Cyber Threat Intelligence Analyst (Engineer ll)

The Cyber Threat Intelligence Analyst (Engineer II) is part of a team of analysts who consume, process, analyze, and operationalize cyber threat intelligence, threat data, or other indicators of threat activity for the purposes of improving enterprise security detection and prevention capabilities.   

Key responsibilities include:

• Timely development and deployment of customized detection logic based on provided intelligence.
• Coordinate and conduct proactive hunting exercises, retrospective searching for known indicators of malicious activity.
• Coordinate with security operations and incident response staff to tune and improve detection capabilities or to aid in investigations or respond to incidents.
• Consume and analyze threat intelligence reports in order to author signatures, queries, or other analytics that will be deployed for detection and prevention purposes. Examples include SIEM rules and alerts; Suricata, Snort, and YARA rules; and host-based intrusion detection signatures.

Basic Qualifications: 

• 2+ years of experience in the field of information security, computer science, computer forensics, or information assurance.
• Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
• Experience with cyber, incident response and digital forensics, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber.
• Experience with scripting languages, including Python and PowerShell.
• Experience working in security operations environments; experience with key security operations technologies such as SIEM and a log aggregation solution
• Experience with host and network log sources to apply to investigation, IR methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
• Knowledge of common network and host security technologies and appliances.
• BA or BS degree in Computer Science, Cyber Security, or related field.

Additional Qualifications:

• Experience with performing intermediate static and dynamic malware analysis and with setting up and leveraging automated malware analysis platforms.
• Ability to develop and coordinate hypothesis-driven analytics (hunting); ability to apply creative approaches to identifying malicious network activity.
• Knowledge of commercial and open-source malware analysis tools.
• Knowledge of Cyber threat intelligence processes and tradecraft to include the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
• Knowledge of attacker tactics, techniques, and procedures and common attack vectors and vulnerabilities.
• Knowledge of two or more scripting languages.
• Knowledge of network security technologies, log formats, SIEM technologies, and security operations.
• Ability to conduct research into geopolitical events.
• Possession of excellent oral and written communication skills.
• Experience working in the U.S. Intelligence Community or similar intelligence experience.

Formal Education & Certifications

• BA/BS in Computer Science, Cyber Security, or related field or related work experience.
• GIAC Python Coder (GPYC) or other relevant GIAC Certification such as GIAC Security Essentials (GSEC).
• Network+, Security+, or other technical industry certifications.
• Threat Intelligence Courses.
• Log aggregation training.

Personal Attributes:

• Strong customer-service orientation.
• Strong analytical skills
• High level critical thinking skills.
• Excellent written and oral communication skills.
• Excellent listening and interpersonal skills.
• Ability to communicate ideas in both technical and user-friendly language.
• Comfortable working in a dynamic environment with multiple goals.
• Highly self-motivated and directed, with keen attention to detail.
• Able to prioritize and execute tasks in a high-pressure environment.
• Experience working in a team-oriented, collaborative environment.
• Ability to deal diplomatically and effectively at all levels of the organization including both technical and non-technical, management and senior leadership.