Threat Intelligence Expert Wanted for High-Profile Position

Job Summary

This role is responsible for gathering and analyzing threat intelligence data to support the organization's security operations.

The successful candidate will have experience working in a Security Operations Center (SOC) or Managed Security Service Provider (MSSP) environment, with a strong understanding of threat intelligence platforms, SIEMs, and security analytics tools.

Key Responsibilities:

1. Threat Intelligence Gathering and Analysis

• Continuously monitor and collect data from various internal and external sources, including open-source intelligence (OSINT), commercial feeds, and dark web monitoring.

• Analyze threat actor tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to understand potential impact on client environments.

• Identify new and emerging threats, vulnerabilities, and exploits that could affect MSSP clients.

• Conduct deep-dive research into cyber threat activity groups, campaigns, and malware to provide actionable intelligence to SOC teams.

2. Threat Reporting and Dissemination

• Develop and distribute threat intelligence reports to SOC analysts and clients, including daily, weekly, and monthly intelligence updates.

• Create tailored threat briefs for specific industries or clients based on their environment and threat profile.

• Collaborate with SOC and incident response teams to ensure threat intelligence is utilized effectively in detection rules, playbooks, and incident response activities.

• Provide timely alerts and threat advisories to clients regarding active or emerging threats.

3. Integration with SOC Operations

• Work closely with SOC analysts to integrate threat intelligence into existing monitoring, detection, and response workflows.

• Enrich SIEM alerts and incident investigations with threat intelligence to improve context and accuracy of detections.

• Help develop and tune detection use cases and correlation rules based on threat intelligence and evolving adversary behaviors.

• Provide input into incident response playbooks and processes, ensuring they are aligned with the latest threat intelligence.

4. Threat Hunting Support

• Support the SOC team in proactive threat hunting activities by identifying indicators of compromise (IOCs) and providing guidance on where to focus investigations.

• Assist in identifying advanced persistent threats (APTs), malware infections, and other high-risk activities within client environments.

• Develop and share hunting hypotheses with SOC teams based on the latest intelligence and observed attack patterns.

5. Threat Intelligence Platform Management

• Manage and maintain the organization's Threat Intelligence Platform (TIP) and ensure it integrates with the SIEM and other security tools.

• Curate threat intelligence feeds and prioritize intelligence that is most relevant to MSSP clients and their industries.

• Perform regular updates and quality checks on IOCs, threat indicators, and intelligence data within the TIP.

• Ensure that threat intelligence data is actionable, timely, and relevant to improve operational SOC effectiveness.

6. Collaboration with External Threat Intelligence Communities

• Participate in threat intelligence sharing communities, Information Sharing and Analysis Centers (ISACs), and trusted industry networks.

• Share relevant intelligence and receive updates from industry peers, law enforcement, and government agencies.

• Stay current on the global threat landscape by attending conferences, webinars, and engaging in continuous learning opportunities.

7. Threat Intel Automation and Analytics

• Implement automation where possible to streamline the ingestion and analysis of threat intelligence data.

• Use data analytics to identify patterns in threat intelligence and produce predictive insights for clients.

• Collaborate with the security engineering team to automate the integration of IOCs and threat indicators into detection platforms.

8. Client Interaction and Customization

• Work directly with MSSP clients to understand their specific threat landscape, industry challenges, and business requirements.

• Provide threat intelligence briefings tailored to client-specific concerns, such as sectoral threats or geopolitical risks.

• Assist clients with identifying and mitigating threats specific to their environment through actionable intelligence.

• Contribute to periodic client meetings by delivering updates on emerging threats, industry trends, and recommendations for improving security posture.

9. Training and Knowledge Sharing

• Provide ongoing training and threat intelligence updates to SOC teams to enhance their awareness of the current threat landscape.

• Develop knowledge-sharing resources like threat intelligence dashboards, wikis, and threat actor profiles for use by internal teams and clients.

• Mentor junior SOC analysts in understanding and applying threat intelligence in day-to-day operations.

Qualifications

Education: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.

Experience: 4+ years of experience in cybersecurity with at least 2 years focusing on threat intelligence or incident response.

Skills: Strong familiarity with threat intelligence platforms, SIEMs, and security analytics tools.

Certifications: One or more of the following: GIAC Certified Threat Intelligence Analyst (GCTI), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or SANS Cyber Threat Intelligence (CTI) certification.

Keyword: ThreatIntelligenceExpert