Security Threat Intelligence Engineer

August 28

Apply Now

Receive Emails with Similar Jobs

Hybrid Pathways

WebsiteLinkedInAll Job Openings

Identifying, Connecting and Protecting Digital Assets

Enterprise IT Consulting • Public Cloud Infrastructure • Enterprise Networks • Hybrid IT Architecture • IT Security

11 - 50

Description

• Collecting, processing, and analyzing information regarding security threats provides indication and warnings of impending attacks. • Producing and disseminating intelligence products, advisories or tailored reports. • Analyze and report on unique attack vectors, emerging cyber threats, and current trends used by malicious actors. • Daily threat intelligence monitoring through open and closed sources. • Continually improve how the threat intelligence team works, including creation of run books, procedures, automation or other efficiencies. • Maintain, develop and continually analyze threat data/intelligence sources, both technical and non-technical. • Identify, evaluate and communicate new and ongoing cyber security threats through regular and ad-hoc reporting; produce intelligence briefings, attribution reports, and position papers. • Produce concise tactical warning bulletins and other analytic reports that detail daily findings, events, and activities. • Conduct collection and support attribution and analysis from incident response and threat hunting functions case findings. • Collection and analysis of All-Source intelligence, research data from multiple intelligence providers in order to analyze findings and produce quality Intelligence Products. • Support threat hunts and purple teaming endeavors to identify threat actor groups and their techniques, tools, and processes utilizing threat intelligence. • Analysis of anomalous log data, and results of collaborative team sessions to detect, and eradicate threat actors on the network. • Analyze and support security incidents for further enrichment of detection and alerting capabilities. • Continuously improve processes for use across detection sets for more efficient operations. • Generate reporting of trending metrics. • Acquire threat intelligence and technical indicators from external sources; develop tactical intelligence and technical indicators internally and collaborate with the incident response often. • Evaluate data sources for consideration in the improvement and expansion of the threat intelligence program.

Requirements

• Solid understanding of common and advanced threats, penetration/intrusion techniques and attack vectors such as Malware analysis APT/Crimeware ecosystems Exploit kits Cyber Hunting Cyber Threat intelligence Software vulnerabilities & exploitation Data analysis • Knowledge of current hacking techniques, cyber threat actors, attribution concepts, security analysis techniques, recent cyber incidents and vulnerability disclosures. • Understanding of common threat analysis, and threat modeling techniques used in CTI such as diamond model, kill chain, F3EAD, MITRE ATT&CK framework, and the threat intelligence lifecycle. • Competency in using common intelligence datasets obtained from information sharing sources, malware collections, and other internet derived data. • Familiarity with the following tools: Threat Intelligence Platform (TIP) Threat intelligence feeds STIX, MISP and TAXII frameworks Open Source Intelligence feeds and tools (OSINT) Malware Analysis / Reversal Tools Security Incident and Event Monitoring (SIEM) Security Orchestration, Automation & Response (SOAR) Network sniffers and packet tracing tools. Threat Intelligence Platforms (TIP) Security Information& Event Management (SIEM) Intrusion Detection& Prevention (IDS/IPS) End Point Detect& Response (EDR) Email and Web filtering technologies link-analysis methods and software (e.g., Maltego, Analyst Notebook) • Familiarity with: Cloud platforms - AWS, Azure, GCP etc. Meraki dashboard and products • Ability to write custom query logic for major Security Incident and Event Monitoring (SIEM) tools. • Ability to write SQL to search data warehouse databases. • A minimum of 10 years of information security experience with at least 7 years of experience with all-source cyber intelligence and analysis; or the equivalent combination of higher education and/or real-world experience. • Have experience working on threat intelligence teams with specific experience in cyber threat intelligence, cybersecurity operations, security monitoring, malware analysis, threat hunting, and/or adversary emulation. • Strong analytical reasoning skills with the ability to recognize and evaluate facts, objectively analyze events, blend and organize threat data from multiple sources. • Experience conducting intelligence research using existing tools, analyze data, making connections for purposes of creating intelligence products. • Possess organizational multitasking and commitment to follow-up. • Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats. • Ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) to varying audiences. • Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together. • Experience in working with a geographically diverse team in multiple time zones around the globe. • Broad experience managing complex projects, particularly projects requiring support and partnership outside your immediate team. • Ability to create and/or re-architect new and existing solutions in a scalable manner. • Are able to work independently and identify areas of need in highly ambiguous and time-sensitive situations. • Demonstrated familiarity and expertise with data analytics tools like Splunk, ELK, Snowflake or other searchable big data solutions. • Excellent analytical skills. • Collaborative team worker – both in person and virtually using WebEx or similar. • Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint. • Ability to work as liaison between business and information security / information technology. • Flexibility to accommodate working across different time zones. • Ability to work PST (Pacific Time Zone). • Excellent interpersonal communication skills with strong spoken and written English. • Business outcomes mindset. • Solid balance of strategic thinking with detailed orientation. • Self-starter, ability to take initiative. • Project management and organizational skills with attention to detail.