Threat Intelligence Analyst

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €29.8 Billion international wholesaler with operations in 31 countries through 661 stores & a team of 93,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow's standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.

Website:

Company Size:

Headquarters: Pune, Maharashtra, India

Type: Privately Held

Inception:  2011

Responsibilities:

• Conduct in-depth analysis and research to attribute cyber threats and attacks, including identifying threat actors, their motivations, tactics, techniques, and procedures (TTPs), and providing insights on their potential impact on the organization. Collaborate with internal and external stakeholders, to gather and share relevant threat intelligence for attribution purposes.
• Ability to classify, categorize, and analyze malware and threats.
• Monitor and assess the global threat landscape, including threat actors, malware, hacking techniques, and geopolitical events that may impact the organization.
• Collaborate with internal teams to provide timely and actionable intelligence to support incident response, vulnerability management, and other cybersecurity initiatives.
• Develop and maintain threat profiles, indicators of compromise (IOCs), and tactical reports to enhance detection and response capabilities.
• Perform root cause analysis and provide recommendations for proactive measures to help prevent future cyber attacks.
• Continuously update and refine existing threat intelligence processes and methodologies to ensure the organization remains at the forefront of cyber defense.
• Stay informed about the latest trends, tools, and techniques in the field of threat intelligence and incorporate best practices into daily operations.
• Present findings and insights to technical and non-technical stakeholders, including executives, to enhance overall cyber risk awareness.
• Adapts quickly to changing priorities, seeks new ideas, and re-align with team's priority/roadmap to maximize business productivity.

Technical & Soft Skills:

• Good understanding of cyber threats, attack vectors, and common exploitation techniques.
• Proficiency in using threat intelligence platforms, open-source tools, and SOC technologies such as Google Chronicle SIEM, CrowdStrike EDR/EPP, Vectra NDR, Qualys VM, Recorded Future TI, etc.
• Good understanding of security frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain) and current threat landscapes.
• Proficiency with scripting (Python, PowerShell, etc.) and automating threat detection or hunting tasks.
• Ability to proactively find cybersecurity threats and mitigate them.
• Ability to obtain as much information on threat behaviour, goals and methods as possible.
• Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors.
• Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry.
• Strong understanding of Windows, Linux, and network protocols.
• Good knowledge of industry frameworks and standards, such as STIX/TAXII, MITRE ATT&CK, and threat intelligence sharing platforms.
• Excellent written and verbal communication skills, including the ability to present complex technical information to both technical and non-technical audiences.
• Strong analytical and critical thinking skills, with the ability to analyze complex data sets and identify actionable insights.

Qualifications:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or in a related field. A master's degree or Relevant Cyber Security certifications (e.g. CTIA, CREST PTIA, MITRE's MAD, CySA+) are a plus.
• 2-4 years of total experience in SOC in a large multi-national organization or in a known MSSP. In addition to SOC Engineering experience, candidate should possess at least 1+ year of experience on Threat Intelligence capabilities.