Security Threat Intelligence Engineer

Summary

Cloud Security Services is seeking a 6-month remote Security Threat Intelligence Engineer Consultant to support their Threat Management team by collecting, processing, analyzing security threats, producing intelligence products, and maintaining threat data sources. Required skills include knowledge of common threats, penetration techniques, attack vectors, and various tools.

Requirements

• Solid understanding of common and advanced threats, penetration/intrusion techniques & attack vectors such as Malware analysis, APT/Crimeware ecosystems, Exploit kits, Cyber Hunting, Cyber Threat intelligence, Software vulnerabilities & exploitation, Data analysis
• Knowledge of current hacking techniques, cyber threat actors, attribution concepts, security analysis techniques, recent cyber incidents & vulnerability disclosures
• Understanding of common threat analysis, and threat modeling techniques used in CTI such as diamond model, kill chain, F3EAD, MITRE ATT&CK framework, and the threat intelligence lifecycle
• Competency in using common intelligence datasets obtained from information sharing sources, malware collections, & other internet derived data
• Familiarity with the following tools: Threat Intelligence Platform (TIP), Threat intelligence feeds, STIX, MISP and TAXII frameworks, Open Source Intelligence feeds and tools (OSINT), Malware Analysis / Reversal Tools, Security Incident and Event Monitoring (SIEM), Security Orchestration, Automation & Response (SOAR), Network sniffers and packet tracing tools, Threat Intelligence Platforms (TIP), Security Information& Event Management (SIEM), Intrusion Detection& Prevention (IDS/IPS), End Point Detect& Response (EDR), Email and Web filtering technologies, link-analysis methods and software (e.g., Maltego, Analyst Notebook)
• A minimum of 10 years of information security experience with at least 7 years of experience with all-source cyber intelligence and analysis; or the equivalent combination of higher education and/or real-world experience

Responsibilities

• Collecting, processing, and analyzing information regarding security threats
• Producing and disseminating intelligence products, advisories or tailored reports
• Analyze and report on unique attack vectors, emerging cyber threats, and current trends used by malicious actors
• Daily threat intelligence monitoring through open and closed sources
• Continually improve how the threat intelligence team works, including creation of run books, procedures, automation or other efficiencies
• Maintain, develop and continually analyze threat data/intelligence sources, both technical and non-technical
• Identify, evaluate and communicate new and ongoing cyber security threats through regular and ad-hoc reporting; produce intelligence briefings, attribution reports, and position papers
• Produce concise tactical warning bulletins and other analytic reports that detail daily findings, events, and activities
• Conduct collection and support attribution and analysis from incident response and threat hunting functions case findings
• Collection and analysis of All-Source intelligence, research data from multiple intelligence providers in order to analyze findings and produce quality Intelligence Products
• Support threat hunts and purple teaming endeavors to identify threat actor groups and their techniques, tools, and processes utilizing threat intelligence
• Analysis of anomalous log data, and results of collaborative team sessions to detect, and eradicate threat actors on the network
• Analyze and support security incidents for further enrichment of detection and alerting capabilities
• Generate reporting of trending metrics

Preferred Qualifications

• Relevant industry security certifications such as CISSP, SANS GIAC (e.g. GCTI, GCIH, GNFA, GCFE, GCFA, GREM), AWS certifications (SAA, SAP, or SCS), etc
• Experience developing and presenting cybersecurity topics in written products and presentations, including conference presentations, webinars, and blog posts
• Familiarity with other security verticals such as: Digital Forensics, Incident Response, Threat Detection, Application Security, Cloud Security, Offensive Security
• Networking experience with LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP, and NSRP) routing protocols and technologies
• Considerable working knowledge in one or more of the following topics APT, Cybercriminals, financially motivated cyber groups, Hacktivism, DDoS attack methods, malware variants, Mobile and Emerging Threats, Social Engineering, Insider Threats
• Broad network and technology awareness, with the ability to convey complex or technical topics in a clear and concise manner