Senior Cyber Threat Analyst
Senior Cyber Threat Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Role Background
TTP MNL reports on technical subject matter such as malware developments offensive security tools vulnerability exploits cloud security and mobile security. Senior Cyber Threat Analysts are expected to familiarize themselves with these topics continuously identifying threat leads from a variety of sources. Senior Cyber Threat Analysts are also expected to analyze malware and create effective detections. Senior Cyber Threat Analysts must be able to communicate this subject matter effectively to various audiences both verbally and in writing.
Senior Cyber Threat Analysts also help Insikt Group and InfinitO maintain product quality while also identifying areas for improvement across the team. Senior Cyber Threat Analysts should be comfortable working in a collaborative environment where receiving and providing constructive feedback is common.
Senior Cyber Threat Analysts are considered nearexperts on technical subject matter and will be responsible for reviewing content created by their peers mentoring junior analysts and creating complex deliverables at an increased speed and caliber.
Specific Duties and Responsibilities
Threat Lead Identification: Research new adversary tactics techniques and procedures (TTPs) using open sources (public information such as security vendor reporting social media code repositories); closed sources (dark web and underground forums); and proprietary sources.
Subject Matter: Threat leads should focus on team priority intelligence requirements (PIRs). Examples of such subject matter include malware developments offensive security tools vulnerability exploits cloud security and mobile security.
Key Detail Identification: During research identify and take note of infection chains host and network IoCs malware samples threat actors and MITRE ATT&CK tactics and techniques
Author Insikt Notes: Write TTP Instances detailing identified threat leads. TTP Instances include a combination of information from opensource reporting and your own analysis (i.e. code review static malware analysis). TTP Instances are written and formatted to help our customers understand infection chains while also helping them prepare and validate their defenses.
Cadence: Write at least 2 TTP Instance notes daily
Quality: Authored TTP Instances should include minimal grammatical or syntax errors. Plagiarism is not acceptable.
Malware Analysis: Using sandbox environments and static analysis tools analyze malware samples associated with threat leads.
Use Cases: Malware analysis is used to provide additional insight into an event validate opensource reporting uncover additional IoCs and assist peers and customers in detection engineering
Detection Engineering: Create malware or vulnerability detections (e.g. YARA Sigma Snort Nuclei) that can be used for threat hunting detection and classification.
Cadence: Create at least 2 malware or vulnerability detections per month Delivery: These detections may be uploaded to the Client Platform on their own or accompanied by a TTP Instance.
Content Review: Review TTP Instances and Malware Detections created by your peers checking for subject matter accuracy correct IoC identification (no false positives) MITRE ATT&CK mapping Diamond Model mapping and proper grammar and formatting.
Content Publication: Upload reviewed TTP Instances to the Client Platform while ensuring proper entity and Diamond Model tagging. Information Security: Adhere to and implement InfinitOs quality and information security policies and carry out its processes and procedures accordingly. Protect clientsupplied and generatedforclient information from unauthorized access disclosure modification destruction or interference (see also Table of Offenses)
Carry out tasks as assigned and aligned with particular processes or activities related to information security.
Report any potential or committed nonconformity observation and/or security event or risks to immediate superior.
Required Skills
Strong written communication in English
Demonstrable experience writing reports on technical subject matter (e.g. malware vulnerability exploits offensive security tools) in a clear concise and logical format
Demonstrable ability to create malware detections (e.g. YARA Sigma Snort) with no false positives
Disciplined time management
Flexibility when working with a global team in varying timezones Selfstarting selfmotivated and thrive in a collaborative environment Ability to receive and apply constructive feedback from peers and leadership
Minimum Qualifications
B.S. equivalent in computer science information systems or cyber intelligence Four (4) years of professional experience in the Cybersecurity or Threat Intelligence industry
Technical proficiency in Cyber Threat Intelligence and Threat Intelligence platforms Experience working with opensource intelligence (OSINT) and/or large data sets Experience working with sandboxes virtual machines or other malware analysis tools
Familiarity with the MITRE ATT&CK Framework including the ability map reported activity to ATT&CK tactics and techniques
Familiarity with interpreting and mapping cyberattacks to the Diamond Model of Intrusion Analysis
Adeptness in cybersecurity and data protection
Preferred Qualifications
Proficiency in scripting or programming languages (PHP C C# C Python PowerShell Go JavaScript Rust)
Employment Type
Full Time
