Analyst, Threat Intelligence, Information Security

REQ12937 Analyst, Threat Intelligence, Information Security (Open)

Position Summary
The Analyst, Threat Intelligence, Information Security is responsible in identifying, analyzing, and disseminating actionable threat intelligence. This role involves monitoring various sources for potential threats, conducting in-depth analysis, and providing insights to support the organization's cybersecurity efforts. The Threat Intelligence Analyst will work closely with the Security Operations Center (SOC) team to enhance incident response, threat hunting, and overall security detection capabilities.

Primary Responsibilities

• Threat Monitoring: Continuously monitor open-source and restricted channels for relevant threats, vulnerabilities, and indicators of compromise.
• Threat Analysis: Conduct detailed analysis of malware, phishing campaigns, and network intrusions to identify threat actors' tactics, techniques, and procedures.
• Threat Reporting: Develop and disseminate threat intelligence reports to internal stakeholders, including technical and non-technical summaries.
• Collaboration: Work with the SOC team to provide real-time analysis during active security incidents and support threat hunting activities.
• Threat Profiling: Assist in developing and maintaining threat profiles on adversary groups, detailing their objectives, capabilities, and methods of operation.
• Process Support: Support the development and maintenance of the threat intelligence process, ensuring the proper consumption of threat intelligence feeds.
• Security Posture Monitoring: Assist in monitoring the external attack surface and security posture, working with asset owners to remediate findings.
• Detection Improvement: Provide insights to improve the organization's security detection capabilities based on threat intelligence findings.

Qualifications
I. Experience

• 3 or more years of experience in cybersecurity, with a focus on threat intelligence, incident response, vulnerability management, or a related area.

II. Education

• BS in Computer Science, Information Security, or related field or three years of equivalent experience.

III. Skills / Competencies

• Hands-on experience with threat intelligence platforms, EASM, SPM, SIEM, and vulnerability assessment tools.
• Working knowledge of frameworks, best practices, and industry-standard scoring models such as MITRE, CIS, CVSS, and EPSS.
• Ability to gather and integrate threat intelligence from various sources, e.g. OSINT and other paid subscriptions.
• Understanding of operating systems and platform (e.g. Windows, Linux)
• Understanding of security technologies such as intrusion detection and prevention technologies, endpoint protection and proxies and ability to interpret log data produced by these technologies (including. Windows Events, Powershell Events, WMI events, AD events)
• Solid foundation on various security tools such as Antivirus (AV), Antispam (AS), Endpoint Detection & Response (EDR), Firewalls (FW), Intrusion Detection / Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), Security Information & Event Management (SIEM)
• Knowledge and expertise in cybersecurity management and cybersecurity best practices to support security operations and security strategy, and to be able to provide advice and solve problems for the organization.
• Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10.
• Knowledge of security incident and event management, log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation.
• Ability to perform analysis and reporting on information from multiple data sources using data mining technique for the purpose of documenting analysis results, produce report and present to technical and executive stakeholders.
• Strong written and verbal communication skills, including the ability to present complex technical information clearly and concisely.
• Proficiency in one or more programming languages (Python, PowerShell, etc.) is a plus.

III. Other Attributes

• Analytical and detail oriented – individuals must have passion and initiative
• Strong written and verbal communication skills, good listening and presentation skills.
• Ability to work effectively under pressure and manage multiple priorities.
• Independent-thinker and self-starter, who still can work well within team environment
• Follow-up and attention to detail with great customer service skills.
• Displays a high commitment to delivering results
• Works well with others and displays the highest level of integrity
• Achieves agreed objectives and accepts accountability for results