Security Threat Intelligence Engineer

Responsibilities

Collecting, processing, and analyzing information regarding security threats provides indication and warnings of impending attacks

Producing and disseminating intelligence products, advisories or tailored reports

Analyze and report on unique attack vectors, emerging cyber threats, and current trends used by malicious actors

Daily threat intelligence monitoring through open and closed sources

Continually improve how the threat intelligence team works, including creation of run books, procedures, automation or other efficiencies

Maintain, develop and continually analyze threat data/intelligence sources, both technical and non-technical

Identify, evaluate and communicate new and ongoing cyber security threats through regular and ad-hoc reporting; produce intelligence briefings, attribution reports, and position papers

Produce concise tactical warning bulletins and other analytic reports that detail daily findings, events, and activities

Conduct collection and support attribution and analysis from incident response and threat hunting functions case findings

Collection and analysis of All-Source intelligence, research data from multiple intelligence providers in order to analyze findings and produce quality Intelligence Products

Support threat hunts and purple teaming endeavors to identify threat actor groups and their techniques, tools, and processes utilizing threat intelligence

Analysis of anomalous log data, and results of collaborative team sessions to detect, and eradicate threat actors on the network

Analyze and support security incidents for further enrichment of detection and alerting capabilities

Continuously improve processes for use across detection sets for more efficient operations

Generate reporting of trending metrics

Acquire threat intelligence and technical indicators from external sources; develop tactical intelligence and technical indicators internally and collaborate with the incident response often

Evaluate data sources for consideration in the improvement and expansion of the threat intelligence program

Required Skills 
 

Knowledge of current hacking techniques, cyber threat actors, attribution concepts, security analysis techniques, recent cyber incidents and vulnerability disclosures

Understanding of common threat analysis, and threat modeling techniques used in CTI such as diamond model, kill chain, F3EAD, MITRE ATT&CK framework, and the threat intelligence lifecycle

Competency in using common intelligence datasets obtained from information sharing sources, malware collections, and other internet derived data