Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
Responsibilities
- Leverage internal, commercial, and open-source tools and data sources to analyze,enrich and synthesize indicators of compromise and/or other intelligence artifacts toprovide meaningful and actionable intelligence
- Analyze raw data sets and extract relevant insight to form high quality TI responses
- Perform proactive all-source research to identify and characterize new threats to thecustomer base and draft related TI products, where appropriate
- Maintain a broad understanding and knowledge of the latest offensive and defensiveTactics, Techniques and Procedures (TTPs) as well as overall Threat Landscape trends
- Collaborate internally and externally, and develop, enhance and produce Secureworks TIproducts
- Own and execute ongoing projects such as customer threat landscapepresentations
- Identify intelligence collection gaps and communicate findings and collection
- requirements
- Initiate, propose, and update processes and standard TI operating procedures forefficient and effective response to TI and IR RFIs
- Take ownership of, triage, and update tracking systems for TI requests
- Gather contextual information from multiple sources to establish a TI request course ofaction or respond to a standard request for information related to the TI-Support serviceline
- Meet service level agreements regarding initial response time and customer notificationas necessary
- Provide internal stakeholders the necessary information for decision support andsituational awareness on service request intake activities
- Route RFIs to the proper service delivery team with the appropriate level of urgency andcommunication channel in a professional and courteous manner with an emphasis on
Knowledge, Skills and Abilities
- Understanding and experience with the intelligence analysis lifecycle, including but notlimited to:
- Conducting all-source intelligence research
- Mining internal and externaldatabases/repositories
- Pivoting research focus on TI indicators of interest
- Developing assessments with evidential basis
- Translating findings into client responses and/or threat intelligence reports
- Fundamental knowledge in most of the following areas:
- Familiarity with advanced search engine functionality and search querycustomization.
- Unix, Linux, Windows, and OSX operating systems
- Exploits, vulnerabilities, intrusion vectors, and malware
- Host forensics, network forensics, and malware analysis techniques
- Network traffic analysis, endpoint activity analysis, and log analysis techniques
- Understanding of enterprise cyber incident management and response processes
- Understanding of enterprise cybersecurity controls and failure modes
- Excellent technical communication skills (oral and written) including experience briefingexecutive management
- Excellent organization and resource management skills
- Excellent capability to prioritize multiple and concurrent urgent tasks
Desired Experience/Training:
- Professional degree relevant to cybersecurity or intelligence analysis or equivalent workexperience within a technical information security-related role such as SecurityOperations, Incident Response, or Threat Intelligence analysis
- Relevant governmental, military, commercial training and experience in cybersecurity andother industry standard certifications are a plus
- Professional certifications such as GCTI, GCIA, GCIH, GREM, CISSP, CISM, or similarcybersecurity technical certifications are a plus
- DevOps methods and ITIL framework knowledge are a plus