Job Purpose
An IS Intelligence professional is part of a global team responsible for the ICE’s Information Security program. This position requires technical proficiency as well as an eager attitude, professionalism, and solid communication skills.
Responsibilities
- Assisting in the day-to-day maintenance and management of threat intelligence workflows, including vulnerability management, threat hunting, coordinating with incident response to provide contextual intelligence, and triaging and processing tickets.
- Working in a Linux environment with open source and custom tools to manipulate data from Splunk, Elastic/ELK, and other sources into standardized formats, including writing custom scripts to automate basic file processing and data manipulation tasks.
- Threat hunting across the attacker kill-chain for advanced adversaries targeting ICE’s assets and employees, which constitute critical financial infrastructure.
- Reading, summarizing, and analyzing articles and reports from threat intelligence vendors, security websites, and researchers to determine their applicability to ICE’s environment and staff -- answering the question "so what?" and disseminating that information to intelligence stakeholders.
- Researching new open-source tools and projects to identify opportunities for improving the workflows and efficiency of the Threat Intel Team, Red Team, and Incident Response Teams.
Knowledge and Experience
- University degree in Engineering, MIS, CIS, or related discipline
- Systems administration or networking experience and/or coursework
- Experience coding in Python, Bash, and/or PowerShell
- Experience with Linux
- Experience in an exchange, trading facility, or other financial services
- Demonstrated interest in intelligence analysis, threat hunting, and/or vulnerability research
Specific Technologies:
- Security automation tools, threat intelligence platforms, cloud security tooling, Splunk, ELK stack, data lake or other database tools, intelligence analysis techniques