Cyber Threat Operations Analyst
Access Talent Today, LLC
- Portland, OR
Candidates with 5 - 20 years of experience in Cyber Security and with diverse experience in one or several of the key Cyber Security domains are encouraged to apply. Security Management, Governance, Risk, Compliance, Privacy, Vulnerability Management, Data Protection, DLP, Identity and Access Management, Network Security, Application Security, Cryptography, End point security, Security engineering, Security architecture and design, Threat management, Threat intelligence, Security operations, Forensics, Investigations, Audit, Security Operations Center (SOC) and other major areas of Cyber Security are some of the skillsets we are looking for.
This position is for client's Information Security team. The Cyber Threat Operations Analyst is a data-driven role supporting threat intelligence performance, integration, feedback, and reporting trends. This role works with threat intelligence analysts, incident responders, and engineers to improve incident response context, cycle time, and adversary hunting.
Your responsibilities will include but not be limited to:
- Support incident response intelligence requirements to develop improved data quality, response, and trends to surface for response hunting.
- Configure and tune intelligence data feeds and signatures through APIs.
- Produce accurate and actionable threat detection rules (SNORT, YARA, and SIEM).
- Manage the threat intelligence platform (TIP) data performance, standardization, and metrics to measure the value of alerts for incident responders.
- Demonstrate success presenting complex data (qualitative and quantitative) in a clear and compelling manner that inspires action.
- Tune feedback loops between the TIP, SIEM, and Case management systems to ensure data feeds are continuously monitored and measured for true and false positives.
- Coordinate intelligence-driven automation recommendations to influence security orchestration with solution and data architects and engineers.
The ideal candidate should exhibit the following behavioral traits:
- Problem-solving skills
- Ability to multitask
- Strong written and verbal communication skills
- Ability to work in a dynamic and team oriented environment
You must possess the below minimum qualifications to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates.
- Bachelor's degree or higher in Computer Science, Engineering, Math, Statistics, Information Systems, or Data Science.
- Certifications such as CISSP, GIAC, GCIH, GCFA, GREM, OSCP'E, CREST Certified Threat Intelligence Analyst, or FOR578 from certification bodies like ISC2, ISACA, SANS are required.
- 5+ years experience working cross-functionally with security engineers, security analysts, project managers, developers, and AGILE scrums teams.
- This U.S. position is open to U.S. Workers Only. A U.S. Worker is someone who is either a U.S. Citizen, U.S. National, U.S. Lawful Permanent Resident, or a person granted Refugee or Asylum status by the U.S. Government. Our client will not sponsor a foreign national for this position.
- Possess a passion for systems thinking, data analysis and strong analytical skills.
- Publish data to a message bus for data integration and orchestration that reduces the time to respond and actions analysts take during response.
- Integrate IOCs, detection rules, and correlation rules in accordance with CND-based models (Kill Chain, Pyramid of Pain, ATT&CK, etc.) with security operations tools.
- Experience in Agile/Kanban enterprise-scale software development.
- Industry or sector leadership in designing and improving the field of cyber intelligence
- Change agent with ability to drive accountability and cross-team outcomes across a matrixed global team environment across time zones and international geographies.
Knowledge, Skills, and Abilities:
- Orchestration tools: API communication (JSON, STIX, TAXI), a message bus (Kafka).
- Network security tools: DNS monitoring tools, NIPS/NIDS rules, Next generation firewalls.
- Email security tools: Proxy tools, anti-phishing software, and e-mail content scanning.
- Host based security: HIPS/HIDS correlation rules, endpoint detection and response tools.
- Intelligence enrichment tools: PassiveDNS, Domain Registration, VirusTotal, OSINT collection.
Wednesday, August 8, 2018