The Cyber Threat Intelligence Analyst II will perform advanced data analysis, identifying anomalies, trends, or relevant correlations and turning that information into actionable intelligence. This job function will also review information from multiple advanced cyber technologies to identify, investigate, isolate, eradicate and report potential threat activity or threat actors. Analysts create reports and reporting metrics. When required, this job function will also act as an on-callcyber incident responder. This role has a heavy emphasis on intelligence-driven incident response and deep technical analysis. Performs investigations such as network log analysis, endpoint system log analysis and malware analysis. Helps coordinate remediation and tracking of those same investigations.
- Demonstrable analytical skills across various technologies
- Performs on-call activities when required
- Uses threat intelligence or hypotheses to hunt for known threats
- Creates automated alerts and playbooks which correlate indicators of compromise
- Working knowledge of efficient threat hunting and investigation techniques
- Working knowledge of malware analysis tools and techniques
- Performs investigations by reviewing raw data, identifies security anomalies or trends, and turns that information into actionable resolution requests or reports
- Creates intellectual property such as procedural documentation and tools for automated analysis and correlation activities
- Produces key metrics related to threats and risks
- Performs active collection and inventory of external cyberthreats relevant to the organization
- Conducts studies and make recommendations to identify cyberthreats; threat vectors; threat actors; and threat trends
- Performs the tracking of investigations and incidents through resolution
- Performs analysts requests for new or modified cybersecurity alerts
- Identifies and manages threat signatures from all available sources
- Performs standard procedures for incident response to counteract the detected threats
- Interfaces with management as part of the Cyber Incident Response roles
- Performs analysis of potentially malicious activities and software
- Ensures the company's commitment to protect the integrity and confidentiality of systems and data.
- Performs network/system/application/log intrusion detection analysis and trends
- Performs security incident handling efforts in response to a detected incident, and coordinates with other stakeholders
- Performs maintenance of policies, standards and procedures
- Maintains awareness of trends in security, regulatory, technology, and operational requirements
- Performs maintenance of documented operational adherence to standard operating procedures, processes and guidelines to be used within the team.
- Maintain awareness of trends in security regulatory, technology, and operational requirements
- Participate in the on-call rotation in order to respond to cyber incidents that are escalated by the 24x7 SOC.
- Support the company's commitment to protect the integrity and confidentiality of systems and data.
- Education and/or experience typically obtained through completion of a Master’s degree or 2 yeardegree in Computer Science, Engineering, Math or Physical Science or equivalent work experience in a related field.
- Minimum 3 years of IT Security experience
- Minimum 2 years of Cyber Threat Hunting experience
- Understanding and demonstrable willingness to learn offensive and defensive cybersecurity techniques, including threat hunting.
- Familiarity with common threat intelligence and threat hunting tools
- Moderate understanding of TCP/IP and networking concepts
- Moderate understanding of malware campaigns
- Moderate understanding of deep and dark web concepts
- Working knowledge of Windows and Linux operating systems
- Ability to work independently and within a team environment.
- Strong interpersonal skills.
- Candidate should feel comfortable presenting to his peers and coworkers
- Expertise in operating system, application, network, and databasesecurityarchitectures.
- Cyber Security related certifications desired, not required
- Background and drug screen.
• Certification in information security is desirable: CCNA+S; JSEC; GCIH; GCTI; CEH; CISSP; SSCP; OSCP; OSEE; CPT; DFP; THP; eWAPT
The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.