Cyber Threat Intelligence Analyst
Access Talent Today, LLC
- Portland, OR
Candidates with 5 - 20 years of experience in Cyber Security and with diverse experience in one or several of the key Cyber Security domains are encouraged to apply. Security Management, Governance, Risk, Compliance, Privacy, Vulnerability Management, Data Protection, DLP, Identity and Access Management, Network Security, Application Security, Cryptography, End point security, Security engineering, Security architecture and design, Threat management, Threat intelligence, Security operations, Forensics, Investigations, Audit, Security Operations Center (SOC) and other major areas of Cyber Security are some of the skillsets we are looking for.
This position is for our client's enterprise Information Security team. The Cyber Threat Intelligence Analyst manages threat priorities, detection coverage, and the threat actor portfolio. This role will partner with incident response, red team, and vulnerability and risk management.
Your responsibilities will include but not be limited to:
- Track threat actors, campaigns, leading and tailing vulnerabilities and exploits, and associated tactics, techniques, and procedures (TTP).
- Covert TTPs into internal SNORT, YARA, and SIEM rules to produce actionable alerts.
- Produce clear, concise, and precise oral briefings, technical alerts, and actor profiles in accordance with accepted analytic tradecraft and methodologies.
- Reverse engineer malware (static or dynamic) to support incident response and proactively convert malware artifacts into retro-hunts in malware repositories.
- Ability to integrate timely, actionable, and relevant TTPs into Red Team operations to emulate actors, model campaigns, and increase detection in assumed areas of risk.
- Ability to collect/analyze long-term actor trends to coordinate with peer information and product security, legal, and corporate security teams to reduce business impact.
- Coordinate intelligence internally with information security teams and externally with trusted information sharing groups and select industry partnerships.
The ideal candidate should exhibit the following behavioral traits:
- Problem-solving skills
- Ability to multitask
- Strong written and verbal communication skills
- Ability to work in a dynamic and team oriented environment
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
- Bachelor's degree or higher in Computer Science, Math, Statistics, Information Systems, Economics, International relations or any other related area.
- Certifications such as CISSP, GIAC, GCIH, GCFA, GREM, OSCP'E, CREST Certified Threat Intelligence Analyst, or FOR578 from certification bodies like ISC2, ISACA, SANS, or comparable intelligence community training are required.
- 5+ years of experience working as a cyber intelligence analyst, incident responder, Red team operator, reverse engineer, or technical cyber policy analyst.
- This U.S. position is open to U.S. Workers Only. A U.S. Worker is someone who is either a U.S. Citizen, U.S. National, U.S. Lawful Permanent Resident, or a person granted Refugee or Asylum status by the U.S. Government. Our client will not sponsor a foreign national for this position.
- Possess a passion for systems thinking, data analysis, strong analytical skills.
- Integrate IOCs, detection rules, and correlation rules in accordance with CND-based models (Kill Chain, Pyramid of Pain, ATT&CK, etc.) with security operations tools.
- Experience in Agile/Kanban enterprise-scale software development.
- Industry or sector leadership in designing and improving the field of cyber intelligence.
- Change agent with ability to drive accountability and cross-team outcomes across a matrixed global team environment across time zones and international geographies.
Knowledge, Skills, Abilities:
- Network security tools: DNS monitoring tools, NIPS/NIDS rules, Next generation firewalls.
- Malware reversing: Dynamic and static malware analysis, reversing engineering tools.
- Email security tools: Proxy tools, anti-phishing software, and e-mail content scanning.
- Host based security: HIPS/HIDS correlation rules, endpoint detection and response tools.
- Analytic tradecraft: structured analytic techniques and/or Intelligence community standards.
- Intelligence enrichment tools: PassiveDNS, Domain Registration, VirusTotal, OSINT collection.
Wednesday, August 8, 2018