Sr Cyber Threat Intelligence Analyst

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at https://www.trustwave.com.

A Cyber Threat Intelligence Analyst is a member of the TDR SpiderLabs Applied Intelligence (SLAI) team within Trustwave Managed Security Services (MSS). The mission of this MSS team is to collect, curate and operationalize cyber threat intelligence (CTI) for internal security operations services teams. This team will provide advisory support to internal Trustwave stakeholders and lead the MSS organization active response and emerging threat functions as it relates to newly discovered incidents, threat campaigns, recently discovered 0-days, and geo-political events that may have significant impact to Trustwave MSS clients.

Responsibilities Include But Not Limited To

• Source and execute an intel curation methodology to identify, classify and prioritize threats from internal sources, 3rd-party, OSINT, DarkINT, social, etc.
• Maintain the MSS Threat Intelligence Platform
• Provide advisory support and reporting on threat actors, groups and campaigns to internal teams
• Manage and respond to emerging threat activity for MSS
• Develop actionable threat intelligence; both tactical and operational
• Execute proactive threat actor tracking and build a portfolio of threat profiles and trends from MSS activity
• Apply intelligence through collaboration with peers to create use cases and detection rules for MSS
• Perform periodic cyber advisory presentations for Trustwave teams
  
  

Key Qualifications

• Complex critical thinking and security analysis skills
• Advanced written and verbal communication skills for a wide array of audiences
• Ability to communicate technical risk details into easy-to-understand language
• Knowledge of intelligence lifecycle
• Solid understanding of MITRE ATT&CK, Diamond model, NIST and other relevant frameworks
• Ability to prioritize and execute tasks in a high-pressure environment
• Experience working in a team-oriented and collaborative environment including cross-functional collaboration
  
  

Skills & Knowledge Requirements

Must have intermediate skills/knowledge in some of the following:

• 1 – 2 years’ experience using and maintaining MISP or similar TIP solutions
• Minimum of 2-years’ experience producing threat intelligence, tracking cyber threats, incident response and/or threat hunting with a focus on attacker TTPs and attribution
• Understanding of STIX / TAXII
• Scripting, Python, and API experience
• 1-3 years of SIEM experience with Microsoft Sentinel, Splunk, IBM Qradar or other platforms
• 1-3 years of EDR experience with solutions from Microsoft, Palo Alto Networks, Sentinel One, Trellix, Crowdstrike or other platforms
• Unix/Linux and Windows system administration
• Excellent analytical thinking and problem-solving skills
• Superb incident management and incident response skills
• Strong oral and written communication skills
• Self-managed and team oriented
• Deadline and detail oriented
• Highly motivated with excellent teaming and customer service skills
  
  

Preferred

• Intermediate to advanced experience in Information Security related areas like CTI, SIEM, EDR, or DFIR
• Certified in Security related Industry, Vendor or Professional Certification- Certified Threat Intelligence Analyst, GCTI, Security+, etc
  
  

Education

• A high school diploma or equivalent is required; a college or university degree is a plus.
  
  

This is a remote opportunity open to anyone legally authorized to work in the USA. Guided by our flexible workplace philosophy, Moments That Matter, people gather in the office when in-person interaction is most impactful; full-time remote employees may be asked to travel occasionally based on the needs of the team and the business.

Trustwave is an Equal Opportunity Employer. We're committed to treating everyone with respect, one of our core TRUST Values, and strive to create a culture that empowers all Trustees to be their best, most authentic selves. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.

To All Agencies

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.