Security Threat Intelligence Engineer

Job Title: Security Threat Intelligence Engineer

We are seeking a highly skilled Security Threat Intelligence Engineer to join our team at New Era Technology. As a key member of our Threat Management Threat Intelligence team, you will play a critical role in ensuring the continuous evaluation of cyber threats for risk and impact to our clients, customers, third parties, infrastructure, and wider ecosystem for all environments.

About the Opportunity

This is a 6-month remote opportunity that requires a strong understanding of common and advanced threats, penetration/intrusion techniques, and attack vectors. You will be responsible for collecting, processing, and analyzing information regarding security threats, producing and disseminating intelligence products, advisories, or tailored reports.

Responsibilities

• Collecting, processing, and analyzing information regarding security threats to provide indication and warnings of impending attacks.
• Producing and disseminating intelligence products, advisories, or tailored reports.
• Analyzing and reporting on unique attack vectors, emerging cyber threats, and current trends used by malicious actors.
• Daily threat intelligence monitoring through open and closed sources.
• Continually improving how the threat intelligence team works, including creation of run books, procedures, automation, or other efficiencies.
• Maintaining, developing, and continually analyzing threat data/intelligence sources, both technical and non-technical.
• Identifying, evaluating, and communicating new and ongoing cyber security threats through regular and ad-hoc reporting; producing intelligence briefings, attribution reports, and position papers.
• Producing concise tactical warning bulletins and other analytic reports that detail daily findings, events, and activities.
• Conducting collection and support attribution and analysis from incident response and threat hunting functions case findings.
• Collecting and analyzing All-Source intelligence, research data from multiple intelligence providers to analyze findings and produce quality Intelligence Products.
• Supporting threat hunts and purple teaming endeavors to identify threat actor groups and their techniques, tools, and processes utilizing threat intelligence.
• Analyzing and supporting security incidents for further enrichment of detection and alerting capabilities.
• Continuously improving processes for use across detection sets for more efficient operations.
• Generating reporting of trending metrics.
• Acquiring threat intelligence and technical indicators from external sources; developing tactical intelligence and technical indicators internally and collaborating with the incident response team.
• Evaluating data sources for consideration in the improvement and expansion of the threat intelligence program.

Required Skills

• Solid understanding of common and advanced threats, penetration/intrusion techniques, and attack vectors such as malware analysis, APT/Crimeware ecosystems, exploit kits, cyber hunting, cyber threat intelligence, software vulnerabilities & exploitation, data analysis, and knowledge of current hacking techniques, cyber threat actors, attribution concepts, security analysis techniques, recent cyber incidents, and vulnerability disclosures.
• Understanding of common threat analysis and threat modeling techniques used in CTI such as the diamond model, kill chain, F3EAD, MITRE ATT&CK framework, and the threat intelligence lifecycle.
• Competency in using common intelligence datasets obtained from information sharing sources, malware collections, and other internet-derived data.
• Familiarity with threat intelligence platforms, threat intelligence feeds, STIX, MISP, and TAXII frameworks, open-source intelligence feeds and tools, malware analysis/reversal tools, security incident and event monitoring (SIEM), security orchestration, automation, and response (SOAR), network sniffers and packet tracing tools, threat intelligence platforms, security information and event management (SIEM), intrusion detection and prevention (IDS/IPS), endpoint detection and response (EDR), email and web filtering technologies, link-analysis methods and software, cloud platforms, Meraki dashboard and products, and ability to write custom query logic for major SIEM tools and SQL to search data warehouse databases.
• A minimum of 10 years of information security experience with at least 7 years of experience with all-source cyber intelligence and analysis, or the equivalent combination of higher education and/or real-world experience.
• Experience working on threat intelligence teams with specific experience in cyber threat intelligence, cybersecurity operations, security monitoring, malware analysis, threat hunting, and/or adversary emulation.
• Strong analytical reasoning skills with the ability to recognize and evaluate facts, objectively analyze events, blend and organize threat data from multiple sources.
• Experience conducting intelligence research using existing tools, analyzing data, making connections for purposes of creating intelligence products.
• Possess organizational multitasking and commitment to follow-up.
• Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats.
• Ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) to varying audiences.
• Understanding of common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together.
• Experience in working with a geographically diverse team in multiple time zones around the globe.
• Broad experience managing complex projects, particularly projects requiring support and partnership outside your immediate team.
• Ability to create and/or re-architect new and existing solutions in a scalable manner.
• Ability to work independently and identify areas of need in highly ambiguous and time-sensitive situations.
• Demonstrated familiarity and expertise with data analytics tools like Splunk, ELK, Snowflake, or other searchable big data solutions.
• Excellent analytical skills.
• Collaborative team worker – both in person and virtually using WebEx or similar.
• Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel, and PowerPoint.
• Ability to work as liaison between business and information security/information technology.
• Flexibility to accommodate working across different time zones.
• Ability to work PST (Pacific Time Zone).
• Excellent interpersonal communication skills with strong spoken and written English.
• Business outcomes mindset.
• Solid balance of strategic thinking with detailed orientation.
• Self-starter, ability to take initiative.
• Project management and organizational skills with attention to detail.

Preferred Skills

• Relevant industry security certifications such as CISSP, SANS GIAC (e.g., GCTI, GCIH, GNFA, GCFE, GCFA, GREM), AWS certifications (SAA, SAP, or SCS), etc.
• Experience developing and presenting cybersecurity topics in written products and presentations, including conference presentations, webinars, and blog posts.
• Familiarity with other security verticals such as digital forensics, incident response, threat detection, application security, cloud security, and offensive security.
• Networking experience with LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP, and NSRP) routing protocols and technologies.
• Considerable working knowledge in one or more of the following topics APT, cybercriminals, financially motivated cyber groups, hacktivism, DDoS attack methods, malware variants, mobile and emerging threats, social engineering, and insider threats.
• Broad network and technology awareness, with the ability to convey complex or technical topics in a clear and concise manner.

Required Education

• Bachelor's degree (BA/BS) in Computer Science from four-year college or university; or equivalent training, education, and work experience. Cybersecurity certifications such as CISSP, CISM, etc.

About Us

New Era Technology is a community of like-minded, like-hearted people who share the same vision and values: Community, Integrity, Agile, and Committed. These visions and values tie into our daily work, to serve as a trusted technology adviser to our customers. Often a single project leads to a long-lasting partnership where we have the continued privilege of helping our customers deliver valuable technology solutions that improve efficiencies and experiences to their employees and customers.

EEO Statement

New Era Technology is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status.

---