SAP Operational Cyber Threat Intelligence Analyst 

United States, Pennsylvania, Newtown Township 

258968892

In this role you will craft custom scripts to collect highly actionable information that enables cyber intelligence operations and informs the organization’s understanding of the threat landscape at the adversary level. In addition, you will work with SIEM and SOAR technologies to further exploit and operationalize collected information to drive threat detection and threat hunting efforts. You will identify gaps in tooling utilization and optimize existing technologies to further mature and scale cyber intelligence capabilities. You will work with peer security teams and relevant stakeholders across lines of business to collect and disseminate threat intelligence as well as support critical incidents and investigations. You will identify, pivot, and enumerate adversarial infrastructure and build automated playbooks to drive proactive security actions across the organization. Lastly, this role requires a consummate team player willing to go above and beyond in delivering a world class operational cyber threat intelligence capability in support of SAP and its global business.

Key Responsibilities:

• Identify, track, and analyze cyber threat actors and their tactics, techniques, and procedures (TTPs) to help drive threat detection operations (TDO) by supporting detection engineering detection logic creation.
• Develop and maintain automated tools and scripts to enhance the collection and processing of cyber threat intelligence.
• Identify opportunities to drive tool optimization (i.e., threat intelligence platform) through advanced integrations with wider organizational technology stack.
• Track and enumerate prioritized adversary C2 infrastructure using open source tools to enable “left of boom” analysis and trigger automated playbook actions.
• Identify opportunities to integrate generative AI technologies into intelligence collection, processing, and analysis workflows.
• Use coding skills (e.g., Python, PowerShell) to create custom solutions for data extraction, correlation, and analysis.
• Utilize Security Information and Event Management (SIEM) tools to collect, correlate, and analyze security events and alerts and create custom dashboards to visualize data.
• Implement and manage Security Orchestration, Automation, and Response (SOAR) solutions to streamline and automate intelligence collection and follow-on actions
• Collaborate with incident response teams to contain and remediate critical incidents.
• Support Asymmetric Threat Hunting efforts by providing technical input on threat actor TTPs to enable hypotheses generation.

Required Skills and Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Intelligence Studies or related fields.
• Proven experience (3+ years) as a Cyber Threat Intelligence Analyst with a focus on operational intelligence combining analysis with technical collection.
• Demonstrable experience in coding language, particularly Python and PowerShell.
• Strong proficiency in open source intelligence (OSINT) methodologies and tools for gathering, analyzing, and interpreting threat data.
• Proficiency in SIEM and SOAR platforms to enable cyber intelligence collection and processing of information through automated playbooks.
• Excellent report writing skills with the ability to create clear, concise, and impactful intelligence reports incorporating graphics and visualizations.
• Expert understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.)
• Experience in conducting threat intelligence briefings and presentations to senior management and decision-makers.
• Strong analytical skills with the ability to think critically and solve complex problems under pressure.

Preferred Qualifications:

• Certifications such as Certified Threat Intelligence Analyst (CTIA), Certified Information Systems Security Professional (CISSP), or equivalent.
• Experience with threat intelligence platforms, SIEM and SOAR platforms, and various security vendor portals/platforms.
• Expert knowledge of programming or scripting languages (e.g., Python, PowerShell) for automation and data analysis.

We win with inclusion

Philadelphia