Threat Intelligence Analyst

About the Company

Cybereason is on a mission to reverse the adversary advantage by empowering defenders with ingenuity and technology to end cyber attacks. Talking of technology, we posted the best results in the history of MITRE ATT&CK Evaluations and were named a leader in the 2023 Magic Quadrant for Endpoint Protection Platforms by Gartner Inc.

Cybereason is the champion of today’s cyber defenders, providing operation-centric attack protection. Our defense platform moves beyond endless alerting to instead recognise, expose, and end malicious operations before they take hold. 

About the Security Department

At Cybereason Security Services, we stop attacks. Consequently, we recognize that the digital landscape is ever-evolving and the need for proactive cyber threat intelligence is crucial to safeguard our client's information and operations. We are currently seeking Cyber Threat Intelligence Analysts to enhance our capabilities in identifying, assessing, and mitigating cyber threats.

About the Role:

As a Cybereason Cyber Threat Intelligence Analyst, you will be instrumental in the detection and analysis of potential cyber threats, evaluating their risk level, developing comprehensive analytical reports for a variety of audiences, and improving the delivery of security services across the entire scope of our company. You will be required to communicate complex cyber threats to both technical teams and non-technical senior executives, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.

Responsibilities:

• Perform Cyber Threat Intelligence collection and analysis to support requests for information and generation of intelligence information for specific threat intelligence products at the tactical, operational, and strategic level.
• Execute strategic and tactical operations focused on developing, applying, and communicating a deep understanding of cyber threat actors, campaigns and nation-state-level threats.
• Identify and correlate technical indicators of compromise to enhance detection engineering and incident response.
• Produce written and verbal threat intelligence products and communications for delivery to and action by multiple stakeholders to support customer strategic decision-making.
• Provide security and threat intelligence thought leadership to stakeholders.
• Collaborate with Global SOC and IR teams during investigations and mitigation efforts by providing timely intelligence before and during critical incidents. 
• Rapidly learn and adapt to new security technologies and threats.
• Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
• Participate in creating and executing projects to continuously improve Cybereason Threat Intelligence sources, tools, processes, and deliverables. Develop and document processes, workflows, and automation that leverage the Cybereason Technical Stack to identify and assess potential threats.
• Provide security and threat intelligence mentoring to other teammates.
• Work with third parties to develop shared intelligence.

Key Performance Indicators (KPIs):

• Accuracy and timeliness of Threat Intelligence deliverables (written and verbal).
• Effectiveness of communication with both technical and non-technical audiences.
• Impact of contributions to Cybereason Security Services performance in the form of improvements to:
• Incident response timeliness
• Enhanced detection of emerging threats
• Analyst triage and hunting efficiency (through reduction in manual efforts or increase in automated workflows)
• Level of adaptability to new threats and technologies.

Qualifications:

• 4+ years of relevant experience in the cybersecurity industry, particularly in the areas of Threat Intelligence, Incident Response, Endpoint Security, Forensics, or Penetration Testing.
• Foundational understanding of computer networking and modern computer architecture/operating systems.
• Familiarity with common Cyber Threat Intelligence tools (MISP, OpenCTI, Shodan, VirusTotal, GreyNoise, etc.) and sharing protocols (i.e. STIX, TLP).
• Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain, Diamond Model analysis, VERIS framework, and CVSS required.
• Background and experience in at least 3 of 6 areas is required:
• Cyber Threat Intelligence - OSINT, Dark Web, or research
• Digital Forensics & Incident Response (DFIR)
• Detection Engineering (in support of EDR/XDR/MDR platforms)
• SOC operations and analysis
• Malware analysis & reverse engineering
• Penetration Testing and/or Red Team
• Proven ability to conduct detailed analytical reports and presentations.
• Demonstrable problem-solving and analytical thinking capabilities.
• Strong presentation and interpersonal communication skills.
• Ability to manage competing priorities and work efficiently under pressure.
• Experience with a scripting language (Python, Lua, Bash, etc.) is advantageous. A keen interest in technology and cybersecurity is essential.
• Motivation to constantly improve processes and methodologies
• Self-motivated and results-oriented; capable of leading and completing assignments without supervision.
• Excellent interpersonal, verbal & written communication skills
• Ability to work both independently as well as on a team. Comfortable working in remote work environments with a globally distributed team in multiple countries.
• Ability to mentor others; willingness to collaborate and share knowledge 

#LI-Remote