Cyber Threat Intelligence Analyst
Date ActiveFeb 21, 2021 12:00:00 AM
Hours Per Week40
Location436 Slater Road-HF308
Job Description/ Requirements
The Threat Intelligence Analysis will provide weekly reports to management, outlining the current cyber threat landscape and identifying pertinent threats to the organization. The Analyst will consume both internal and external data to calculate risk and approach monitoring from a predictive standpoint. The analyst will assist other teams within Webster's infrastructure to identify gaps & current vulnerabilities to develop a prioritized plan for detection and remediation.
The ideal candidate will have hands-on experience with security analysis, conduct independent investigations, and the ability to synthesize complex technical reports in a manner consumable by all. Experience with Splunk is highly desired.
·Consume external threat feeds, perform analysis related to impact top Webster specific systems and develop a risk-based approach to monitoring and response.
·Work closely with the SOC and Incident Response teams to detect and remediate threats to Webster systems.
·Understand the relationship between Threat Intelligence, Security Operations, and Incident Response.
·Act independently to investigate identified threats and determine impact to Webster.
·Prove weekly synopsis of the current threat landscape and how it related to Webster.
·Perform threat research and analysis to collect intelligence on the threat landscape using both open and closed sources tools.
·Develop a threat intelligence sharing program with external parties such as FS-ISAC.
·Automate the consumption and deduplication of threat intelligence and operationalize the data in a meaningful way to Webster Bank.
·Utilize the threat intelligence platform to understand adversary tools, techniques, procedures, threat actors and campaigns, and malicious domains, URLs, IPs, and sites.
·Provide an integral role within the Security Operations detection and response pipeline and feedback loop.
·Provide notifications to vulnerability management and L3 team on new indicators of compromise when available and recommended courses of action to support response activities.
·Provide a feed of threat observables from threat intelligence platform for ingestion into the SIEM and threat intelligence platform tool (TIP).
·As needed, coordinate with the CSIRT team to contain the incident and to mitigate the threat upon notification of incident.
·Have a deep understanding of the MITRE Att&ck Framework and its applicability to the SOC.
·Ability to perform threat analysis using common threat intelligence frameworks such as but not limited to the diamond model, Cyber Kill Chain, Mitre Att&ck, and others.
·Stand up, accelerate, and evolve cyber threat intelligence teams to increase their effectiveness.
·Maintain and enhance the threat intelligence platform and SIEM integrations.
·Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes.
·Identify patterns, trends, and events in threat actor TTPs and campaigns and make recommendations to CSIRT and Vulnerability Management teams for proactive threat mitigation.
·Perform other duties as assigned.
·Bachelor's degree in engineering, computer science, information security, or information systems or relevant industry experience with threat intelligence related experience.
·Candidate should have minimum 3 years of experience in Cybersecurity analysis with hands-on experience of working as a Threat Intelligence analyst.
·Hands-on experience of working independently in a SIEM is a must.
·Experience in performing threat research and analysis to collect intelligence on the threat landscape, using sources such as Open-source security intelligence.
·Understanding and familiarity with concepts or knowledge of static and/or dynamic malware analysis.
·Ability to derive Indicators of Compromise from malware samples/reports is a much.
·Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat.
·Experience with Incident Response is desired.
·Knowledge and ability to identify threat actor attack methods and track their developments.
·Experience using the Diamond Threat Model or Cyber Kill Chain.
·Ability to synthesize complex information in simple, succinct explanations with digestible reports to senior management.
·Experience in Cyber Threat Intelligence and experience conducting threat modeling and familiarity with the intelligence cycle.