Cyber Threat Intelligence Analyst - Principal Financial Group Des Moines, IA, United States Bookmark Share Print 636 2 17

Listing Description

REQUIRED QUALIFICATIONS/EXPERIENCE:

► Experience with common network defense languages/tools (yara, snort, bro, etc)

► Experience with at least one scripting language (python, perl, powershell, etc)

► Ability to communicate/interact with various audiences, including senior executives

► 5+ years of experience working in a network security role

► Intimate knowledge of the Cyber Kill Chain, Diamond Model of Intrusion Analysis, or other relevant network defense and intelligence frameworks

► Experience with analyzing and interpreting data from multiple sources, documenting the results and providing meaningful analysis reports and briefings

► Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs)

► Experience and effective participation in hunt, computer network defense, and incident response activities

PREFERRED QUALIFICATIONS/EXPERIENCE:

► Familiar with intelligence enrichment sources and integration processes

► Experience with threat intelligence management platforms and tooling

► Knowledge of the primary methods, procedures, and techniques of gathering information and producing, reporting, and sharing intelligence

► Malware analysis skills and experience

► Intelligence community experienceHelp define strategy and architecture for threat intelligence and network security services

Provide engineering support for threat intelligence and network security services, to include TI security control integration support

Perform day-to-day TI operations, including:

► Source collection/management

► Analysis and production

► Security control integration

► Dissemination

► Threat hunting

► Sharing

Provide intel support during incident response activities, and directly assist with significant incidents

Establish and apply a methodology to consistently identify, classify, prioritize, and report on cyber threats.

Develop and maintain TI campaigns to track adversaries targeting our organization and industry

Prepare and deliver internal threat intelligence reports and briefings about threat actors, TTPs, and vulnerabilities.

Provide awareness to internal teams and leadership on changes to the cyber threat landscape.

Collect information on threats to the organization through communication with other partner institutions, mailing lists, open source news, and industry partnerships.

Leverage an intrusion framework, such as Kill Chain or Diamond, to develop a rich portfolio of threat actors’ tactics and activity that will support the ongoing improvement of network defenses.

Provides escalation and after-hours support as needed.