We are seeking a self-starting and practiced intelligence or information security professional to join our client's cyber fusion center (cfc) team. The team brings together experts across multiple disciplines to deliver cross-functional, cybersecurity services to support the protection of mission-critical applications and systems that support client's business operations. The role is responsible for providing expertise and guidance to management and peers on the development and implementation of improvements to core cyber intelligence competencies: collection operations, tactical support to incident response and detection, impact analysis, and strategic analysis. This role is also responsible for delivering threat-based analysis of risks to stakeholders and operates in coordination with peers from across the cfc and the office of the chief information security officer.
responsibilities:
1. identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of internal and external data.
2. identify intelligence gaps and submit requests for information to fill gaps.
3. identify emerging threats affecting the financial services industry and develop analytical threat models.
4. conduct briefings as needed for a variety of levels of internal customers as requested.
5. work closely with functional senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.
6. work in coordination with external entities such as isacs, law enforcement, the intelligence community, and other government agencies.
7. prioritize, categorize, and respond to requests for information from internal customers.
8. perform threat hunting based on emerging threats.
9. perform retro hunting based on known threat actor iocs.
10. conduct threat analysis to determine gaps in the company's security posture based on current and emerging threats.
11. provide finished intelligence analysis to internal customers through written reporting.
12. work with business units to develop security priorities/needs.
13. work with various teams to develop alerting rules as necessary.
14. perform network traffic analysis by using raw packet data, net flow, and ids as it relates to cyber security and communication networks.
15. conduct malware analysis and provide indicators for defensive measures.
16. assess the company's current security controls against the mitre att&ck framework.
mandatory skills description:
education/training:
* 5+ years of combined experience in cyber threat intelligence, cybersecurity architecture, security engineering, or soc work.
* 2+ years of experience in cybersecurity, specifically supporting incident response, digital forensics, threat intelligence and/or threat hunting.
* hold a certification in a relevant cybersecurity specialty (gcti, gnfa, gcih, chfi, cissp, etc.).
skills:
* ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) for a senior-level audience.
* gcti, or equivalent experience with common frameworks used for threat intelligence (e.g. Kill chain, diamond model, mitre att&ck).
* adversarial ttps within the context of the cyber kill chain, diamond model intrusion analysis, mitre att&ck methodologies, or equivalent.
* ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats.
* expert understanding of cyber threat intelligence concepts and processes.
* expert ability to analyze cyber threat activity and develop relevant recommendations.
* experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
* strong knowledge of networking concepts.
* threat intel platform (tip) experience - anomali, recorded futures, threat connect or other tip experience.
* strong knowledge with enterprise logging/siem solutions (e.g. Splunk), intelligence and analysis tools (e.g. Maltego), threat intelligence platforms/tip (e.g. Anomali), security orchestration tools (xsaor) and osint aggregators.
* strong knowledge of the mitre att&ck framework.
* familiarity with recorded future, riskiq, ids/ips, and load balancing technologies.
* familiarity with cloud solutions (e.g. Azure, aws, etc.).
* familiarity with malware analysis and network-based forensics tools.
nice-to-have skills description:
* strong knowledge of stix/taxii.
* familiarity with cyber threats targeting the us financial sector (nation states, cybercrime, hacktivists, etc.) and their associated ttps.
languages:
seniority level: mid-senior level
employment type: full-time
job function: information technology
industries: it services and it consulting
#j-18808-ljbffr