Cyber Threat Intelligence Analyst
Date ActiveFeb 22, 2021 12:00:00 AM
Hours Per Week40
Location436 Slater Road-HF308
Job Description/ Requirements
Job Title: Cyber Threat Intelligence Analyst
Date Completed: 11/2/20
To be completed by Human Resources:
I. POSITION SUMMARY
Describe the basic function or purpose of this job - Why does the job exist?
The Cyber Threat Intelligence Analyst will provide analysis on the threat landscape involving threat actors active at the global and industry level while building out a risk-based approach to the prevention, detection, and response within Webster's infrastructure. This role will serve as a member of the Security Operations Center and report directly to the Security Operations Manager. The role requires hands-on experience with Security Operations and analysis but will function as a strategic role to research threats, perform threat hunting activities, and develop alert/monitoring logic for pertinent threats to the organization.
The Threat Intelligence Analysis will provide weekly reports to management, outlining the current cyber threat landscape and identifying pertinent threats to the organization. The Analyst will consume both internal and external data to calculate risk and approach monitoring from a predictive standpoint. The analyst will assist other teams within Webster's infrastructure to identify gaps & current vulnerabilities to develop a prioritized plan for detection and remediation.
The ideal candidate will have hands-on experience with security analysis, conduct independent investigations, and the ability to synthesize complex technical reports in a manner consumable by all. Experience with Splunk is highly desired.
II. MAJOR DUTIES & RESPONSIBILITES
Describe the key responsibilities of this position in order of importance. Statements should be concise and action- oriented. This job profile is intended to be relatively generic and may be used across the organization. Responsibilities that are attributed only to one incumbent should not be listed unless they are so significant that they create a new position.
The Cyber Threat Intelligence Analyst will be responsible for analyzing the threat landscape and providing a risk-based approach to detection and
· Consume external threat feeds, perform analysis related to impact top Webster specific systems and develop a risk-based approach to monitoring and response.
· Work closely with the SOC and Incident Response teams to detect and remediate threats to Webster systems.
· Understand the relationship between Threat Intelligence, Security Operations, and Incident Response.
· Act independently to investigate identified threats and determine impact to Webster.
· Prove weekly synopsis of the current threat landscape and how it related to Webster.
· Perform threat research and analysis to collect intelligence on the threat landscape using both open and closed sources tools.
· Develop a threat intelligence sharing program with external parties such as FS-ISAC.
· Automate the consumption and deduplication of threat intelligence and operationalize the data in a meaningful way to Webster Bank.
· Utilize the threat intelligence platform to understand adversary tools, techniques, procedures, threat actors and campaigns, and malicious domains, URLs, IPs, and sites.
· Provide an integral role within the Security Operations detection and response pipeline and feedback loop.
· Provide notifications to vulnerability management and L3 team on new indicators of compromise when available and recommended courses of action to support response activities.
· Provide a feed of threat observables from threat intelligence platform for ingestion into the SIEM and threat intelligence platform tool (TIP).
· As needed, coordinate with the CSIRT team to contain the incident and to mitigate the threat upon notification of incident.
· Have a deep understanding of the MITRE Att&ck Framework and its applicability to the SOC.
· Ability to perform threat analysis using common threat intelligence frameworks such as but not limited to the diamond model, Cyber Kill Chain, Mitre Att&ck, and others.
· Stand up, accelerate, and evolve cyber threat intelligence teams to increase their effectiveness.
· Maintain and enhance the threat intelligence platform and SIEM integrations.
· Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes.
· Identify patterns, trends, and events in threat actor TTPs and campaigns and make recommendations to CSIRT and Vulnerability Management teams for proactive threat mitigation.
· Perform other duties as assigned.
III. EDUCATION, EXPERIENCE & SKILLS
Indicate the education level, previous experience, specific knowledge, skills and abilities required to meet the minimum entry-level requirements for this position. This may include special skills, licenses, certificates, etc.
· Bachelor's degree in engineering, computer science, information security, or information systems or relevant industry experience with threat intelligence related experience.
· Candidate should have minimum 3 years of experience in Cybersecurity analysis with hands-on experience of working as a Threat Intelligence analyst.
· Hands-on experience of working independently in a SIEM is a must.
· Experience in performing threat research and analysis to collect intelligence on the threat landscape, using sources such as Open-source security intelligence.
· Understanding and familiarity with concepts or knowledge of static and/or dynamic malware analysis.
· Ability to derive Indicators of Compromise from malware samples/reports is a much.
· Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat.
· Experience with Incident Response is desired.
· Knowledge and ability to identify threat actor attack methods and track their developments.
· Experience using the Diamond Threat Model or Cyber Kill Chain.
· Ability to synthesize complex information in simple, succinct explanations with digestible reports to senior management.
· Experience in Cyber Threat Intelligence and experience conducting threat modeling and familiarity with the intelligence cycle.
· Excellent verbal and written communication.