Threat Intelligence Analyst

Formal Education

         •   BSC degree in relevant field/technology (or equivalent years of experience) 

Experience

• minimum of 4 years of related experience
• Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting
• Experience analysing phishing attacks
• Significant experience in network intrusion detection
• Experience creating specific mitigation tactics such as IDS signatures
• Experience producing reports and briefs on the current threat landscape and associated risks
• Experience with conducting vulnerability assessments using tools like Tenable or similar
• Experience on threat intelligence feeds in terms of application and usability
• Experience monitoring third party security related websites, forums and social media sites for information regarding vulnerabilities and exploits
• Experience conducting malware analysis - usage of VirusTotal etc
• Experience using common sandbox technologies to perform dynamic malware analysis
• Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and/or exploit tools

Technical/Legal Certification

• CISSP, CEH, GPEN, OSCP or similar security certifications 
• Certification in IBM Qradar essential

Responsibilities

• Supports the Threat and Advanced Cyber Defence Team with reporting, management, and remediation of threats against customers.

• Conduct cyber intelligence operations including intelligence collection, tracking threat actors, identifying malicious behaviours and operations.
• Participates on Incident Response teams as threat/forensic SME (Subject Matter Expert)
• Perform network traffic and anomaly analysis, as well as indicators of compromise from system logs (Unix & Windows), application/database and firewall logs, IDS/IPS alerts, WAF alerts, endpoint malware alerts.
• Manages multiple investigation requests through the entire lifecycle of initiation, data collection, analysis, and data production
• Performs assessments of security profiles and correlates vulnerability data with network topology information to quickly identify risks
• Recommends and tracks the application of fixes, security patches and security updates on various levels
• Produces recommendation reports on patches, exploits and vulnerabilities
• Works with customers, vendors and internal resources for problem resolution and security advisories
• Standardizes process and procedures and provides continual improvement
• Develops and maintain comprehensive documentation on incidents and analysis for clients and internal
• Compile security advisories for internal and external in document format with technical recommendations
• Use case writing, development and refinement for detection of threats
• Proactively search for rogue behaviour, malicious attacks & suspicious activity
• Training of junior analysts
• Analyse threat feeds to produce daily/weekly/monthly Threat Intelligence brief and regular threat trend reporting

Key Competencies

Knowledge

• Ability to identify and recommend mitigations for vulnerabilities, exploits, patches
• Understanding of "attacker" methodologies and tactics, including kill-chain analysis
• Familiarity with Advance Persistent Threat groups and Hacker activity
• Construct correlation and application rules in a SIEM environment from use cases
• Knowledge of cyber security methodology and security best practices •            Familiar with Data Privacy laws and the associated security requirements. 

Skills 

• Excellent problem solving and analytical skills
• Excellent written and oral communication skills
• Strong security research skills on hackers, threats and the attack surface at a global and local level
• Programming skills required: Python, Java, Perl
• Ability to read network logs and analyse network packet capture data. Wireshark
• Ability to perform malicious code reverse engineering (advantageous)
• Ability to utilize common sandbox technology to perfor