Cyber Threat Intelligence Analyst - Global Threat Operations
Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at https://www.trustwave.com.
A Cyber Threat Intelligence Analyst is a member of the TDR SpiderLabs Applied Intelligence (SLAI) team within Trustwave Managed Security Services (MSS). The mission of this MSS team is to collect, curate and operationalize cyber threat intelligence (CTI) for internal security operations services teams. This team will provide advisory support to internal Trustwave stakeholders and lead the MSS organization active response and emerging threat functions as it relates to newly discovered incidents, threat campaigns, recently discovered 0-days, and geo-political events that may have significant impact to Trustwave MSS clients.
Responsibilities include but not limited to:
- Source and execute an intel curation methodology to identify, classify and prioritize threats from internal sources, 3rd-party, OSINT, DarkINT, social, etc.
- Maintain the MSS Threat Intelligence Platform
- Provide advisory support and reporting on threat actors, groups and campaigns to internal teams
- Manage and respond to emerging threat activity for MSS
- Develop actionable threat intelligence; both tactical and operational
- Execute proactive threat actor tracking and build a portfolio of threat profiles and trends from MSS activity
- Apply intelligence through collaboration with peers to create use cases and detection rules for MSS
- Perform periodic cyber advisory presentations for Trustwave teams
- Complex critical thinking and security analysis skills
- Advanced written and verbal communication skills for a wide array of audiences
- Ability to communicate technical risk details into easy-to-understand language
- Knowledge of intelligence lifecycle
- Solid understanding of MITRE ATT&CK, Diamond model, NIST and other relevant frameworks
- Ability to prioritize and execute tasks in a high-pressure environment
- Experience working in a team-oriented and collaborative environment including cross-functional collaboration
Skills & Knowledge Requirements:
Must have intermediate skills/knowledge in some of the following:
- 1 – 2 years’ experience using and maintaining MISP or similar TIP solutions
- Minimum of 2-years’ experience producing threat intelligence, tracking cyber threats, incident response and/or threat hunting with a focus on attacker TTPs and attribution
- Understanding of STIX / TAXII
- Scripting, Python, and API experience
- 1-3 years of SIEM experience with Microsoft Sentinel, Splunk, IBM Qradar or other platforms
- 1-3 years of EDR experience with solutions from Microsoft, Palo Alto Networks, Sentinel One, Trellix, Crowdstrike or other platforms
- Unix/Linux and Windows system administration
- Excellent analytical thinking and problem-solving skills
- Superb incident management and incident response skills
- Strong oral and written communication skills
- Self-managed and team oriented
- Deadline and detail oriented
- Highly motivated with excellent teaming and customer service skills
- English: Demonstrated Fluency
- Intermediate to advanced experience in Information Security related areas like CTI, SIEM, EDR, or DFIR
- Certified in Security related Industry, Vendor or Professional Certification- Certified Threat Intelligence Analyst, GCTI, Security+, etc
- Proficiency in languages such as Russian, Farsi, Mandarin, Arabic
We prefer college educated applicants, but at minimum, high school diploma or equivalent is required for employment.
Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities
This is a remote opportunity open to anyone legally authorized to work in the Poland. Guided by our flexible workplace philosophy, Moments That Matter, people gather in the office when in-person interaction is most impactful; full-time remote employees may be asked to travel occasionally based on the needs of the team and the business.
To All Agencies:
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.