Threat Intelligence Analyst Onsite
What we are looking for:
We are looking for an experienced, creative, self-driven, technical and information analyst that can operate independently and meet critical deadlines. The candidate must have knowledge of different threat intelligence types, such as strategic, operation, technical, and tactical threat intelligence. The analyst must be able to gather and analyze data from various sources on the potential threats that could negatively impact the organization, including identifying cyber threats, determine risk levels, and produce ad-hoc threat intelligence briefings for different types of audiences.
The ideal candidate will seek to improve analysis efforts and strengthen the organization's capabilities to advance the internal Cyber Threat Intelligence activities. Problem-solving skills and expedience are essential, because once a threat is identified, the candidate will work closely with other security teams to identify appropriate solutions.
The Threat Intelligence Analyst (TIA) will be responsible for collecting, organizing, processing, and analyzing various sources of Threat Intelligence to evaluate the risk associated to the business and reporting actionable intelligence details to the organization and its interests. The TIA will be responsible for coordinating warning, response, and remediation recommendation efforts with various internal teams. Cyber threat intelligence activities include performing technical research and intelligence analysis, gathering data from search engines, website footprinting, OSINT tools, manual searching, and more. The TIA will conduct threat hunts and vulnerability assessments against gathered intelligence and determine and deviations from existing baselines.
Must understand the needs of the different stakeholders within an organization as they relate to cybersecurity, and the ability to produce reports and products that satisfy those needs.
- Bachelor's or master's degree in computer science, computer engineering, digital forensics, cyber security, information assurance or security studies
- 4+ years of information security experience; preferably in a role related to any of the following disciplines: security operations, network monitoring or analysis, intrusion or anomaly detection analysis, threat hunting, threat attribution assessment
- 1+ years hands-on support in incident response and/or investigations
- Experience and/or understanding of cyber threat intelligence fundamentals
- Excellent verbal presentation and writing skills, including the demonstrated ability to write clear and concise text
- Excellent analytical abilities and a strong ability to think creatively when approaching issues
- Experience conducting threat modeling and with the intelligence cycle
- Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, Active Directory etc.), system administration concepts
- Network Traffic Analysis, malware analysis, raw packet captures, database technologies, web applications technologies, firewall technologies, etc.
- Possesses (or is currently pursuing) one industry certification from one of the following organizations: Offensive-Security, SANS
- Excellent time management and organizational skills, as well as attention to detail
- Ability to perform under rigid time frames for multiple clients simultaneously
- Ability to document technical analysis and articulate outcomes to non-technical audiences
- Deep technical knowledge on advanced information security concepts
- Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information and event management, network packet analysis tools and forensic analysis tools.
- Knowledge of and experience with web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise antivirus solutions, network analyzers, and domain name servers desired
- Demonstrated knowledge in one or more of the following areas: network security principles, host-based security principles, network and system administration, forensic analysis principles
- Forward thinking, e.g. "What would I do next if I were the attacker"
- Strong presentation skills, as you will probably be expected to brief others on your findings and recommendations.
Solid teamwork skills