Senior Analyst, Threat Intelligence - Stroz Friedberg, an Aon company Washington D.C., DC, United States Bookmark Share Print 1653 4 28

Listing Description

Job Title: Senior Analyst, Threat Intelligence

Department: Proactive Services

Why Stroz Friedberg, an Aon company?

Aon plc (NYSE:AON) is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Our more than 72,000 colleagues worldwide empower results for clients in over 120 countries with innovative and effective risk and people solutions and through industry-leading global resources and technical expertise.

Stroz Friedberg, an Aon company, is a specialized risk management firm built to help clients solve the complex challenges prevalent in today’s digital, connected, and regulated business world. Our focus is on cybersecurity, with leading experts in digital forensics, incident response, and security science; investigations; eDiscovery; and due diligence.

Our aim is to guide businesses through the maze of complexities found at the intersection of law, technology, investigations, compliance, and security. We seek truth—uncovering facts and evidence ethically—to help organizations address their most significant risk issues. Sometimes we are called in after an incident to perform an investigation, while other times we help clients assess how prepared and protected they are from threats. Our clients call us, and we are at our best, when the stakes are high and the potential for damage is great. At Stroz Friedberg, we are united by a common goal—to maximize the health of an organization, ensuring its longevity, protection, and resilience.

Essential Job Functions

The ideal candidate will exhibit an innovative mindset and a proven capacity for identifying, exploiting and collecting against cyber threat sources along with evaluating, analyzing and reporting a well vetted intelligence product multiple levels and types of intelligence consumers.

The position demands an uncommon degree of mastery over the various elements of cyber threat intelligence tradecraft, especially its technical, socio-behavioral, and geopolitical analysis dimensions. In particular, this role will focus heavily on cultivating across multiple geographies and industry sectors a deep understanding of the entities who conduct threatening activity in cyberspace and the environmental conditions facilitating such threats. All members of the Threat Intelligence team will continuously liaise with analysts, investigators, and engineers across adjacent teams, including, but not limited to, Pentest/Red teams, Incident Response, Digital Forensics, Risk and Due Diligence, and our internal developers. Regular travel to the East Asian and EU regions may be required by the position’s requirements.

Education Required

• BSc or higher degree in Computer Science or Political Science, Economics, or Sociology (or related discipline). . (Exceptions can be made for candidates exhibiting comparable experience and ability.)

Work Experience Required

• 6 or more years conducting cyber intelligence analysis or cyber security engineering.

• 2 or more years of experience in researching cyber security issues in the East Asian, Former Soviet Union, or Greater Middle East regions.

Desired Skills, Knowledge and Accreditation

• Candidates with CREST Certified Threat Intelligence Analyst or Manager certifications are strongly urged to apply.

• 4 or more years’ experience in a governmental or military intelligence or counterintelligence role within a cybersecurity function, information assurance, red teaming, or other relevant OCO/DCO mission areas.

• Proven history of innovative research capability in malware analysis / reverse engineering.

• 1 - 3 years’ experience in (project or personnel) management aspects of a security research or intelligence capability.

• 1 or more years’ experience in network or system administration or security operation.

Note: This job description is intended to describe the general nature and level of work being performed by employees in this position. It is not intended to be an exhaustive list of all responsibilities, duties, and skills required for this position; other duties outside of normal responsibilities may be performed as necessary to meet the needs of the organization.

Background Investigation Notice: Offers of employment are contingent upon our receipt of references consistent with our expectations, the results of pre-employment background checks, and execution upon an employee’s arrival of our confidentiality and non-compete agreement.

Stroz Friedberg is an equal opportunity employer.Identify, investigate and analyze cyber events of intelligence significance.

Collect data, analyze results, and prepare intelligence products relating to cyber mission objectives.

Analyze technical data to identify and extract attacker TTPs, identify unique malware attributes, and pivot to related activity or information that could inform other defensive, mitigation, or hardening efforts.

Evaluate intelligence feeds and recommend modification or new feeds as necessary.

Generate oral briefings, raw intelligence reports and finished intelligence products utilizing accepted IC and LEO tradecraft and methodologies accepted by management.

Support cyber operations designed to pursue anomalies or cyber threats on Information Technology, IoT, and Information Control System networks.

Provide consultation and input to innovative efforts to develop advanced tools, techniques and procedures to identify, understand, and support mitigation to cyber threats clients.

Collaborate with Stroz Friedberg partners and stakeholders, including parent company Aon.

Perform other cyber intelligence-related duties, as assigned.

Extensive mastery of methods, sources, tools, and subject-matter pertaining to all-source cyber threat intelligence collection and analysis.

Demonstrated ability to devise original solutions to novel research problems by creative application and synthesis of diverse technical and social-science theories and methods.

Proficiency in social network analysis and other applications of graph theory.

Proficiency in methods and techniques of structured case-study analysis, actor profiling, discourse analysis, strategic interaction modeling, and organizational behavior modeling.

Competence in source cultivation, handling and protection.

Familiarity with diverse standards and taxonomies of cyber threat intelligence.

Preference for fluency in at least two languages other than English (Mandarin, Russian, Arabic, Farsi, Portuguese, Turkish, and German preferred).

Extensive experience in deploying, maintaining, and utilizing a variety of the most valuable tools, data-sources, platforms, and applications commonly leveraged in cyber intelligence collection, processing, information management, and analysis.

Proficiency in interpretation and application of malware and vulnerability analysis and basic ability to use related research tools, especially IDAPro (ideal candidates will also be capable of. producing such analyses). More advanced malware reverse engineering skills will be considered a strong advantage.

Familiarity with data-mining and content-analysis techniques and tools.

Thorough familiarity with fundamental Operational Security principles and the particular demands of cyber security research.

Familiarity with STIX, TAXII, and JSON.

Intermediate to strong command of at least one relevant programming language (C, Python, and preferred).

Ability and interest to learn other new skills as required, including database technologies and new scripting and programming languages.

Ability to communicate technical details in a clear, comprehensible manner to team members and management.