This position serves as a Cyber Threat Analyst in support of a major IBM client. This organization provides services that analyse and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer's personnel, information, and information systems; provides timely and relevant intelligence to assist with mitigating cyber threats confronting the Department; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis; support and develop the Cyber Insider Threat Program. Responsible for the delivery of written and oral briefings to stakeholders.
Role & Responsibilities:The Cyber Threat and Intelligence Analyst will support the customer's overall cyber threat analysis efforts.
Researches, analyses, and writes documents such as cybersecurity intelligence bulletins, alerts, and briefings for all levels of stakeholders from Tier 1-3 SOC, security engineering, and executives.
Ensures documentation is accurate, complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style.
Ensures content is developed in an appropriate style for the intended audience including presentations, bulletins, white papers, memos, policies, briefings, and other products.
Acquires subject knowledge by collaborating with analysts and engineers.
Assists in coordinating projects from the planning stage, provides additional or missing materials, and edits for content format, flow, and integrity.
Researches topics and collaborate with stakeholders to understand communication product requirements; analyse business problems and helps prescribe communication solutions.
Deep understanding of Cyber Threat TTPs, Threat Hunt, and the application of the Mitre Attack Framework
Perform Cyber Threat Assessment and Remediation Analysis
Processing, organizing, and analysing incident indicators retrieved from the client environment and correlating said indicators to various intelligence data
Assisting in the coordination with internal teams as well as in the creation of engagement deliverables for a multitude of activities, including but not limited to Insider Threat, Rule of Engagement (ROE), Threat Hunting, After Action Reports, and other artifacts to support testing, monitoring and protecting the enterprise
Investigate network and host detection and monitoring systems to advise engagement processes
Develop core threat intelligence capability and subject matter expertise
Develop and Execute bash and python scripts to process discrete log files and extract specific incident indicators; develop tools to aid in Tier 1 and Tier 2 functions
Responsible for threat hunting activity using SIEM, EDR and other hunting tools and technologies.
Good understanding of Mitre Framework, NIST framework and Cyber Kill Chain Process.
Overall responsible for SIEM and EDR platform.
Mentor and support L1 and L2 team for technical expertise and skills.
Responsible for L1 and L2 team members skill development and trainings.
Drive Process and technology standardization.
Participate in periodic customer meetings.
Ready to work in 24x7 rotational shift model including night shift.
Explore different technologies available in the security industry.
Analyse and tune threat monitoring dashboards.
Closely work with SOC team and be responsible for incident detection, triage, analysis and response.
Performing TI based and hypothesis driven threat hunting oriented to SIEM logs.
Support the incident response team during major security incident with advance investigation skills.