Cybereason is on a mission to reverse the adversary advantage by empowering defenders with ingenuity and technology to end cyber attacks. Talking of technology, we posted the best results in the history of MITRE ATT&CK Evaluations and were named a leader in the 2023 Magic Quadrant for Endpoint Protection Platforms by Gartner Inc.
About the Role:
As a Cybereason Cyber Threat Intelligence Analyst, you will be instrumental in the detection and analysis of potential cyber threats, evaluating their risk level, developing comprehensive analytical reports for a variety of audiences, and improving the delivery of security services across the entire scope of our company. You will be required to communicate complex cyber threats to both technical teams and non-technical senior executives, making your ability to translate intricate technical details into clear, understandable terms a vital asset to our team.
Responsibilities:
- Perform Cyber Threat Intelligence collection and analysis to support requests for information and generation of intelligence information for specific threat intelligence products at the tactical, operational, and strategic level.
- Execute strategic and tactical operations focused on developing, applying, and communicating a deep understanding of cyber threat actors, campaigns and nation-state-level threats.
- Identify and correlate technical indicators of compromise to enhance detection engineering and incident response.
- Produce written and verbal threat intelligence products and communications for delivery to and action by multiple stakeholders to support customer strategic decision-making.
- Provide security and threat intelligence thought leadership to stakeholders.
- Collaborate with Global SOC and IR teams during investigations and mitigation efforts by providing timely intelligence before and during critical incidents.
- Rapidly learn and adapt to new security technologies and threats.
- Perform open source intelligence (OSINT) collection and analysis, identifying relevant indications of cyber threats, malicious code, malicious websites, and vulnerabilities.
- Participate in creating and executing projects to continuously improve Cybereason Threat Intelligence sources, tools, processes, and deliverables. Develop and document processes, workflows, and automation that leverage the Cybereason Technical Stack to identify and assess potential threats.
- Provide security and threat intelligence mentoring to other teammates.
- Work with third parties to develop shared intelligence.
Key Performance Indicators (KPIs):
- Accuracy and timeliness of Threat Intelligence deliverables (written and verbal).
- Effectiveness of communication with both technical and non-technical audiences.
- Impact of contributions to Cybereason Security Services performance in the form of improvements to:
- Incident response timeliness
- Enhanced detection of emerging threats
- Analyst triage and hunting efficiency (through reduction in manual efforts or increase in automated workflows)
- Level of adaptability to new threats and technologies.
Qualifications:
- 4+ years of relevant experience in the cybersecurity industry, particularly in the areas of Threat Intelligence, Incident Response, Endpoint Security, Forensics, or Penetration Testing.
- Foundational understanding of computer networking and modern computer architecture/operating systems.
- Familiarity with common Cyber Threat Intelligence tools (MISP, OpenCTI, Shodan, VirusTotal, GreyNoise, etc.) and sharing protocols (i.e. STIX, TLP).
- Working knowledge MITRE ATT&CK, Lockheed Martin’s Cyber Kill Chain, Diamond Model analysis, VERIS framework, and CVSS required.
- Background and experience in at least 3 of 6 areas is required:
- Cyber Threat Intelligence - OSINT, Dark Web, or research
- Digital Forensics & Incident Response (DFIR)
- Detection Engineering (in support of EDR/XDR/MDR platforms)
- SOC operations and analysis
- Malware analysis & reverse engineering
- Penetration Testing and/or Red Team
- Proven ability to conduct detailed analytical reports and presentations.
- Demonstrable problem-solving and analytical thinking capabilities.
- Strong presentation and interpersonal communication skills.
- Ability to manage competing priorities and work efficiently under pressure.
- Experience with a scripting language (Python, Lua, Bash, etc.) is advantageous. A keen interest in technology and cybersecurity is essential.
- Motivation to constantly improve processes and methodologies
- Self-motivated and results-oriented; capable of leading and completing assignments without supervision.
- Excellent interpersonal, verbal & written communication skills
- Ability to work both independently as well as on a team. Comfortable working in remote work environments with a globally distributed team in multiple countries.
- Ability to mentor others; willingness to collaborate and share knowledge
Core Values:
- Win As One: The power of an individual is less than the power of a team.
- Ever Evolving: Change keeps us at the forefront, so we encourage it.
- Daring: To achieve the impossible, we must dare to be different.
- Obsessed with Customers: We believe gaining our customers’ trust is the most important part of what we do.
- Never Give Up: We are tenacious and resilient, and we never stop.
- UbU: We believe people can only unlock their full potential when they work somewhere that accepts who they are.