Autonomous Threat Sweeper Analyst
Securonix
Securonix is leading the evolution of SIEM for today’s hybrid cloud, data-driven enterprises. Securonix Unified Defense SIEM provides organizations with content-driven threat detection, investigation, and response (TDIR) solutions built with a highly scalable data cloud and a unified experience from the analyst to the CISO. The innovative cloud-native solution enables organizations to scale up their security operations and keep up with evolving threats.
Securonix Unified Defense SIEM provides organizations with 365 days of ‘hot’ data for fast search and investigation, threat content-as-a-service, proactive defense with continuous peer and partner collaboration, and a unified Threat Detection, Investigation, and Response (TDIR) experience, all in a single platform. The platform is built on a cloud-native architecture and leverages the power of the Snowflake Data Cloud.
Job Title: Cyber Threat Intelligence Analyst
Job Level: Individual Contributor
Total Experience: 3-6 years
Relevant Experience: 3+ years
Summary:
The Securonix Threat Labs team is looking for an experienced Cyber Threat Intelligence Analyst with threat hunting experience to join our team. The role will play a critical function on the Autonomous Threat Sweeper and Threat Intelligence offerings. The Securonix Autonomous Threat Sweeper (ATS) engine automatically and retroactively hunts for new and emerging threats in current and long-term historical data based on the latest, up-to-date threat intelligence. You will serve as the front-line expert on threats facing our customers and you interact with researchers and detection engineers on a daily basis. The ATS Analyst will be responsible for processing, organizing and analyzing incident indicators as well as correlating said indicators to various intelligence holdings. The ATS Analyst will also be responsible for assisting in the coordination with internal teams as well as in the creation of engagement deliverables. The successful applicant should be expected to identify potential cyber threats, determine levels of risk, and produce analytical reports for a variety of audiences. You will occasionally be required to present your findings in front of senior executives and customers. Outstanding problem-solving skills are essential. When serious threats are identified, you will work closely with other areas of the security team to identify appropriate solutions. You must be passionate about technology, and able to learn the ropes of new security solutions rapidly.
Responsibilities:
- Cyber Threat Intelligence & Threat Hunting Responsibilities: Actively monitor, consume, research, and evaluate all-source cyber threat intelligence and perform proactive threat hunting to maintain a broad understanding and knowledge of the evolving threat landscape, adversarial tactics, techniques, and procedures (TTPs), and undiscovered threats within internal environments.
- Maintain and drive the development of new reports of Cyber Threat Intelligence analysis to peers, management, and customers for purposes of situational awareness and making threat intelligence actionable while integrating findings from threat hunting activities to enhance the relevance of the reports.
- Conduct in-depth threat hunting operations to identify undetected cyber threats, leveraging a combination of threat intelligence, internal security telemetry, and behavioral analysis techniques. Work closely with the security operations center (SOC) to uncover potential adversary activity.
- Evaluate, analyze, and derive actionable threat intelligence from a variety of open-source, commercial, and private sources to deliver quality deliverables to both technical and executive audiences, integrating insights gained from threat hunting operations.
- Assess, curate, and manage multiple threat intelligence feeds to enable the correlation of security events and support targeted hunting efforts based on the latest adversary techniques.
- Effectively perform all phases of the intelligence cycle (collection, analysis, production, and dissemination), while continuously integrating threat-hunting insights into the intelligence lifecycle to enhance detection strategies.
- Collaborate with operation teams to build novel detections, establish repeatable processes, drive threat hunting playbooks, and foster automation for containment and remediation activities based on the latest TTPs identified in both threat intelligence and threat hunting.
- Provide tactical and operational intelligence support for the Securonix Autonomous Threat Sweep service as well as Securonix Threat Intelligence services, incorporating findings from proactive threat-hunting operations to enrich service offerings.
- Perform proactive all-source research to identify and characterize new threats to the customer base and draft related threat intelligence products, where appropriate , complementing this research with targeted threat hunting to validate and investigate potential risks.
- Collaborate internally and externally, develop, enhance, and produce Securonix threat intelligence products, while contributing threat-hunting insights to ensure comprehensive reporting.
- Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution, and establishing countermeasures to increase cyber resiliency and proactive threat mitigation, while conducting active hunts based on identified trends.
- Develop compelling intelligence briefings, reports, and short position papers, with a focus on relevant, actionable intelligence, including findings and insights from targeted threat hunts.
- Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes, and collaborate with threat hunters to refine detection strategies based on adversary behavior.
- Collect, fuse, and analyze high volumes of open-source and proprietary threat reporting to provide predictive and actionable cyber threat intelligence, while ensuring ongoing threat-hunting activities address emerging threat vectors.
- Participate in threat intelligence vendor evaluations and expanding the capabilities of our threat intelligence service offering, particularly in areas that enhance our threat-hunting capabilities.
- Creation of detailed process documentation, including threat-hunting methodologies, detection tuning processes, and lessons learned from past hunts.
- Provide curated cyber intel to support the development of use cases mapped to common frameworks (e.g., MITRE ATT&CK) for detecting new/evolving threats, while actively hunting for those evolving threats in the customer environment.
- Respond to requests for ad-hoc reporting and research topics from management as required, providing both threat intelligence and threat-hunting context.
- Responsible for the development and publication of customer-facing and external intelligence products, with emphasis on findings from threat hunts to improve situational awareness.
- Communicate analytical findings to various audiences through in-person and virtual presentations, including threat-hunting methodologies and discoveries.
- Produce and review intelligence summaries for internal teams and clients, integrating threat-hunting activities and outcomes.
- Maintain memberships and establish intelligence-sharing relationships with appropriate sources within the intelligence community, while leveraging those relationships to inform threat-hunting initiatives.
- Research sets of standardized queries related to cyber threats for specific clients on a regular basis (daily, weekly, monthly, quarterly), and conduct threat-hunting tasks based on this ongoing research to identify active or latent threats.
Requirements:
- 3+ years of experience as a Cyber Threat Intelligence analyst, conducting all-source intelligence with a focus on cyber threat analysis, with additional experience in threat hunting and detection, actively uncovering hidden threats within an environment or a combination of intelligence, research, threat detection, or incident response work.
- Exhibit a deep knowledge of adversary techniques and emerging threats that could have a direct or indirect impact on business operations, technology infrastructure, and customer trust, with demonstrated application of CTI principles, including threat-hunting techniques to include adversary methodologies, TTPs, IOCs, and malware analysis.
- Understanding and knowledge of open source and commercial platforms, tools, and frameworks used within threat intelligence and threat hunting teams, such as threat intelligence platforms, threat-hunting tools, SIEM systems, malware sandboxes, and reverse engineering tools.
- Experience leveraging internal, commercial, and open-source tools and data sources to analyze, enrich, and synthesize indicators of compromise and/or other intelligence artifacts to provide meaningful and actionable intelligence and to identify active threats through proactive hunting.
- Experience creating and presenting technical analysis through written products and presentations, such as conference presentations, webinars, formal publications, blog posts, and/or white papers, particularly around threat hunting and detection strategies.
- Experience applying CTI expertise to drive impactful outcomes in cross-domains areas including but not limited to finance, disinformation, targeting, and space, as well as within threat-hunting and detection operations.
Preferred:
- Quantifiable experience as both Intel Analyst and Threat Hunter.
- Experience in writing, debugging, and maintaining code in one or more languages/platforms (i.e. Python).
- General log analysis (cloud services, DNS, email, DHCP, VPN, etc.) experience using SIEM or other security data lake platforms, with a focus on threat-hunting activities within these logs.
- Ability to quickly and effectively digest disparate data sources to determine security implications and risk levels, with experience in correlating threat intelligence with real-time hunting efforts.
- Indicator, Signature, and TTP development and management experience with hands-on threat-hunting in enterprise environments.
Benefits:
As a full-time employee with Securonix, you will be eligible for the following employee benefits:
- Health Insurance with a total sum insured is INR 5,00,000
- Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law
- Personal Accident with total sum insured is INR 10,00,000
- Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered.
Securonix, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.
Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated.