Tactical Threat Analyst - Accenture United States Bookmark Share Print 1150 1 0

Listing Description

About Accenture Cyber Threat Intelligence (ACTI)

ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain.

Who You Are

You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team’s awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence.

Role Description

As a Track, Report and Pursue (TRaP) Intelligence Analyst with ACTI, you will provide analytic support as part of a team that performs in-depth technical, tactical, and operational analysis of sophisticated adversarial threat campaigns that may pose a threat to existing or prospective Accenture Security clients. This position involves in-depth specialized research, collaboration with industry specialists and peer analysts, development and maintenance of short- and long-term research projects, a high degree of writing for tactical and executive audiences, and the presentation of findings through briefings and external engagements.

Key Responsibilities

• Act as an all-source intelligence threat analyst by analyzing adversarial indicators of compromise (IOCs) and respective tactics, techniques, and procedures (TTPs) to provide unique insight into current and emerging threat groups and campaigns, and to generate actionable intelligence.
• Provide input regarding the ACTI mission, and participate in intelligence requirements development and collection management.
• Participate in the drafting and ultimate dissemination of finished tactical and operational threat intelligence products (reports, briefings, etc.). 
• Develop and continuously tune detection signatures (e.g., YARA and Snort signatures) for both immediate client consumption and to maintain visibility into adversarial malware variants and tooling.  
• Collect, analyze, and provide an informed assessment of technical IOCs to better understand incidents and help refine detection and response efforts. 
• Maintain, develop, and continuously evaluate cyber threat intelligence sources to increase effectiveness and timeliness of reporting of actionable threat assessments. 
• Respond to client requests for information (RFIs). 
• Assist with threat assessments, including by adding applicable threat intelligence on threats to specific sectors, as well as by enumerating a specific company’s infrastructure and potential cybersecurity vulnerabilities.
• Engage and develop relationships with peers among Accenture Security's clientele and their industries to determine client and industry intelligence requirements, reporting use cases, and feedback on ACTI products.
• Support Accenture Security business development and marketing initiatives, including by representing ACTI and Accenture Security at security conferences and industry gatherings.
• Assist with Accenture Security engagements that involve on-site and remote work with clients, using subject-matter expertise to help develop, uplift, and mature ACTI operations.
• Travel, occasionally, as ACTI is a client-focused organization, and this position may require doing so to address client needs, enhance deliverables, or otherwise support projects.

Basic Qualifications

• Bachelor’s Degree in Computer Forensics, Science, Engineering, Information Systems, or other related security field, or comparable experience.
• Minimum 2 years of experience tracking cyber espionage groups and targeted cybercrime threat campaigns, including but not limited to their associated TTPs and malicious tools. 

Required Skills

• Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.).
• Practical understanding of malware analysis and/or reverse engineering.
• Ability to develop malware detection signatures (e.g., YARA). 
• Ability to research, analyze, and synthesize large amounts of data and information (internal attacks, closed- and open-source threat intelligence data) to correlate current and emerging targeted threat trends. 
• Strong written and verbal skills; can communicate complex concepts at a high level while retaining meaning and highlighting features in a way that maximizes audience engagement
• Strong problem solving and critical thinking capabilities.
• Ability to work with a high degree of independence.

Desired Skills

• Familiarity with computer incident response, system forensic analysis, network forensic analysis, scripting, data mining, large data analysis, and/or interview techniques.
• Minimum 2 years of experience working in a security operating center (SOC) or incident response (IR) function. 
• Familiarity with computer network protocols, computer incident response procedures, system and network forensic analysis, scripting, data mining, statistical analysis, and data analytics.
• Experience with computer networking and internet technologies, such as TCP/IP protocols, and data communications schemes. 
• Ability to read and understand network log sources and events (e.g., netflow and PCAP). 
• Proficient knowledge of programming languages (e.g., Python) to work with structured and unstructured threat data. 
• Experience utilizing data visualization platforms (e.g., Maltego) to map out threat infrastructure. 
• Experience with traditional intelligence targeting and analysis tradecraft techniques. 
• Project management experience.
• Network+, Security+, Certified Ethical Hacker (CEH), or relevant SANS certifications.