Threat Intel

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
This position serves as a Cyber Threat Analyst in support of a major IBM client. This organization provides services that analyse and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s personnel information and information systems; provides timely and relevant intelligence to assist with mitigating cyber threats confronting the Department; supports evaluation implementation and operations of tools/technologies used in advanced analysis; support and develop the Cyber Insider Threat Program. Responsible for the delivery of written and oral briefings to stakeholders.

Role & Responsibilities:

• The Cyber Threat and Intelligence Analyst will support the customer’s overall cyber threat analysis efforts.
• Researches analyses and writes documents such as cybersecurity intelligence bulletins alerts and briefings for all levels of stakeholders from Tier 1-3 SOC security engineering and executives.
• Ensures documentation is accurate complete meets editorial and government specifications and adheres to standards for quality graphics coverage format and style.
• Ensures content is developed in an appropriate style for the intended audience including presentations bulletins white papers memos policies briefings and other products.
• Acquires subject knowledge by collaborating with analysts and engineers.
• Assists in coordinating projects from the planning stage provides additional or missing materials and edits for content format flow and integrity.
• Researches topics and collaborate with stakeholders to understand communication product requirements; analyse business problems and helps prescribe communication solutions.
• Deep understanding of Cyber Threat TTPs Threat Hunt and the application of the Mitre Attack Framework
• Perform Cyber Threat Assessment and Remediation Analysis
• Processing organizing and analysing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
• Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities including but not limited to Insider Threat Rule of Engagement (ROE) Threat Hunting After Action Reports and other artifacts to support testing monitoring and protecting the enterprise
• Investigate network and host detection and monitoring systems to advise engagement processes
• Develop core threat intelligence capability and subject matter expertise
• Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
• Responsible for threat hunting activity using SIEM EDR and other hunting tools and technologies.
• Good understanding of Mitre Framework NIST framework and Cyber Kill Chain Process.
• Overall responsible for SIEM and EDR platform.
• Mentor and support L1 and L2 team for technical expertise and skills.
• Responsible for L1 and L2 team members skill development and trainings.
• Drive Process and technology standardization.
• Participate in periodic customer meetings.
• Ready to work in 24×7 rotational shift model including night shift.
• Explore different technologies available in the security industry.
• Analyse and tune threat monitoring dashboards.
• Closely work with SOC team and be responsible for incident detection triage analysis and response.
• Performing TI based and hypothesis driven threat hunting oriented to SIEM logs.
• Support the incident response team during major security incident with advance investigation skills.

Required Technical and Professional Expertise

• 8-10+ years of experience in cyber threat intelligence cyber technical analysis threat hunting and threat attribution assessment with increasing responsibilities.
• 5-7+ years’ experience in a technical capacity; preferably in a role related to any of the following disciplines: security operations network monitoring or analysis intrusion or anomaly detection
• Bachelor’s Degree or a minimum of 8 years of relevant experience
• One of the following certifications is required: CISSP or GIAC Certified Incident Handler
• Strong understanding of malware analysis advanced persistent threats infection vectors and defence strategies.
• Experience with and knowledge of cyber threat and/or intelligence analysis.
• Expert written and oral communication skills including experience with executive-level presentations.
• Knowledge of and experience with standard network logging formats network management systems and network security monitoring systems security information and event management network packet analysis tools and forensic analysis tools.
• Knowledge of and experience with web proxy firewalls IPS IDS mail content scanning appliances enterprise Antivirus solutions Network Analysers and domain name servers desired
• Demonstrated knowledge in one or more of the following areas: network security principles host-based security principles network and system administration forensic analysis principles
• Advanced user of Splunk Varonis SECOPS RSA Archer Microsoft Advanced Threat Protection (ATP) Microsoft Exchange Online Protection Netwitness PaloAlto Redseal Trend Micro anti-virus solutions Webinspect Wireshark Tenable and ForeScout (MSS) tools (e.g. LookingGlass FireEye and InfoBlox)

Preferred Technical and Professional Expertise

• Knowledge related to the current state of cyber international relations adversary tactics and trends.
• Ability to work quickly and a willingness to complete ad hoc time-sensitive assignments.
• Demonstrated oral and written communications skills ability to document technical analysis and articulate outcomes to non-technical audiences
• Good working knowledge of cyber threat intelligence analysis
• Strong analytical skills and the ability to effectively research write communicate and brief to varying levels of audiences including at the executive level
• Previous experience managing cross-functional and interdisciplinary project teams to achieve tactical and strategic objectives.