Seach

Senior Threat Intelligence Analyst

Senior Threat Intelligence Analyst

Responsibilities

●    Discover, analyze and track advanced adversary cyber campaigns, assess the threat implications and overall risk those campaigns may pose to particular sectors, customers, and networks.
●    Fuse internally derived and externally available cyber threat intelligence into techniques, analytics, and methodologies intended to detect and track advanced threats.
●    Identify and correlate adversary tactics, techniques, and procedures (TTPs) across a range of raw data sources to derive analytics and techniques for continued detection, metric output for assessing the risk of TTPs, and the profiling of threat actors utilizing these TTPs.
●    Work in concert with network defenders to develop actionable detection and mitigation plans to be integrated into various BlueVoyant product lines.
●    Work with analytic developers and data scientists to automate threat detection, analysis, and tracking of the threat actors and TTPs.  Build POC analytics, and work these up to Internet scale.
●    Support managed security services and incident response efforts by providing threat research and expertise when requested. Ensure that network defenders have sufficient contextual threat knowledge to take corrective action.

Basic Qualifications

●    Demonstrated knowledge of network protocols, including DNS, BGP, RDP, SNMP, standard web sessions, etc.
●    Familiarity with network scanning methodologies, toolsets, and vulnerability assessment practices.  Specifically evaluating scan outputs, altering scan parameters and regexes, and understanding when to leverage additional, deeper scan capabilities and modules.
●    Knowledge of tools and methods used in both targeted intrusions and large scale attacks.  An understanding of current trends, recent high profile vulnerabilities, and how to detect those.
●    Ability to analyze raw data and create actionable intelligence, indicators of compromise, and detection and mitigation plans.
●    Ability to work directly with customers to understand requirements for, and feedback on, threat intelligence products and services.
●    Strong communication skills and the ability to present complex technical topics to a range of audiences in clear and easy to understand language (both verbal and written).
●    Strong teamwork and interpersonal skills, including the ability to work with a globally distributed team.

Preferred Qualifications

●    Experience in areas such as traditional network/host vulnerability analysis, intrusion analysis, digital forensics, or related areas.
●    Working familiarity with tools such as Elasticsearch/Kibana, BigQuery, Hadoop or other search tools highly desirable.
●    Other tool familiarity such as Wireshark, IDA Pro, PEiD, PEview, Procmon, Snort, Bor, Kali Linux, Metasploit, NMAP, and/or Nessus are not critical, but nice to have.
●    Familiarity with Mitre ATT&CK and techniques therein.
●    Understanding of programming languages (Python, SQL, Javascript, PHP, etc) are a plus.
●    Familiarity with common cloud environments and configurations as well as evaluating the security posture of these assets.

Education

●    Degree in Information Security, Computer Science, or other IT-related field. Exceptional candidates with proven experience in cyber threat analysis will also be considered.
●    Certified Information Systems Security Professional (CISSP) Cisco Certified Network Analyst (CCNA), Certified Ethical Hacker (CEH), Security+, and/or SANS/GIAC/other relevant cyber security certifications are all pluses.

About BlueVoyant

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.