Threat Intelligence Analyst, Senior

Overview

On Site
$0 - $0
Full Time

Skills

SIEM
EDR
routing
switching
firewalls
proxies
MSSP
Diamond Model
Analysis of Competing Hypotheses

Job Details

The Threat Intelligence Analyst is a key member of the Threat Operations Team and will be responsible for supporting alarm research and development in our proprietary security platform as well as performing research on emerging threats and providing communication to our customers. This person will act as a technical expert in our detections as well as a collaborative point of escalation for our Threat Operations team.  Your ability to analyze logs, actively pursue the most cutting-edge industry news and events, think like an attacker, and correlate information across wide data sets will be critical in this position. This role is required to be onsite at our Downers Grove, IL location, hybrid can be considered after first 90 days.

 

Qualifications

  • 5+ years of experience as a member of a threat intelligence or detection engineering team
  • Ability to craft, maintain, and document detection opportunities within our proprietary security platform
  • Perform necessary correlation and research on SIEM traffic to create useful, compelling, and context-rich alerts for our customers
  • Pursue research into current threats and industry trends to be aware of the most up-to-date threats affecting the environments under our vigilance
  • Customer-first mindset with strong written, verbal, and interpersonal communication skills along with the ability to work in a highly collaborative environment as this is a customer facing role
  • Strong ability to translate technical concepts and information into a form easily consumed by non-technical stakeholders
  • Strong ability to self-direct and work independently, learn new things, think creatively and demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adapt to new requirements
  • Strong adherence to defined workflow and processes using an automated first mindset
  • Ability to correlate activity across multiple ingest sources and large data sets
  • Must have familiarity with various network and endpoint products and their logs
  • Must have an understanding of complex Enterprise networks (EDR, routing, switching, firewalls, proxies, etc.)  previous MSSP experience is preferred
  • Demonstrated knowledge of common/emerging attack techniques
  • Strong understanding of the Diamond Model, Analysis of Competing Hypotheses, MITRE ATT&CK, the Cyber Kill Chain, and/or knowledge of cyber threat intelligence terminology, key concepts, and analysis and how to operationalize these for performing job duties
  • Proficiency in a SIEM query language
  • The candidate must meet and uphold CJIS requirements
  • The ability to communicate clearly with verbal and written skills
  • Staying current on IT security trends, vulnerabilities, and news and recommending security enhancements
  • The candidate must have a car, as this position requires travel between location and the transportation of equipment
  • A valid driver’s license and proof of vehicle insurance will be required
  • Legally authorized to work in the US without sponsorship
  • Must demonstrate a “can-do” attitude

 

We focus on candidates that display our “ACE” factor – Attitude, Compassion, and Enthusiasm to deliver quality solutions with exceptional customer service.

 

What you get:

We offer an energetic work environment with many corporate culture amenities, competitive salary, and rich benefit plan including: Medical, Dental, Vision, 401K, 529, Life Insurance, Income Protection Short and Long-Term Disability, Medical and Child/Elder Care, Flexible Spending Account Plans, Employee Assistance Program, Two weeks vacation, additional paid time-off for Personal and Sick, certification and hands-on training, and discounts for local event entertainment and health clubs.