Cyber Threat Intelligence Analyst
|Job Title:||Cyber Threat Intelligence Analyst|
|Contact Name:||Nathan Sweeney|
|Job Published:||May 05, 2017 14:53|
The Cyber Threat Intelligence Analysts are at the very core of this, and pro-actively detect malicious behaviour using a unique blend of device threat intelligence feeds from multiple commercial and open source feeds.
Candidates will have responsibility for real-time monitoring of third party security feeds, forums, and mailing lists to gather information on vulnerabilities and exploits related to the client. They will be required to assess each event based on factual information and wider contextual information available and produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk. You will also need to produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds and will participate in regular threat focus meetings.
You will be expected to have the following skills / experience:
• Proven technical expertise on Operational Security aspects in one or more of the following: Cyber Security, Attack Models, Security Analytics, IDS/FW/SIEM Toolsets, Operational Threat Intelligence, Governance and Industry Standards (ISO27001, PCIDSS)
• Low to Mid-level security analysis experience required
• Significant proven experience in a Security or Operational role
• Significant Experience with SIEM toolsets
• Strong skills in Incident Response
• Windows and Unix knowledge
• Understanding of TCP/IP based networks (both LAN & WAN)
• Security certifications advantageous e.g. SSCP, Security +, GCIH, GCIA etc.
• Knowledge of or experience with the following technology vendors: Cisco, Juniper, Fire Eye, Palo Alto, Websense, BlueCoat, Check Point, McAfee, Symantec, Dell, HP, Fortinet, SourceFire, SNORT, IBM
• An understanding of IT Service Continuity Management best practices including ITIL standards.
The following is highly desirable:
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Security Professional (CISSP)
• Certified Network Intrusion Analyst (CC NIA)
• Proven experience with network session analysis and session reconstruction using PCAP analysis tools (e.g. Wireshark)
• Excellent understanding on key protocols including: HTTPS, TCP/IP, SSL, DNS, NTP
• Ability to conduct technical reviews of security posture including AUP, firewall policy, proxy blacklists/whitelists
• Experience of penetration testing and ethical hacking
• Knowledge of malware analysis and resources relating to exploit kits, techniques and CVEs
• Expert in the operation of SIEM toolsets.
• Sound Technical knowledge from some or all of the following areas: Unix Systems , Hadoop / SQL Database Technologies, Microsoft Systems, Data Networking, Data Analysis, Data Centre / Operational Processes, Vulnerability Scanning solutions
• Relevant additional security certifications i.e Systems Security Certified Practitioner (SSCP), Certified Ethical Hacker (CEH), ITIL v3 Foundation or above
Please note that this position may require you to work out of hours and public holidays as part of a shift rota.
For more information and a full job spec please email Nathan Sweeney on firstname.lastname@example.org or call 01202 596 365.