The Senior Cyber Security Analyst - Threat Intelligence Collection role supports cyber threat intelligence collection, curation, classification, and initial analysis of data to support machine to machine processes, automation initiatives, and the production of finished reporting products to internal security operations teams, information technology teams, enterprise risk management teams, and executive decision makers. This role will coordinate with external peers and cyber intelligence sharing groups to share and consume intelligence data surrounding relevant cyber threats. This role will also leverage intelligence data to support and assist with threat modeling exercises, recommendations for control development, and Adversarial Threat Hunting.

ROLE SUMMARY AND JOB RESPONSIBILITIES

• Accountable for all aspects of the cyber security analysis process for their work

• Contributes to the development of and improvement in cyber security best practices within their group

• Leads analysis and actively participates in providing feedback on team members’ work 

• Ability to break down complex or vague problems and steps through them in a rational way

• Flexible in his or her thinking; able to evolve a solution when additional information or ideas are presented

• Decisions and recommendations distinguish between near term mitigation and required future investments

• Mentors junior members of the team

• Identifies when junior resources need help and provides it in a positive way that promotes confidence.

• Proactively helps team members/make suggestions to improve practices.

BUSINESS KNOWLEDGE

• Can articulate cyber security risk and translate into practical solutions to technology teams

• Thorough knowledge of the cyber analysis program associated objectives

REQUIREMENTS

• 2+ years of experience in a cyber intelligence analyst role

• Stays current with current threat landscape including recent vulnerability disclosures, data breach incidents, and geo-political events impacting cyber risk

• Experience with intelligence data collection from multiple sources, leveraging automated and non-automated processes

• Leverage scripting languages, preferably Python, to collect and automate the processing of intelligence data

• Experience communicating the analysis of cyber threats (written and oral) at both a strategic and operational level

• Working knowledge in one or more of the following: Financially motivated threat actors, Hacktivism, DDoS attack methods, Malware families, and Insider Threats

• Experience leveraging cyber analytic frameworks to analyze cyber threats and assess their risk. (Diamond Model, Kill Chain Methodology, MITRE ATT&CK Framework)

• Experience leveraging intelligence data in control development and threat hunting activities

• Thorough understanding of TCP/IP, OSI model and component and systems dependencies concepts.

• General understanding of Windows operating systems

• General knowledge of Unix, Linux, and Mac operating systems

• General knowledge of the functions of various security infrastructure such as firewalls, intrusion prevention/detection systems, proxy servers, email controls, anonymizing technology, and SIEM

• General knowledge of web application technologies

• General knowledge of network and systems forensics

• General understanding of AWS, Azure and/or Google Cloud

• Ability to work as part of a team

• Ability to show initiative and take on new tasks as assigned

PREFERRED

• Experience in a 24x7 global enterprise, preferably in the Financial industry

• In-depth knowledge of malware analysis tools and experience analyzing malicious code

• Familiarity with link-analysis tools, preferably Maltego

• Experience leveraging Splunk for log analysis and threat hunting

• Experience developing content and threat hunting with EDR solutions

• General knowledge of MISP

Job Family: Cyber Security

Track: Knowledge Management (KM)

Level: 3