The Challenge
An experiencedCyber Threat Intelligence Analystis needed to support the mission of our Cyber Threat Intelligence team by providing innovative, high-quality cyber threat intelligence, leveraging cutting-edge technologies and analytical techniques to identify and mitigate emerging threats and support effective risk management across at OneTrust. This will be achieved by analyzing and tracking adversaries, creating and sharing intelligence both internal and external to CISO, and creating and updating cyber threat profiles for leadership.
Your Mission
Identify and assess the capabilities and activities of cyber criminals or foreign intelligence entities.
Communicate with various teams across the organization.
Gather and refine intelligence requirements.
Identify and develop threat signatures from all available sources, both internal and external.
Maintain and improve a Collection Management Framework for both internal and external data sources.
Maintain threat indicators within a threat intelligence platform.
Implement and support standard procedures for incident response.
Interface with Information Security and Incident Response Teams.
Provide insights to other team members on nuances of cloud computing services, such as storage, databases, analytics, and IAM, as well as networking technologies, architectures, and network traffic analysis to support other analysts who do not have cloud or networking experience.
Develop models for identifying incident-type activity, of malware or bad actors, using statistical analysis and industry recognized constructs such as the Diamond Model, the MITRE ATT&CK framework, and the Cyber Kill Chain.
Develop dashboards to assist in automation and awareness for incident response using a threat intelligence platform and Splunk.
Review incident logs or artifacts and search for patterns.
Build and refine a threat hunting program.
Explore patterns in network and system activity through log correlation using Splunk and other tools.
Investigate evidence of threats against Windows, Linux, MacOS, Database, Applications, web servers, firewalls or other relevant technologies.
Review IOC’s to assess impact to organization.
Share IOC’s with internal and external teams for validation and collaboration.
You Are
Must have strong working knowledge of:
Cyber Threat Intelligence Analysis and Reporting.
Cyber Defense Techniques.
Adversary Tactics, Techniques, and Procedures (TTPs).
Boolean Logic.
TCP/IP Fundamentals.
Network Level Exploits.
Cloud Computing Concepts (AWS, Azure, GCP).
Threat Management.
Must have excellent oral and written communication skills and interpersonal and organizational skills.
Networking experience.
Statistical modeling and analysis experience to infer possible cybersecurity threats.
Experience in analysis in investigations, such as in IT, law enforcement, military intelligence, or business analytics.
Interest in learning about Windows, Linux, MacOS, Database, Application, Web server, firewall, SIEM and log analysis
Strong communication and interpersonal skills to effectively communicate with team-members from both technical and non-technical backgrounds.
Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting.
Understanding of intelligence cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and Diamond Model
5+ years of experience working as a Cyber Threat Intelligence Analyst
Familiarity with common network vulnerability/penetrationtesting
Experience with: ThreatConnect, Splunk, Azure, Recorded Future, CrowdStrike, Wiz, Proofpoint
An understanding of log data from cloud providers such as Azure, AWS, and GCP.
Experience evaluating systems, networks, and devices for vulnerabilities.
Splunk query-development expertise.
Experience on an Incident Response team performing Tier I/II initial incident triage.
Excellent writing skills.
