CAREERS
Slider
Job Title CityApply
Tactical Cyber Intelligence Analyst

The R-CISC has an immediate opening for an experienced, and motivated Tactical Cyber Intelligence Analyst. As a Tactical Cyber Intelligence Analyst, you will be focused on supporting R-CISC member organizations through the tactical analysis of ongoing attacks and threat hunting operations. In this role, you will support data analysis, incident response, investigative analysis, and research on existing and emerging cyber threats, particularly those directed against the Retail Sector and member organizations.  You will be expected to "think like an adversary" and engage in threat hunting operations leveraging your understanding of the tactics, techniques and procedures employed by advanced threats, combined with intelligence from multiple sources. The successful candidate will be required to analyze indicators to generate actionable intelligence and insight into current threats. He or she will help enhance member capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. A deep understanding of current APT actors and TTPs as well as experience performing question driven analysis is required. Candidates should have a solid understanding of network and host based indicators and how to best leverage them. He or she should be able to script and help automate recurring tasks to improve the overall effectiveness of the team. Additionally, you will maintain trusted relationships with member CTI, IR, SOC, and Cyber Security teams providing tactical subject matter expertise,  reporting and briefings to other teams and leadership in order to maintain appropriate levels of situational awareness, and contribute to technical innovation to further evolve member organization’s defensive capabilities and methodologies. The R-CISC has a primarily remote work environment. Preference will be given to candidates with remote work experience. Successful  candidates will have dedicated space for remote work at home, ability to work from our office in the Washington D.C. metro area at least one day per week, and available to travel within the U.S. and/or Canada for various client visits and events four or more times per year. Responsibilities

  • Leverage understanding of tactics, techniques and procedures associated with advanced threats to create and add custom signatures that mitigate highly dynamic threats to the enterprise.
  • Provide R-CISC member organizations with actionable intelligence and serve as the tactical dissemination hub for the R-CISC community.
  • Recommend and support advanced forensic tools and techniques for attack reconstruction and intelligence gathering.
  • Work with industry partners to gather and share intelligence. Apply intelligence to member attack vectors and systems to proactively identify potential cyber threats.
  • Identify and evaluate new sources of intelligence and integrate numerous types of cyber security data sources into cyber threat analysis products.
  • Support the development and execution of custom scripts to identify host-based indicators of compromise
  • Proactively research emerging cyber threats. Apply analytical understanding of attacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
  • Produce tactical threat intelligence reports and briefings, that provide situational awareness of cyber threats impacting the R-CISC and member organizations.
  • Support threat hunt operations for R-CISC members using known adversary tactics, techniques and procedures, as well as indicators of attack, in order to detect advanced threats to member organizations.
  • Ensure timely response to deadlines and administrative actions.
  • Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals.
  • Stay abreast of world-wide events that are indicators of developing trends for situational awareness.
  • Mentor and guide less experienced CTI team members.
Qualifications
  • Experience performing "deep dive" analysis and correlation of log data from multiple sources including PCAP and forensic artifacts.
  • Experience with incident response activities involving threat actors and working ongoing pervasive intrusion sets.
  • Strong skills in tactical cyber threat intelligence
  • Experience with vulnerability research, exploit and/or malware investigation.
  • Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
  • Experience with Threat Intel Platforms and SIEM-type platforms
  • Capable and comfortable communicating actionable threat intelligence to both technical and operational-level stakeholders.
  • Familiarity with common languages (like Perl and Python) to parse logs, automate processes, and integrate systems.
  • Previous experience as Threat Researcher and/or Intelligence Analyst.
  • A deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats.
  • Experience applying threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards, and metrics driven reports.
  • Minimum four years of experience in Cyber Security with at least 2 years of Threat Intelligence related experience.
  • Preferred key industry certifications such as CEH or GCIH.
Interested? Please submit a cover letter that conveys experience and qualifications specific to this role, resume, salary history and/or salary expectations (your preference) via email to tommy.mcdowell@r-cisc.org.  

Washington, DCLearn More