Threat Intelligence Job Description
Threat Intelligence Duties & Responsibilities
To write an effective threat intelligence job description, begin by listing detailed duties, responsibilities and expectations. We have included threat intelligence job description templates that you can modify and use.
Sample responsibilities for this position include:
Threat Intelligence Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Threat Intelligence
List any licenses or certifications required by the position: CISSP, SANS, CEH, GCIH, GSEC, SEC504, GCIA, SEC503, GIAC, GREM
Education for Threat Intelligence
Typically a job would require a certain level of education.
Employers hiring for the threat intelligence job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Intelligence, Education, Information Security, Cyber Security, Computer Engineering, Engineering, Technical, Technology, Information Technology
Skills for Threat Intelligence
Desired skills for threat intelligence include:
Desired experience for threat intelligence includes:
Threat Intelligence Examples
Threat Intelligence Job Description
- Developing, implementing, and supervising the execution of processes to ensure a repeatable, but agile, methodology exists to quickly evaluate and implement effective threat intelligence products and services for a variety of internal, executive, and external stakeholders
- Building and overseeing the implementation of tools and technologies to realize the overarching threat intelligence, partnering heavily with our SunTrust Security Operations Center, Security Engineering, and IT Engineering groups as necessary
- Supervising and mentoring intelligence analysts in ensuring that threat intelligence products and services are consistently delivered with high degrees of quality
- Partnering effectively at all levels of the technology organization and with business partners, where needed, to ensure that new or existing cyber security controls are implemented with limited or ideally no impacts to the user experience
- Knowledge of classes of software vulnerabilities and threats and of database query languages
- Familiarity with industry-standard classification schemes (CVE, CVSS, CWE, CPE, CAPEC)
- Strong understanding of host and network security concepts, such as system hardening, log management, intrusion detection & prevention systems, firewalls
- Proficiency with at least one programming or scripting language, such as Python, Perl, .NET
- Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations
- Manages and administers the updating of rules and signatures (e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized cyber defense applications
- Bachelor’s degree and/or equivalent work experience- 5+ years of security, network or operating system related technologies experience – SOC or Threat Intelligence experience also preferred
- Experience in scripting to improve process automation
- Subject matter expert (SME) in one or multiple areas such as SIEM, Proxy or Firewall administration, IDS/IPS, Threat Detection, or Information Risk
- Experience in reviewing and analyzing log files and data correlation
- 7 or more years of experience in information systems security
- Knowledge of computing laws and regulations
Threat Intelligence Job Description
- Compose white papers about your research for publication
- Contribute to our well-read blog about any technical topic of interest, including day-to-day work or outside interests, when possible
- Direction, productization, and full lifecycle management of threat intelligence-related products and features
- Executes an intelligence life cycle, including requirements gathering, intelligence collection, analysis, targeted distribution, and feedback to produce relevant, timely, accurate, and actionable intelligence providing the “who, what, when, where, why, how, and importance” of cyber threats including those associated with espionage, hacktivism, cybercrime, malicious software, social engineering, and emerging threats
- Collaborates with internal partners to provide intelligence and reporting which meets business needs
- On behalf of Global Cybersecurity, prepare and deliver regular written and verbal briefings across all levels of the enterprise delivering authorised briefings to external clients when required
- The analyst leads TI activities as a customer surrogate in support of enterprise-level cyber security incidents, provides situational awareness to appropriate personnel through clear and concise communications, and promotes a proactive response to possible threats by staying current with, analyzing, and identifying mitigations for emerging threats to the customer’s IT infrastructure
- In order to accomplish these tasks, the analyst works closely with cyber intelligence analysts, digital forensics investigators, malicious code reverse engineers, Cyber Security Operations Center (CSOC) analysts, and customer leadership affected by cyber security events
- Focusing on enterprise-level TI, responsibilities entail developing and operationalizing TI in support of CSOC investigations of suspected intrusions, pro-active management of enterprise information security resources, and the technical evaluation of enterprise networks, systems, and applications against the cyber threat and associated risk of cyber attack
- Provide accurate, complete and timely written documentation for all project phases including ongoing status reports and deliverables detailing technical issues identified and their associated business risks
- Possess security certifications (CISSP, CCNA, CEH)
- Proven experience performing or leading cyber threat management and intelligence, to including collection and aggregation of threat data, automated or manual analysis, and reporting
- Strong knowledge of a broad array of other systems security technical controls and processes (e.g., identity & access management, system hardening, audit and log file monitoring, DLP, security policies, incident response, intrusion prevention, vulnerability management)
- Working knowledge of relevant financial industry cyber security regulations, standards, and controls frameworks, FFIEC, PCI-DSS, GLBA, ISO 2700x)
- Bachelor Degree in computer sciences, engineering, information security or an equivalent combination of education, training, and experience
- Microsoft Certified Systems Engineer (MCSE) and Information Systems Security Professional (ISSP) certifications expected
Threat Intelligence Job Description
- Establish and maintain rapport with client technical staff and management staff
- Escalate engagement and client related issues, where appropriate, to engagement lead
- Provide deliverables and status reports with engagement results and remediation guidance
- Assist with Cyber Threat Intelligence research in support of internal projects
- Contribute to public research objectives
- Team leader within the Security Operations team focused on establishing and delivering a threat intelligence capability
- Producing, editing, and distributing a variety of concise and actionable threat analysis and warning products in written and presentation form to an audience that spans a range of customers from senior company executives to security analysts and system administrators
- Conducting studies and making recommendations to identify cyber threats
- Identifying and developing threat signatures from all available sources
- Apply critical thinking and writing with a focus on attacker capability to destroy, degrade or deny access to systems and information
- Nine or more years of experience in computer forensic analysis
- Fundamental Internet protocols, services, and technologies (e.g., HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, ICMP, JSON, REST)
- Excellent technical writing abilities verbal communication skills
- Technical expertise and/or breadth in systems environments and strategic technologies
- Reverse engineering and experience on multiple platforms
- Threat intelligence correlation experience is a plus
Threat Intelligence Job Description
- Assists in the refinement of the application penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing research
- Work with other IT support departments to ensure best practices are followed for maintaining SEP
- Utilize experience analyzing and synthesizing information with other relevant data sources, providing guidance to analysts and operators, evaluating, interpreting, and integrating all sources of information, and fusing computer network attack analyses with available threat feed data
- Communicate to team members and senior leadership both quantifiable and qualifiable cyber risk to the organization through operational briefings and threat intelligence reports
- Train and mentor junior team members on intelligence analysis
- Develop and use predictive analytics to counter threats by tracking attack campaigns
- Provide actionable information by producing
- Conduct studies and make recommendations to produce a library of cyber threats
- Collaborate with teammates to develop focused threat intelligence that protects our clients
- Perform a thorough assessment of Customer Enterprise risks and identify areas of improvement within the Security landscape
- Strong communication skills, particularly written communication
- At least one security related certifications CISSP, CISM, CISA
- Experience with support of Information Security operational needs incident response, problem management, investigation support, data collection, and Information Security initiatives
- Ability to manage teams including scheduling, performance review and handling personnel issues
- Ability to write threat analysis reports and provide mitigation recommendations
- Demonstrated drive and interest in security topics
Threat Intelligence Job Description
- Continuous development of advance hunt techniques for the identification of threat actors across the McDonalds environment
- Develop new threat intelligence, detection, and hardening strategies
- Provide information protection expertise to operational teams to ensure systems are properly protected and monitored by design
- Profile new and emerging threats to the technology landscape
- Enhance internal investigation capabilities for responding to security events
- Serve as a member of the incident response team, providing mentoring to other team members as needed, while performing Level 2 support
- Contribute ideas to the future state technology roadmap ensuring effective investments are made to enable scale, quality, and maintenance and overall cost effectiveness
- Operate the SIEM and Security Analytics systems along with security monitoring and third party tools used for intrusion analysis and incident response
- Support information security investigations
- Refresh / develop new threat intelligence, detection, hardening strategies
- B-degree in a Technology related field (NQF level no
- Strong programming skills in multiple languages (Python, Ruby, C, etc)
- Experience with cloud services and building distributed, scalable applications
- Experience with containers technologies
- Intermediate programming proficiency in the Python language
- Desire to learn more about data breaches and the methodologies attackers use to accomplish their tasks