Webster Bank
New Britain, Connecticut, United States
Cyber Threat Intelligence Analyst
Posted over 1 month ago
Job Description
Date ActiveFeb 21, 2021 12:00:00 AMRequisition #20-1483Hours Per Week40Location436 Slater Road-HF308CityNew BritainStateConnecticutJob Description/ Requirements
Since 1935, Webster Bank has been helping individuals, families and businesses meet their financial goals. As a leading regional bank, Webster's strong foundation is built on our core values of responsibility, respect, teamwork, trust and commitment to our communities. Webster bankers remain our most valuable asset, and we pride ourselves on our diverse, equitable and inclusive work environment. Come join our team!
The Cyber Threat Intelligence Analyst will provide analysis on the threat landscape involving threat actors active at the global and industry level while building out a risk-based approach to the prevention, detection, and response within Webster's infrastructure. This role will serve as a member of the Security Operations Center and report directly to the Security Operations Manager. The role requires hands-on experience with Security Operations and analysis but will function as a strategic role to research threats, perform threat hunting activities, and develop alert/monitoring logic for pertinent threats to the organization.
The Threat Intelligence Analysis will provide weekly reports to management, outlining the current cyber threat landscape and identifying pertinent threats to the organization. The Analyst will consume both internal and external data to calculate risk and approach monitoring from a predictive standpoint. The analyst will assist other teams within Webster's infrastructure to identify gaps & current vulnerabilities to develop a prioritized plan for detection and remediation.
The ideal candidate will have hands-on experience with security analysis, conduct independent investigations, and the ability to synthesize complex technical reports in a manner consumable by all. Experience with Splunk is highly desired.
The Threat Intelligence Analysis will provide weekly reports to management, outlining the current cyber threat landscape and identifying pertinent threats to the organization. The Analyst will consume both internal and external data to calculate risk and approach monitoring from a predictive standpoint. The analyst will assist other teams within Webster's infrastructure to identify gaps & current vulnerabilities to develop a prioritized plan for detection and remediation.
The ideal candidate will have hands-on experience with security analysis, conduct independent investigations, and the ability to synthesize complex technical reports in a manner consumable by all. Experience with Splunk is highly desired.
The Cyber Threat Intelligence Analyst will be responsible for analyzing the threat landscape and providing a risk-based approach to detection and
Consume external threat feeds, perform analysis related to impact top Webster specific systems and develop a risk-based approach to monitoring and response.
Work closely with the SOC and Incident Response teams to detect and remediate threats to Webster systems.
Understand the relationship between Threat Intelligence, Security Operations, and Incident Response.
Act independently to investigate identified threats and determine impact to Webster.
Prove weekly synopsis of the current threat landscape and how it related to Webster.
Perform threat research and analysis to collect intelligence on the threat landscape using both open and closed sources tools.
Develop a threat intelligence sharing program with external parties such as FS-ISAC.
Automate the consumption and deduplication of threat intelligence and operationalize the data in a meaningful way to Webster Bank.
Utilize the threat intelligence platform to understand adversary tools, techniques, procedures, threat actors and campaigns, and malicious domains, URLs, IPs, and sites.
Provide an integral role within the Security Operations detection and response pipeline and feedback loop.
Provide notifications to vulnerability management and L3 team on new indicators of compromise when available and recommended courses of action to support response activities.
Provide a feed of threat observables from threat intelligence platform for ingestion into the SIEM and threat intelligence platform tool (TIP).
As needed, coordinate with the CSIRT team to contain the incident and to mitigate the threat upon notification of incident.
Have a deep understanding of the MITRE Att&ck Framework and its applicability to the SOC.
Ability to perform threat analysis using common threat intelligence frameworks such as but not limited to the diamond model, Cyber Kill Chain, Mitre Att&ck, and others.
Stand up, accelerate, and evolve cyber threat intelligence teams to increase their effectiveness.
Maintain and enhance the threat intelligence platform and SIEM integrations.
Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes.
Identify patterns, trends, and events in threat actor TTPs and campaigns and make recommendations to CSIRT and Vulnerability Management teams for proactive threat mitigation.
Perform other duties as assigned.
Consume external threat feeds, perform analysis related to impact top Webster specific systems and develop a risk-based approach to monitoring and response.
Work closely with the SOC and Incident Response teams to detect and remediate threats to Webster systems.
Understand the relationship between Threat Intelligence, Security Operations, and Incident Response.
Act independently to investigate identified threats and determine impact to Webster.
Prove weekly synopsis of the current threat landscape and how it related to Webster.
Perform threat research and analysis to collect intelligence on the threat landscape using both open and closed sources tools.
Develop a threat intelligence sharing program with external parties such as FS-ISAC.
Automate the consumption and deduplication of threat intelligence and operationalize the data in a meaningful way to Webster Bank.
Utilize the threat intelligence platform to understand adversary tools, techniques, procedures, threat actors and campaigns, and malicious domains, URLs, IPs, and sites.
Provide an integral role within the Security Operations detection and response pipeline and feedback loop.
Provide notifications to vulnerability management and L3 team on new indicators of compromise when available and recommended courses of action to support response activities.
Provide a feed of threat observables from threat intelligence platform for ingestion into the SIEM and threat intelligence platform tool (TIP).
As needed, coordinate with the CSIRT team to contain the incident and to mitigate the threat upon notification of incident.
Have a deep understanding of the MITRE Att&ck Framework and its applicability to the SOC.
Ability to perform threat analysis using common threat intelligence frameworks such as but not limited to the diamond model, Cyber Kill Chain, Mitre Att&ck, and others.
Stand up, accelerate, and evolve cyber threat intelligence teams to increase their effectiveness.
Maintain and enhance the threat intelligence platform and SIEM integrations.
Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes.
Identify patterns, trends, and events in threat actor TTPs and campaigns and make recommendations to CSIRT and Vulnerability Management teams for proactive threat mitigation.
Perform other duties as assigned.
EDUCATION, EXPERIENCE & SKILLS
Bachelor's degree in engineering, computer science, information security, or information systems or relevant industry experience with threat intelligence related experience.
Candidate should have minimum 3 years of experience in Cybersecurity analysis with hands-on experience of working as a Threat Intelligence analyst.
Hands-on experience of working independently in a SIEM is a must.
Experience in performing threat research and analysis to collect intelligence on the threat landscape, using sources such as Open-source security intelligence.
Understanding and familiarity with concepts or knowledge of static and/or dynamic malware analysis.
Ability to derive Indicators of Compromise from malware samples/reports is a much.
Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat.
Experience with Incident Response is desired.
Knowledge and ability to identify threat actor attack methods and track their developments.
Experience using the Diamond Threat Model or Cyber Kill Chain.
Ability to synthesize complex information in simple, succinct explanations with digestible reports to senior management.
Experience in Cyber Threat Intelligence and experience conducting threat modeling and familiarity with the intelligence cycle.
Bachelor's degree in engineering, computer science, information security, or information systems or relevant industry experience with threat intelligence related experience.
Candidate should have minimum 3 years of experience in Cybersecurity analysis with hands-on experience of working as a Threat Intelligence analyst.
Hands-on experience of working independently in a SIEM is a must.
Experience in performing threat research and analysis to collect intelligence on the threat landscape, using sources such as Open-source security intelligence.
Understanding and familiarity with concepts or knowledge of static and/or dynamic malware analysis.
Ability to derive Indicators of Compromise from malware samples/reports is a much.
Experience reviewing and assessing logs for anomalous activity indicating the presence of a threat.
Experience with Incident Response is desired.
Knowledge and ability to identify threat actor attack methods and track their developments.
Experience using the Diamond Threat Model or Cyber Kill Chain.
Ability to synthesize complex information in simple, succinct explanations with digestible reports to senior management.
Experience in Cyber Threat Intelligence and experience conducting threat modeling and familiarity with the intelligence cycle.
#ZR
#LI-FO1
18196021