Experienced Network Security Analyst ( Cyber Threat Intelligence Analyst )
As a member of Principal’s global IT community, you are part of a high-performing culture that promotes employee empowerment, innovation, collaboration, and career development while fostering flexibility between professional and personal responsibilities. The work you do while partnering closely with the business puts our customers’ needs first by shaping the financial security of millions of lives across the globe!
Members of this team are highly motivated, self-driven, and passionate about cyber security. You will have the opportunity to help us build and mature our threat intelligence platform and services. The Cyber Threat Intelligence (TI) Analyst will leverage their previous experiences with enterprise network defense to develop a comprehensive set of threat intelligence processes to support operational, tactical, and strategic decision making across theorganization.
- Help define strategy and architecture for threat intelligence and network security services
- Provide engineering support for threat intelligence and network security services, to include TI security control integration support
- Perform day-to-day TI operations, including:
o Source collection/management
o Analysis and production
o Security control integration
o Threat hunting
- Provide intel support during incident response activities, and directly assist with significant incidents
- Establish and apply a methodology to consistently identify, classify, prioritize, and report on cyber threats.
- Develop and maintain TI campaigns to track adversaries targeting our organization and industry
- Prepare and deliver internal threat intelligence reports and briefings about threat actors, TTPs, and vulnerabilities.
- Provide awareness to internal teams and leadership on changes to the cyber threat landscape.
- Collect information on threats to the organization through communication with other partner institutions, mailing lists, open source news, and industry partnerships.
- Leverage an intrusion framework, such as Kill Chain or Diamond, to develop a rich portfolio of threat actors’ tactics and activity that will supportthe ongoing improvement of network defenses.
- Provides escalation and after-hours support as needed.
- Experience with common network defense languages/tools (yara, snort, bro, etc)
- Experience with at least one scripting language (python, perl, powershell, etc)
- Ability to communicate/interact with various audiences, including senior executives
- 5+ years of experience working in a network security role
- Intimate knowledge of the Cyber Kill Chain, Diamond Model of Intrusion Analysis, or other relevant network defense and intelligence frameworks
- Experience with analyzing and interpreting data from multiple sources, documenting the results and providing meaningful analysis reports and briefings
- Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs)
- Experience and effective participation in hunt, computer network defense, and incident response activities
- Familiar with intelligence enrichment sources and integration processes
- Experience with threat intelligence management platforms and tooling
- Knowledge of the primary methods, procedures, and techniques of gathering information and producing, reporting, and sharing intelligence
- Malware analysis skills and experience
- Intelligence community experience