The Threat Intelligence Manager will play a crucial role in identifying, analyzing, and mitigating potential threats to our organization's digital infrastructure, ensuring the continued security and resilience of our systems.
The candidate should possess a deep understanding of cyber threat landscapes, excellent analytical skills, and the ability to provide actionable insights to enhance our organization's security posture.
Cyber Threat Intelligence Manager has a deep experience with collection, analysis, processing, and distribution of threat intelligence in Cyber Fusion Center.
The manager will work closely with the analyst and multiple teams, including incident response, threat defense, attack surface management and security engineering in a fast moving and agile environment.
Key responsibilities
Monitor and analyze various sources of threat intelligence, including open-source feeds, industry reports, dark web forums, and internal security data to identify emerging cyber threats, vulnerabilities, and attack techniques.
Develop and implement strategic threat intelligence initiatives, guiding the organization's response to changing threat landscapes and threat actor behaviors.
Identify trends and patterns in cyber-attack methodologies, tactics, techniques, and procedures (TTPs) to proactively assess potential risks to the organization's systems and assets.
Monitor various online channels, including social media platforms, forums, and dark web forums, for mentions of our clients' brands and potential threats
Create and deliver comprehensive threat intelligence reports, briefings, and presentations to inform stakeholders at various levels of the organization about emerging threats, risks, and recommended mitigation strategies.
Lead threat intelligence efforts during security incidents, providing expert guidance to incident response teams to ensure rapid and effective resolution.
Stay up to date with the latest cyber threat landscape, industry trends, and advancements in threat intelligence methodologies to ensure the organization remains ahead of potential threats.
Qualifications and experience
BA/BS/BE or MS degree in IT, Computer Science or equivalent required.
7+ years of experience in one or more of the following areas: Threat Intelligence, Incident Response, Digital Forensics or Malware Analysis.
2+ years of experience with Threat Intelligence platforms such as Anomali, MISP, OpenCTI, Threat Connect, etc.
Experience with intelligence exchange protocols: STIX/TAXII.
Working knowledge of Security related scripting, Python, SOAP/REST APIs, JSON, Kusto/KQL, PowerShell.
Experience with SOC SOPs, playbooks, work instructions and/or other process documents.
Relevant professional certifications in information technology or cloud security e.g. CISSP, CCSP, SANS FOR578(GCTI), SANS 508 (GCFA), etc.
In depth understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK).
Leverage the threat intelligence lifecycle and priority intelligence requirements to track threat actors, research cyber threats, conduct analysis and create threat intelligence.
Analyze external technical and non-technical data from various intelligence sources to build threat actor profiles and track threat actor activities both externally and internally.
Research new and emerging vulnerabilities, threat actor's tactics, techniques, and procedures, and conduct threat hunting within the environment for the presence of related activity.
Collaborate with members of the Cyber Fusion Center on emerging threats, cyber threat actor's activities, targeting, and operational tempo.
Support & Perform investigation and escalation for sophisticated or high severity security threats or incidents.
Integration of Threat Intelligence, Digital Risk services with multiple security detection & response technologies.
