Threat analyst

Roles & Responsibilities:

• Prior experience administrating IT systems or networks (~3 years), preferably with experience in both public cloud environments and physical data center locations.
• Solid understanding of SQL-like query languages and proficiency in data manipulation and analysis techniques to extract actionable insights from large and complex cybersecurity datasets.
• Ability to maintain a collected demeanor under high-pressure security incident response scenarios.
• Knowledge of the MITRE ATT&CK framework and its application to threat-hunting campaign scenarios, especially in hybrid cloud environments (preferred).
• Hands-on experience professionally administrating and securing both Windows and Unix/Linux operating systems, and an understanding of the common threats each is susceptible to.
• Thorough understanding of the OSI model and a wide range of common network protocols, enabling effective analysis, detection, and mitigation of security threats at various layers of the network stack.
• Experience, or exceptional aptitude, working with Security Information and Event Management (SIEM) platforms, including building and optimizing custom detection rules.
• Ability to monitor various security tools, logs, and threat intelligence feeds to detect potential cyber threats, including malware, phishing attempts, and unauthorized access attempts.
• Excellent communication skills with the ability to translate complex technical concepts and findings into clear and concise insights for non-technical stakeholders, fostering collaboration and informed decision-making across cross-functional teams.
• Solid understanding of scripting languages such as Python (preferred), Bash scripting, or PowerShell; prior experience using scripting to automate tasks.
• Familiarity with modern defense-in-depth security tools and technologies such as Intrusion Detection and Prevention (IDS/IPS), Endpoint Detection and Response (EDR) solutions, Cloud Native Application Protection Platform (CNAPP), and Web Application Firewalls (WAF).
• Enthusiasm for security automation and creative technical ability to identify time-saving or novel automation workflows.
• Proven understanding of cloud infrastructure concepts, paradigms, and associated security threats.
• Proven understanding of common web-based attacks at runtime (e.g., those listed in the OWASP Top 10), and how to respond/mitigate them operationally. Must have strong cloud security and log investigation skills.
• Proven understanding of identifying and mitigating email-based threats, including phishing, malware, and spoofing. Hands-on experience with administering and configuring email security tools and protocols to safeguard against these threats is a bonus.
• Analyze security events and incidents to identify threats, attack vectors, and potential impact. Utilize threat intelligence to improve detection and prevention strategies.
• Investigate and respond to phishing attempts and email-based threats, with a foundational understanding of phishing techniques and indicators. Implement and manage email security solutions.
• Manage and track security incidents through to resolution. Participate in live incident handling, including containment, remediation, and recovery efforts.
• Use SIEM tools to monitor security events across both on-premises and cloud environments. Apply cloud security principles to identify and address threats specific to cloud-based infrastructure and applications.
• Demonstrate knowledge of SOC principles, SIEM technologies, and attack handling. Experience with cloud security concepts is essential.