam Airport Cybersecurity environment and ecosystem.
18. Monitor cybersecurity events from multiple sources such as SIEM and analyse the results and escalate, when necessary, to the appropriate group for remediation and Monitor cybersecurity blogs, articles, reports, as well as other cybersecurity intelligence sources to keep up to date on the latest cybersecurity threats and trends.
19. Collect and analyze digital evidence, investigates cybersecurity incidents to derive useful information to
mitigate system and network vulnerabilities.
20. Collect and analyze multi-source information about cybersecurity threats to develop deep understanding and awareness of cyber threats and actors' Tactics, Techniques and Procedures (TTPs), to derive and report indicators that help organizations detect and predict cyber incidents and protect systems and networks from cyber threats.
21. Proactively search for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs) and recommends mitigation plans.

Analysis and Reporting

22. Create in-depth analyses of cybersecurity incidents, assessing the scope and impact of breaches, and providing recommendations for improving cybersecurity controls.
23. Provide regular reports and updates on cybersecurity incidents, threat landscape, and intelligence findings to senior management and stakeholders.
24. Compile and analyze business continuity performance metrics, incident data, and feedback to generate comprehensive reports for continuous improvement and resilience enhancement.

Security Awareness and Policy Development

25. Provide cybersecurity education programs for employees to enhance their understanding of potential risks and their role in maintaining cybersecurity.
26. Assist in the development and maintenance of cybersecurity policies, standards, and procedures to ensure compliance and alignment with best practices.

Testing and Continuous Improvement

27. Implement and collaborate on tabletop exercises and simulations to assess and validate incident response capabilities, enhancing response strategies based on insights gained.
28. Implement penetration testing and vulnerability assessments to identify weaknesses and recommend remediation actions.
29. Implement regular testing and exercises, such as tabletop simulations and drills, to validate and improve the effectiveness of cybersecurity response procedures.

External Collaboration

30. Track with external stakeholders, such as law enforcement and industry partners, to share threat intelligence and collaborate on cybersecurity initiatives.
31. Foster relationships with cybersecurity industry groups and research communities to stay abreast of emerging threats and contribute to collective cybersecurity efforts.

Team Collaboration and Learning

32. Collaborate with team members to share knowledge, provide support, and actively participate in activities, fostering a positive and productive work environment.
33. Pursue continuous learning by seeking feedback, attending training sessions, and staying updated on industry trends to enhance personal skills and contribute effectively.

·         Technical Skills

·         Networking and System Administration

·         Threat Intelligence

·         Incident Response

Computer Science, Information Security, Cybersecurity, or a related field