Threat Intel

Introduction

Your Role and Responsibilities
This position serves as a Cyber Threat Analyst in support of a major IBM client. This organization provides services that analyse and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s personnel, information, and information systems; provides timely and relevant intelligence to assist with mitigating cyber threats confronting the Department; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis; support and develop the Cyber Insider Threat Program. Responsible for the delivery of written and oral briefings to stakeholders.

Role & Responsibilities:

- The Cyber Threat and Intelligence Analyst will support the customer’s overall cyber threat analysis efforts.
- Researches, analyses, and writes documents such as cybersecurity intelligence bulletins, alerts, and briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives.
- Ensures documentation is accurate, complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
- Ensures content is developed in an appropriate style for the intended audience including presentations, bulletins, white papers, memos, policies, briefings, and other products.
- Assists in coordinating projects from the planning stage, provides additional or missing materials, and edits for content format, flow, and integrity.
- Researches topics and collaborate with stakeholders to understand communication product requirements; analyse business problems and helps prescribe communication solutions.
- Perform Cyber Threat Assessment and Remediation Analysis
- Processing, organizing, and analysing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
- Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threat, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
- Investigate network and host detection and monitoring systems to advise engagement processes
- Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
- Responsible for threat hunting activity using SIEM, EDR and other hunting tools and technologies.
- Good understanding of Mitre Framework, NIST framework and Cyber Kill Chain Process.
- Overall responsible for SIEM and EDR platform.
- Mentor and support L1 and L2 team for technical expertise and skills.
- Responsible for L1 and L2 team members skill development and trainings.
- Drive Process and technology standardization.
- Participate in periodic customer meetings.
- Ready to work in 24x7 rotational shift model including night shift.
- Explore different technologies available in the security industry.
- Analyse and tune threat monitoring dashboards.
- Closely work with SOC team and be responsible for incident detection, triage, analysis and response.
- Performing TI based and hypothesis driven threat hunting oriented to SIEM logs.
- Support the incident response team during major security incident with advance investigation skills.

Required Technical and Professional Expertise
- 8-10+ years of experience in cyber threat intelligence, cyber technical analysis, threat hunting, and threat attribution assessment with increasing responsibilities.
- 5-7+ years’ experience in a technical capacity; preferably in a role related to any of the following disciplines: security operations, network monitoring or analysis, intrusion or anomaly detection
- Bachelor’s Degree or a minimum of 8 years of relevant experience
- One of the following certifications is required: CISSP or GIAC Certified Incident Handler
- Strong understanding of malware analysis, advanced persistent threats, infection vectors, and defence strategies.
- Experience with and knowledge of cyber threat and/or intelligence analysis.
- Expert written and oral communication skills, including experience with executive-level presentations.
- Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information, and event management, network packet analysis tools, and forensic analysis tools.
- Knowledge of and experience with web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise Antivirus solutions, Network Analysers, and domain name servers desired
- Demonstrated knowledge in one or more of the following areas: network security principles, host-based security principles, network and system administration, forensic analysis principles
- Advanced user of Splunk, Varon