Threat Analyst

As a Threat Analyst you will play a pivotal role in safeguarding our organization against cyber threats. Collaborating with enterprise systems, log analysis platforms, and endpoint collection systems, you will lead investigations, identify potential threats, and execute strategies to neutralize them effectively.

This position will require the candidate to be aligned in US time zones therefore excellent communication is a key requirement.

Key Deliverables:

• Handle escalations from Level L1/L2 Threat Analysts, providing guidance and advice on investigation procedures.
• Onboard and train new Threat Analysts to ensure proficiency and alignment with organizational objectives.
• Participate actively in Security Operations process improvement initiatives, contributing to the enhancement and creation of robust security protocols.
• Provide timely detection and response to security events and cyber threats, employing advanced techniques and tools.
• Conduct thorough security log management and monitoring to identify anomalies and potential security breaches.
• Maintain information security metrics to measure and track performance and effectiveness.
• Offer assistance to core security and threat response teams, collaborating closely to mitigate risks effectively.
• Generate service-related reports to communicate insights, trends, and recommendations to stakeholders.
• Create and manage cases for clients, ensuring prompt resolution and effective communication throughout the process.
• Interact with clients via various mediums to provide updates, gather information, and address concerns.
• Actively research recent indicators of compromise, attacks, exploits, and vulnerabilities to stay ahead of emerging threats.
• Obtain metrics for reporting on threat trends, intelligence analysis, and situational awareness, contributing to informed decision-making.

Qualifications and Experience:

• Bachelor's degree in information technology, Computer Science, or a related field; or relevant commensurate work experience.
• Willingness to work outside of standard business hours, including weekends and holidays, as our Managed Detection and Response service operates 24x7x365.
• Ability to thrive within a team environment and work independently when necessary.
• Minimum of 5 years of experience working in a SOC environment or computer security team in an IT environment.
• Strong expertise in endpoint and network security, including IDS, IPS, EDR, ATP, and malware defence and monitoring.
• Preferred experience in threat hunting and familiarity with common adversary tactics and techniques.
• Knowledge of the Mitre ATTACK framework is desirable.
• Proficiency in incident response procedures and fundamental understanding of network traffic analysis, including TCP/IP, routing, switching, and protocols.
• Familiarity with Windows and Linux operating systems, with a strong understanding of Windows event log analysis.
• Experience with enterprise information security data management; SIEM experience is a plus.
• Proficiency in programming and scripting languages, with expertise in Python and PowerShell considered advantageous.
• Join our team and play a critical role in defending our organization against evolving cyber threats while contributing to a culture of excellence and innovation.

Strategic Responsibilities

Threat Intelligence Gathering:

Collect and analyse cyber threat intelligence from various sources.

Sources include internal logs, security tools, OSINT, dark web forums, and threat intelligence feeds.

 Threat Analysis and Assessment:

Evaluate the credibility, relevance, and potential impact of identified threats.

Assess threats to systems, networks, and data.

 Incident Response Support:

Provide support to incident response teams.

Analyze threat indicators, identify attack vectors, and recommend response actions.

 Vulnerability Management:

Identify and prioritize vulnerabilities.

Collaborate with stakeholders to remediate vulnerabilities based on threat intelligence.

 Threat Actor Profiling:

Research and profile threat actors, including cybercriminal groups and nation-state actors.

Understand their tactics, techniques, and procedures (TTPs).

Security Tool Optimization:

Optimize security tools and technologies for threat detection, analysis, and response.

Collaborate with security operations teams.

 Threat Reporting and Communication:

• Prepare and disseminate threat intelligence reports, alerts, and advisories.
• Communicate technical information clearly to stakeholders.

Threat Hunting:

• Proactively search for signs of malicious activity within the organization's environment.
• Conduct threat hunting exercises and data analysis.

Security Awareness and Training:

• Assist in developing security awareness programs and training materials.
• Educate employees about emerging cyber threats and best practices.

Continuous Improvement:

• Stay updated on cybersecurity trends, threat actors, and attack techniques.