Cybersecurity Threat Intelligence Analyst ( Architect Level)

Description

The cybersecurity threat intelligence analyst is an advanced and highly trusted role supporting the credit union’s information security program. Additionally, the cybersecurity threat intelligence analyst serves across all areas of threat intelligence to help inform and defend the business and protect brand reputation. The analyst monitors application, host and network threats, including external threat actors and rogue insiders. As a trusted member of the information security team and credit union industry, the analyst works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers.

The cybersecurity threat intelligence analyst is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know. From the research conducted, the analyst will seek to uncover patterns and trends and be forward-thinking as to how threats may evolve. Furthermore, the analyst will participate in simulation exercises designed to uncover weaknesses related to threats, with the goal of implementing defensive solutions prior to attacks and disrupting attacks in progress. The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step actions.

ESSENTIAL POSITION FUNCTIONS:

- Research current and emerging threats facing the business and industry sector.

- Track threat actor infrastructure and associated malware families.

- Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence.

- Use automation to efficiently streamline and de-duplicate threats for playbooks, but use human analysis for actionable decision-making.

- Actively hunt for exposures and identify incidents warranting action to disrupt and remediate threats.

- Use and assign indicator severity and impact ratings to determine appropriate plans of action.

- Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.

- Serve as a trusted advisor to establish credibility with business unit leadership and technical teams.

- Share relevant information with stakeholders and make recommendations for next steps when facing threats.

- Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team.

- Evaluate and implement deception techniques designed to thwart adversaries.

- Work with technical teams to demonstrate weaknesses/vulnerabilities and implement solutions to address them

- Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.

- Actively inform and engage in security projects across the business to disrupt active or potential threats.

- Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.

- Maintain an up-to-date level of knowledge related to security threats, vulnerabilities and mitigations to reduce attack surface, and circulate it through business units.

- Motivate business units to adopt cybersecurity controls to reduce attack surface.

- Openly support the CISO, management team and executive leadership, even during tumultuous times.

- Perform other duties as assigned.

- Should possess excellent communication skills, both written and verbal.

- Must possess good decision-making and analytical skills, and an ability to exercise good judgment.

EXPERIENCE AND SKILLS:

- Strong written and verbal communication skills across all levels of the organization.

- Applicable knowledge of adversary tactics, techniques and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open source intelligence (OSINT) and deception techniques.

- Demonstrated ability to investigate, handle and track incidents.

- Proficient in SIEM, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms and security orchestration, automation and response (SOAR) solutions to centralize and manage incident and remediation workflow.

- Ability to analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge.

- Experience in incident handling, vulnerability management, hacking tools, intelligence gathering and kill chain methodology.

- Proven threat hunting experience and ability to track adversaries.

- Demonstrated experience conducting tabletop exercises and adversary emulation.

- Capable of working with diverse teams and promoting an enterprise-wide positive security culture.

- Ability to maintain a high level of integrity, trustworthiness and confidence, with the highest level of professionalism.

- Strong project management, multitasking and organizational skills.

- Proficient with Python, PowerShell and Bash.

- Ability to preserve credibility with the team and external constituents through sustained industry knowledge.

- Ability to motivate teammates to achieve excellence and willingly shares knowledge

- Demonstrated understanding and comprehension of a wide range of network and host cybersecurity solutions.

- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.

- Self-starter requiring minimal supervision.

- Outstanding written and verbal, business and cybersecurity communication skills.

- Highly organized and efficient.

notes from qual call:

Key Responsibilities:

• Understanding Current Threats: The candidate should help the organization understand the current threats they need to focus on, including threat modeling.

• Industry Relationships: They should have relationships and knowledge of the landscapes of threats against their sector, and particularly with those targeting US institutions.

• They need help on defining focus areas: The candidate needs to define what the organization should focus on, identify techniques used by threat actors, and adjust our clients capabilities accordingly.

• Communication Skills: Excellent communication skills are essential to translate complex information effectively.

• Purple Teaming Capabilities: The candidate should have the ability to conduct purple teaming exercises to test and improve the organization's environment.

Skills

penetration test, threat testing, monitoring, threat intelligence, Purple Team

Top Skills Details

penetration test,threat testing,monitoring,threat intelligence,Purple Team

Additional Skills & Qualifications

EDUCATION, EXPERIENCE, SKILLS AND ABILITIES:

- High School Diploma or Equivalent Experience required.

- Bachelor's degree in information assurance, computer science, engineering or related technical field preferred.

- CISSP, GCTI, GCFE,GCIH, GREM, OSCP preferred, but not required.

EXPERIENCE

- Previous financial industry and customer service experience preferred.

- At least 5-7 years of cybersecurity experience (or information technology coupled with cybersecurity), with at least 3-5 years in an intelligence or incident response security practitioner role.

COMPUTER SKILLS:

- Proficient in Microsoft applications (Word, Excel, Outlook). Must be proficient in technology applications including the Credit Union’s operating system and specialized software required for performance of position.

- Proficient in security tools such as Linux, NMAP, Nessus, Rapid7 Nexpose, MetaSploit, etc.