Cyber Threat Intelligence Analyst
Location: Addison, TX, United States
Date Posted: Oct 27, 2021
About the company: Securonix provides the Next Generation Security and Information Event Management (SIEM) solution. As a recognized leader in the SIEM industry, Securonix helps some of the largest organizations globally to detect sophisticated cyberattacks and rapidly respond to these attacks within minutes. With the Securonix SNYPR platform, organizations can collect billions of events each day and analyze them in near real time to detect advanced persistent threats (APTs), insider threats, privilege account misuses and online fraud. Securonix pioneered the User and Entity Behavior Analytics (UEBA) market and holds patents in the use of behavioral algorithms to detect malicious activities. The Securonix SNYPR platform is built on big data Hadoop technologies and is infinitely scalable. Our platform is used by some of the largest organizations in the financial, healthcare, pharmaceutical, manufacturing, and federal sectors.
Summary: The Securonix Threat Labs team is looking for an experienced Cyber Threat Intelligence Analyst to join our team. The role will play a critical function in the Threat hunting team focusing on the Autonomous Threat Sweep and Threat Intelligence offerings. The Securonix Autonomous Threat Sweep (ATS) engine automatically and retroactively hunts for new and emerging threats in current and long-term historical data based on the latest, up-to-date threat intelligence. You will serve as the front-line expert on threats facing our customers and you interact with researchers and detection engineers on a daily basis. The Cyber Threat Intelligence Analyst will be responsible for processing, organizing and analyzing incident indicators as well as correlating said indicators to various intelligence holdings. The Cyber Threat Intelligence Analyst will also be responsible for assisting in the coordination with internal teams as well as in the creation of engagement deliverables. The successful applicant should be expected to identify potential cyber threats, determine levels of risk, and produce analytical reports for a variety of audiences. You will occasionally be required to present your findings in front of senior executives and customers. Outstanding problem-solving skills are essential. When serious threats are identified, you will work closely with other areas of the security team to identify appropriate solutions. You must be passionate about technology, and able to learn the ropes of new security solutions rapidly.
- Actively monitor, consume, research, and evaluate all-source cyber threat intelligence to maintain a broad understanding and knowledge of the evolving threat landscape and adversarial tactics, techniques, and procedures (TTPs)
- Maintain and drive the development of new reports of Cyber Threat Intelligence analysis to peers, management and customers for purposes of situational awareness and making threat intelligence actionable.
- Evaluate, analyze, and derive actionable threat intelligence from a variety of open-source, commercial, and private sources to deliver quality deliverables to both technical and executive audiences.
- Assess, curate, and manage multiple threat intelligence feeds to enable the correlation of security events.
- Effectively perform all phases of the intelligence cycle (collection, analysis, production and dissemination)
- Collaborate with operation teams to build novel detections, establish repeatable processes, and drive automation for containment and remediation activities
- Provide Tactical and operational intelligence support for the Securonix Autonomous Threat Sweep service as well Securonix Threat Intelligence services.
- Perform proactive all-source research to identify and characterize new threats to the customer base and draft related threat intelligence products, where appropriate
- Collaborate internally and externally, and develop, enhance and produce Securonix threat intelligence products
- Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency and proactive threat mitigation
- Develop compelling intelligence briefings, reports, and short position papers, with a focus on relevant, actionable intelligence
- Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes
- Collect, fuse, and analyze high volumes of open source and proprietary threat reporting to provide predictive and actionable cyber threat intelligence
- Participate in threat intelligence vendor evaluations and expanding the capabilities of our threat intelligence service offering
- Creation of detailed process documentation
- Provide curated cyber intel to support the development of use cases mapped to common frameworks (e.g., MITRE ATT&CK) for detecting new/evolving threats
- Respond to requests for ad-hoc reporting and research topics from management as required
- Responsible for the development and publication of customer-facing and external intelligence products
- Communicate analytical findings to various audiences through in-person and virtual presentations
- Produce and review intelligence summaries for internal teams and clients
- Maintain memberships and establish intelligence-sharing relationships with appropriate sources within the intelligence community
- Research sets of standardized queries related to cyber threats for specific industry verticals (Healthcare, Financials, Pharmaceuticals etc.) on a regular basis (daily, weekly, monthly, quarterly)
- Develop and manage the Threat Intelligence lifecycle including planning details around use cases , data sets required , feedback around triaged alerts
- 3+ years of experience as a Cyber Threat Intelligence analyst, conducting all-source intelligence with a focus on cyber threat analysis or a combination of intelligence and research with threat detection or incident response work
- Exhibit a deep knowledge of adversary techniques and emerging threats that could have a direct or indirect impact on business operations, technology infrastructure and customer trust, with demonstrated application of CTI principles to include adversary methodologies and TTPs, IOCs, and malware analysis
- Ability to take initiative and prioritize tasks
- Understanding and knowledge of open source and commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, malware sandboxes and reverse engineering tools
- Experience leveraging internal, commercial and open-source tools and data sources to analyze, enrich and synthesize indicators of compromise and/or other intelligence artifacts to provide meaningful and actionable intelligence
- Ability to quickly and effectively digest disparate data sources to determine security implications and risk levels
- Indicator, Signature, and TTP development and management experience a plus
- General log analysis (cloud services like AWS/Azure/GCP, DNS, email, DHCP, VPN,Firewalls etc) experience using SIEM or other Security data lake platforms
- Experience creating and presenting technical analysis through written products and presentations, such as conference presentations, webinars, formal publications, blog posts, and/or white papers.
- Experience applying CTI expertise to drive impactful outcomes in cross-domains areas including but not limited to finance, disinformation, targeting, and space