Cyber Threat Intelligence Analyst

What You'll Do

Leverage a Collection Management Framework (CMF) that organizes all threat intelligence feeds, both internal and external, by indicators and data that can be ascertained as well as the methods in how data is collected
Report on potential areas of compromise and areas of concern through information provided by threat intelligence sources
Apply the indicator lifecycle (revealed, matured, utilized) to validate incoming indicators and determine relevance to Veeva
Detect patterns of ongoing intrusion and intrusion attempts across Veeva and the industry to predict future IOCs and suggest implementations
Utilize CTI tools to detect/report on trends to drive decisions influencing defensive operations
Report actionable metrics related to adversarial behavior to drive prioritized defensive actions
Support incident responders with relevant IOCs and historical data during ongoing investigations
Author intelligence reports that address intelligence requirements and RFIs from across the company
Support engineers in the preparation, design, and execution of threat hunt missions
Research and analyze adversarial threat behaviors to prepare for emulation exercises to assess controls
Apply threat intelligence methodologies to internal log data and User and Entity Behavior Analytics (UEBA) to detect anomalies indicative of insider compromise or collusion

Requirements

Good understanding of the Kill Chain and Diamond models, and means to merge them
Ability to leverage MITRE ATT&CK in support of CTI reporting
Good familiarity with some OSINT and proprietary CTI tools, examples as: DomainTools, MISP, YARA, ISAC/ISAO feeds, CyberChef, DataSploit, FireHOL, Maltego, Shodan, ThreatQuotient, Recorded Future Anomali, etc.
Good familiarity with modern threats, top delivery vectors, and methods of exploitation
Experience in organizing, processing, analyzing, and vetting indicators using sorting/processing tools to maintain a current, relevant threat database
Experience in leveraging existing threat intelligence to augment investigations during incident response
1+ years of experience in a cyber threat intelligence-related field, or 3+ years of experience in a cybersecurity operations field
Experience analyzing behavioral telemetry and system logs (e.g., SIEM, EDR, UEBA) to identify technical indicators of insider risk
Strong familiarity with different levels of CTI products (Strategic, Operational, Tactical/Technical)
Good understanding of the different phases of the CTI lifecycle (Planning, Collection, Analysis, Production, and dissemination/feedback)

Nice to Have

Threat Intelligence or Intrusion Detection-related certification, such as GCTI, GOSI, CTIA, GCDA, GCIA, CCTIA, CTIP, CPTIA, CRTIA, etc.
Experience in enriching data of the four atomic indicators (domains, strings, IP addresses, accounts) to deliver additional context to incident responders
Solid background in cloud security principles
Experience in creating and maintaining a prioritized list of critical assets and understanding the top threats against them
Experience with threat hunting development
Experience in threat emulation or use of deceptive technologies

Perks & Benefits

Medical, dental, vision, and basic life insurance
Flexible PTO and company paid holidays
Retirement programs
1% charitable giving program

Compensation

Base pay: $75,000 - $125,000
The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.