The Threat Intelligence Engineer will be part of the Threat Intelligence team, which is tasked with the primary mission to detect, analyze, investigate, and defend against sophisticated digital attacks. In this position, the Threat Intelligence Engineer will report to the Threat Intelligence Manager and be part of the Threat Detection and Analysis team. The Threat Intelligence Engineer will work alongside peers and actively contribute to alert triage, investigations, and provide input to different approaches to threat detection and response.
CORE JOB RESPONSIBILITIES:
Research - Reviews and contributes to appropriate outline ideas for research, i.e. evaluation, development, demonstration and implementation. Leverages resources to gain an up-to-date knowledge of any relevant field. Reports on work carried out and may contribute sections of material of publication quality.
Problem Management - Undertakes and reviews actions to investigate and resolve problems in systems, processes and services. Assesses problem fixes/remedies. Assists with the implementation of agreed remedies and preventative measures.
Incident Management Undertakes the identification, registration and categorization of incidents. Gathers information to enable incident resolution and promptly escalates incidents as appropriate. Maintains records and advises relevant persons of actions taken.
Penetration Testing Maintains current knowledge of malware attacks, and other cyber security threats. Specifies requirements for environment, data, resources and tools. Interprets, executes and analyses actions and results. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases.
Provides specialist advice to support others.
Business Risk Management Creates risk assessment within a defined functional or technical area of business. Maintains consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment.
Coordinates the development of countermeasures and contingency plans.
Information Security - Contributes advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Assesses and acts on vulnerability information and undertakes security risk assessments, business impact analysis and accreditation on complex information systems. Contributes to development of information security policy, standards and guidelines.
Innovation - Manages, monitors, and seeks, opportunities, new methods, trends, capabilities and products to the advancement of the organization. Clearly articulates, and formally reports potential benefits from both structural and incremental change. Promotes and motivates colleagues to share creative ideas and learn from failures.
- Experience managing an investigation; understanding the methodologies for investigative triage, case/investigation definition, etc.
- Application of common Cyber Security concepts including Intrusion Detection Systems, Host Intrusion Prevention Systems, and Anti-Virus solutions
- Understanding of the Windows File System structure, and ability to recover deleted files, search hidden files, and access registry keys
- Knowledge of Operational Security (OpSec) principles for cyber operations with an emerging understanding of the relationships between the cyber domain disciplines
- Ability and experience capturing and analyzing volatile (in-memory) data
- Experience with network signature development with tools such as SNORT, NetFLOW, WireShark, tcpdump or related tools
- Experience with central log collection, indexes, searching and analysis
- Ability to interpret logs in the context of security events/intrusions and make accurate conclusions
- Correlate actionable security events from various log sources which either feed or supplement the Security Information and Event Management (SIEM) solution
- Review threat data from various sources, and develop custom signatures for open source
- Intrusion Detection Systems (IDS) or other custom detection capabilities
- Perform network traffic analysis
- Employ advanced forensic tools
- Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
- Conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols
- Interface with remote team members
REQUIREMENTS FOR CONSIDERATION:
- Bachelor s degree in Computer Science, a related field, or applicable work experience 2-4 years of IT experience Professional designation/certification,
- Knowledge of networking protocols (such as TCP, UDP, DNS, FTP, SMTP, DHCP, etc.)
- Knowledge of Windows operating system functionality (file system structure, registry keys, scheduled tasks, processes, services, memory management, data storage, etc.)
- Strong Communications, customer focus and leadership skills required.
- Strong team player with proven experience and ability to collaborate with security professionals.
- Proven experience and ability to manage problem resolution of complex or intermittent issues in a multi-vendor, integrated enterprise environment.
- Ability to follow-up, follow through and deliver timely results
- Ability to apply advanced skill set to resolve complex problems
- Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment
- Strong verbal, written and presentation skills with the ability to effectively interact with internal and external business partners.
- Solid knowledge of industry best practices and technical systems.
- Normal office demands, ability to lift a minimum of 25 pounds.
- Off-Hours support including 24x7 on-call required.