Listing Description
The mission of the Global Resilience Federation (GRF) is to help assure the resilience and continuity of vital infrastructure and individual organizations against threats and acts that could significantly impact individual organizations and various sectors’ ability to provide services critical to the orderly functioning of the global economy. GRF is a non-profit spin-off from the Financial Services Information Sharing and Analysis Center (FS-ISAC) that provides support and technology to ISACs, ISAOs, and other communities around the world, with co-located analysts supporting individual communities and participating in cross-sector sharing and collaboration.
Active security clearance preferred, but not required. Candidate must be eligible to obtain a clearance.
POSITION QUALIFICATIONS
Required Qualifications: Understanding of cyber kill chain model (or intrusion kill chain), diamond model, and ACH Great writing and communication skills Experience with ThreatConnect and ThreatStream Ability to analyze network packet captures (PCAPs), IP addresses, triage binaries and files, and incidents. Understanding of certain threat actors, correlate cyber and geopolitical activity, and produce tailored intel reports.
Preferred Qualifications: Understand malware analysis or familiar with reverse engineering Ability to write and understand YARA and SNORT rules
EDUCATION
Bachelor’s degree in a technical field or equivalent combination of education and experience.
Background and Experience Basic Cybersecurity Certifications (Security+, CEH, GCIH, etc.)
REQUIRED 3 - 5 years of relevant experience; previous experience in either a SOC, intelligence or cyber threat intelligence preferred
SANS/GIAC Certification in one of the following: GREM, GCTI, GCIA, or GPEN or a similar certification preferred
WORK ENVIRONMENT
This position is performed in an office work environment with physical demands associated with that environment. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Monitor external, internal, and open source feeds for relevant cyber threats, incidents, and/or cyber activity that may have an impact on the oil and gas sector and/or relevant sectors and assets.
Stay up to date on commodity/opportunistic malware and threats and targeted malware variants and threats.
Analyze indicators, observables, and incidents that are submitted by clients/members to create actionable intelligence reports with mitigation recommendations and in-depth analysis.
Conduct briefings and host meetings on threat actors, threats, malware variants, TTPs, and APTs to clients/members.
Produce predictive and reactive cyber threat intel reports on new or updated cyber threats, new TTPs, campaigns (phishing/spear phishing/watering hole).
Correlate activity found on internal/external feeds and with what companies and members within critical infrastructure sectors are seeing or may see.
Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs.
Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute