Sorry, this job is no longer available.(Loading More Opportunities)
Cybersecurity Analyst (Threat Intelligence and Splunk)
The Cyber Intelligence Analyst serves on the front line of the Information Security Program at AAP. Under direct supervision, the Intelligence Analyst performs tasks and follows procedures necessary to ensure the security of information systems assets and protects systems from intentional or inadvertent access or destruction. The Intelligence Analyst will compile cyber threat data gathered through independent research and analysis along with Security Operations Center activity, and look at emerging technology, techniques and adversarial capabilities and tactics. They will perform source monitoring activities, develop cyber threat analysis and mitigation courses of action, and provide actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending and situational awareness of customer leadership. On a near real-time basis, they will analyze all latest and ongoing cyber threat Indications & Warning and fuse unclassified/open-source cyber threat information correlating internal activity to external indicators across numerous boundaries to provide insight into every stage of a potential intruder's cyber kill chain as well as other activities in the wild. The Intelligence Analyst participates as a member of the Cybersecurity Incident Response Team (CIRT), using security tools and techniques to plan for, monitor for, and respond to observed threats
The Cyber Intelligence Analyst will be able to enhance knowledge of Threat Intel operations and collaborate with internal AAP team members and platform teams to apply industry best practices to AAP applications and architecture. The role will be analyzing organization infrastructure from a security Intelligence perspective; and identify requirements and solutions to address them.
- Connect with different stakeholders to identify PIRs and create achievable project charters to enhance the Intel maturity score each quarter.
- In-house development, maintenance, operations of tools, managing integrations & analytics use cases on SIEM platforms for Cyber Threat Intelligence (CTI)
- Develop cyber threat analysis and mitigation courses of action, and provide actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending and situational awareness to customer leadership.
- Participate as a member of the Cybersecurity Incident Response Team (CIRT). Accurately and rapidly respond to security incidents as assigned by the Incident Handler and provide Intelligence enrichments.
- Perform ad-hoc analysis and investigation for latest Threats, collect IOCs and IOAs in a timely fashion. Share them with internal and external teams for validation and collaboration.
- Utilize threat intelligence for Threat Hunting.
- Building use cases to support different business areas using threat Intel for e.g., Risk management, Physical Security etc.
- Ensure compliances to Cyber Kill chain and MITRE ATT&CK Frameworks.
- Publish Strategic, Technical and Tactical Threat Intelligence reports.
- Enhancing security programs and tools while delivering required security metrics.
- Ability to script or program repeatable security monitoring and analysis tasks and automate Threat intel inputs.
- Advise and consult with internal security engineers, and outside AAP team members on risk assessment, threat modeling, and vulnerability management.
- Maintain up-to-date knowledge of the IT security industry, including awareness of emerging technology, techniques and adversarial capabilities and tactics, and new attacks and threat vectors.
We are seeking the following qualifications:
- Bachelor's degree in Computer Science /Engineering or equivalent experience
- 5+ years experience in Information security with proven expertise in Security operations, Incident Response and Threat Intelligence. Retail Industry experience preferred.
- Solid knowledge and experience working with Information Security applications such as FireEye, Splunk, Palo Alto, Proofpoint, Crowdstrike, Threatstream, Flashpoint, MISP etc.
- 3+years of experience related to threat management, intelligence analysis, and statistical analysis in Intelligence, financial, Retail or technology service companies and at least one (1) year of hands-on experience analyzing with Splunk
- Proficient with security automation using Python, Perl, BASH, PowerShell, or other scripting languages for Windows, LINUX, UNIX.
- Knowledge of tools and technologies used in Threat Intelligence operations.
- Ability to maintain efficiency and positive attitude in the face of challenging and competing deadlines
- Ability to operate in an Agile based environment where Daily Standups, Sprint Planning, Sprint Review, backlog grooming, and Sprint Retrospective are held
- Strong communication and collaboration skills and experience interacting at all levels throughout IT/business teams and working within large, matrixed organizations
- Expertise to manage SOPs and process adherence by teams, eye for continuous improvement
- Able to work independently with strong critical thinking, decision making, troubleshooting and problem-solving skills and also a team-player.
- Strong work ethic and internal drive for results. Strong planning, execution and multitasking skills and demonstrated ability to nimbly reprioritize and meet deadlines reliably.
- Solid familiarity of prevalent security threats and how they apply to the business
- Familiarity with Cyber Kill chain and MITRE ATT&CK framework
- On a near real-time basis, analyze cyber threat Indications & Warning and fuse unclassified/open-source cyber threat information correlating internal activity to external indicators across numerous boundaries. The correlation provides insight into every stage of a potential intruder's cyber kill chain as well as other activities in the wild.
- Strong experience analyzing and synthesizing actionable threat intelligence via open-source tools
- Strong experience in collecting intelligence from the surface web, deep web & darknet
- Preferred Certifications: CEH, CTIA, Splunk Admin