Cybersecurity Threat Senior Analyst

| Raleigh-Durham, NC
Sorry, this job was removed at 4:48 p.m. (CST) on Sunday, May 8, 2022
Find out who's hiring in Raleigh, NC.
See all Data + Analytics jobs in Raleigh, NC
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility or call 877-891-2510 (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency: English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

Job Profile Summary

Responsible for designing and executing tactical cyber threat intelligence workflows, relative to the threat landscape and using defined CTI lifecycle guidelines. Responsible for maintaining the Threat Intelligence Platform, its content and associated feeds, identifying and analyzing relevant cyber threat intelligence to guide the deployment of countermeasures, remediation's, continuous tuning to policies and security controls. Partners with the Cyber Fusion Center in supporting fusion workflows (contributing to IR investigations, SOC QA, detections engineering). Expected to contribute to threat hunts from definition to execution in network, endpoint, and log analytics areas. Expected to contribute to use case development for detections engineering. Expected to provide written and verbal briefings, consume and produce tactical threat intelligence for the bank and the threat Intel community (e.g. FSISAC, etc.)

*REMOTE OPPORTUNITY

Job Description

Essential Duties and Responsibilities

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

1. Participate in escalated computer security incidents and cybersecurity investigations including computer forensics, network forensics, root cause analysis and malware analysis and execute on appropriate mitigation strategies for identified threats.

2. Serve as coordinator in the event of escalated cybersecurity threats/incidents for Tier 1 analysts.

3. Participate in the creation and maintenance of use cases for recurring investigation/incident triggers in support of the 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.

4. Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers in support of 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.

5. Interface with other teams in Information Security (e.g. network operations, Cyber Threat Operations Center (CTOC), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.

6. Deliver cyber intelligence services and material to enterprise technology and business leaders.

7. Identify new threat tactics, techniques and procedures used by cyber threat actors.

8. Participate in threat hunting activities to proactively search for threats in the enterprise environment.

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Bachelor's degree in Computer Science or related field or equivalent education and related training

2. Two to Five years of experience in Cybersecurity or related work

3. Broad knowledge of general IT with a focus area in two or more of the following areas: operating systems, networking, computer programing, web development or database administration

4. Demonstrated advanced knowledge of cyber security concepts with a focus area in two or more of the following: attack surface management, Security Operations Center (SOC) operations, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) use, threats (including Advanced Persistent Threat (APT), insider), vulnerabilities, and exploits; incident response, investigations and remediation

Preferred Qualifications:

1. Two to Five years of delivering on Cyber Threat Intelligence Requirements (one or more specializations: collection, analysis, production) to an intelligence-driven organization, preferably in a financial services or a critical infrastructure vertical.

2. Demonstrable capability and expertise in one or more areas of threat intelligence (strategic, operational, and tactical-preferred).

3. Strong written and presentation skills, ability to work independently and remotely with a diverse group of analysts, using set of intelligence tools and feeds, catering to diverse group of stakeholders, including business and leadership.

4. Source/collection management, tuning for open source and paid collections against intelligence collection requirements.

5. Capability to apply cyber threat intelligence lifecycle and supporting tools & technologies to solution and workflow engineering (threat modeling, threat assessment, hunting, countermeasures use cases, controls content and policy).

6. Experience with following:

  • MISP or ThreatConnect, or similar TIP
  • Configuring threat intelligence collections per requirements in one or more of the following tools:
    • Flashpoint, RecordedFuture, Mandiant Intelligence, Intel471
  • Experience with OSINT and dark web collections
  • Experience with tracking threat actor infrastructure and TTPs
  • Splunk, querying, log analytics
  • Ability to work with IR teams during incidents, investigations. Ability to work with red teams.
  • Previous experience or current expertise in one or more areas: endpoint security, network security, cloud security and associated tools.

7. Relevant industry Certifications, such as GIAC Security Essentials (GSEC), Cisco Certified Network Associate (CCNA), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), Threat intelligence GCTI, etc.

Truist supports a diverse workforce and is an Equal Opportunity Employer who does not discriminate against individuals on the basis of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Drug Free Workplace.

EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify

More Information on DO NOT USE - Truist
DO NOT USE - Truist operates in the Fintech industry. The company is located in Charlotte, NC. DO NOT USE - Truist was founded in 2019. It has 12339 total employees. It offers perks and benefits such as Remote work program, Flexible Spending Account (FSA), Disability insurance, Dental insurance, Vision insurance and Health insurance. To see all 1 open jobs at DO NOT USE - Truist, click here.
Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Similar Jobs

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about DO NOT USE - TruistFind similar jobs