Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation events. The CND Analyst utilises open source, commercial and internally developed intrusion/anomaly detection tools and infrastructure. The Information Assurance and Cyber (IAC) Directorate contributes to the national security of New Zealand by providing technical advice and assistance to Government and organisations with significant national information infrastructures to enable them to protect their information from advanced technology-borne threats. To achieve this, the directorate provides high assurance services; information assurance policy and advice; and high-end cyber security services to detect and respond to such threats. GCSB mission and values Our mission Protecting and Enhancing New Zealand s Security and Wellbeing. Our values Respect, Commitment, Integrity, Courage. UNCLASSIFIED PAGE 1
Information Assurance & Cyber security Directorate vision and mission Our vision Protect New Zealand s vital information infrastructures Our mission To be a team of confident professionals, admired for our innovation and regarded both domestically and internationally as leaders in the Information Assurance and Cyber sectors. To have a comprehensive understanding of the advanced, technology-borne attempts to target our vital information infrastructures and steal our secrets and intellectual property. To be confident about our ability to monitor these threats and either reduce harm directly through timely provision of assurance and technical services or help others to mitigate risks through authoritative policy and expert advice built on our unique capabilities. Functional relationships External contacts: Internal contacts: NZ Government Agencies 2 nd Party Cryptologic agencies Other national and international CND specialists IT service providers IACD Staff GCSB IT security staff Other GCSB staff as necessary Objectives The position of CND Analyst encompasses the following major functions or objectives: Understanding the cyber threat environment Conduct CND activities Delivery of output UNCLASSIFIED PAGE 2
The requirements in the above Key Result Areas are broadly identified below: Jobholder is accountable for: Understanding the cyber threat environment Maintaining an understanding of the current and past methodology of threat actors, their tools, aims, intentions and methodology Maintaining an understanding of attack tool capabilities and infrastructure in order to be an effective CND specialist Conducting technology-based research projects, incorporating classified and open source material to ensure individual knowledge is class leading Conduct CND activities Contribute to the Discovery and analysis of new or emerging cyber threats Prepare, document, and maintain event reports and analytic findings Contribute to the detection, analysis and understanding of sophisticated electronic attack events If required, assist with the analysis of forensic evidence, in support of the Incident Response Team Develop, maintain, and improve technical understanding and analytic techniques. Provide briefings and accounts of these analytic techniques to NCSC colleagues, as appropriate Delivery of output Contribute to the provision of technical answers to questions regarding the compromise of New Zealand victim networks. Contribute to mitigation design, and advice Enhance GCSB s relationships and reputation with customers and partners Jobholder is successful when: GCSB remains aware of cyber threat actors intentions and capabilities NCSC (National Cyber Security Centre) remains the point of contact as the area of Cyber expertise and knowledge within New Zealand Threats to New Zealand information infrastructures of significance, are identified and understood Network traffic analysis is performed in accordance with agreed procedures Technical analysis on detected threats identifies the capability and intention of adversary Detection capabilities are enhanced NCSC provides timely and accurate technical advice and expertise The content of the NCSC s technical reporting and advice is unambiguous, and the implications of why it has been provided are clear The result of technical analysis is documented UNCLASSIFIED PAGE 3
through professional representation and engagement Represent GCSB as a knowledgeable point of contact for information regarding specific high-threat intrusion set(s) Provide technical assistance to other NCSC, partner or customer entities NCSC reporting complies with all guidelines and policies Precise performance measures for this position will be developed in discussion between the jobholder and manager as part of the performance development and review process. It is also expected that you will undertake other duties that can be reasonably be regarded as relevant to the position, your experience and capability. Person specification This section is designed to capture the expertise required for the role at the 100% fully effective level. (This does not necessarily reflect what expertise the current jobholder has.) This may be a combination of knowledge, experience, key skills, attributes, job specific competencies, qualifications or equivalent level of learning. Qualifications Essential: Tertiary degree, or equivalent experience, in Computer Science, Computer Forensics, Software Engineering, or Computer Security. Desirable Professional computing/networking qualification, e.g. in computer networking, or systems administration. Professional Information Security certifications. Knowledge/experience Essential: Interest in, and enthusiasm for, computer security. Excellent knowledge of network protocols or host internals. Desirable: Experience in IT security or network defence. Experience with operating systems, both UNIX / Linux and Windows. Experience with network defence and attack tools. Software engineering and programming. Knowledge of vulnerability assessment methodologies, tools and techniques. UNCLASSIFIED PAGE 4
Personal attributes Demonstrates a practical and robust troubleshooting philosophy A commitment to the documentation of process and actions Results oriented with a demonstrable commitment to perform Thinks critically and logically Excellent communication and interpersonal skills The ability to be self-motivated, flexible and a team player An ability and desire to learn new and sometimes complex skills Demonstrate sound judgment, tact and integrity in dealing with sensitive issues Excellent organisational skills and the ability to prioritise and work to deadlines Displays initiative and self-confidence The resilience to operate under pressure and correctly identify and asses risk, and make justifiable operational decisions Specialist competencies The following would typically be expected for the 100% fully effective level: Network and Endpoint Intrusion Detection, Methods and Signature Development Network Protocol Analysis Malware Analysis and Reverse Engineering Adversary Intentions and Methodology Programming Core competencies Core competencies are based on and consistent with our values. They describe qualities that are common requirements for all GCSB staff at differing levels in the organisation, irrespective of their specialist skills or the particular requirements of their job. They are complemented by specialist competencies, which (where applicable) are set out in individual performance agreements. Security Teamwork and Leadership Results Focus Communication and Knowledge Sharing Professionalism Innovation Customer Focus UNCLASSIFIED PAGE 5
Change to position description Positions in GCSB may change over time as the organization develops. Therefore, we are committed to maintaining a flexible organization structure, which best enables us to meet changing market and customer needs. Responsibilities for this position may change over time as the job evolves. Such change may be initiated as necessary by the manager of this position. This Position Description may be reviewed as part of the preparation for performance planning for the annual performance cycle. Health & Safety GCSB is committed to providing a healthy and safe work environment and safe management practices for all employees. Employees are expected to share this commitment as outlined in the current Health and Safety legislation by taking all practicable steps to ensure:- a. The employee s safety while at work, and b. That no action or inaction of the employee while at work causes harm to any other person. Knowledge Management Employees are responsible for ensuring that all business records created are accessible and stored in the correct manner according to GCSB record keeping policy, standards and procedures Employee: Date: Manager: Date: UNCLASSIFIED PAGE 6