Lead Threat Intelligence Analyst
ADP
- Manila City, Metro Manila Makati City, Metro Manila
- Permanent
- Full-time
- Collect, analyze, investigate, store, and disseminate threat intelligence (actors, campaigns, TTPs, IOAs, IOCs).
- Collect and analyze artifacts including malicious executables, scripts, documents, and packet captures.
- Conduct detailed technical analysis supported by industry accepted threat intelligence analytical frameworks, tools, and standards.
- Collaborate with technical and threat intelligence analysts to provide indications and warnings and contribute to predictive analysis of malicious activity.
- Develop and refine cyber-threat intelligence collection and analysis processes.
- Apply knowledge of current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks.
- Generate tailored and actionable products based on analyzed threat campaigns, external and internal events and incidents.
- Develop analytical hypotheses, prove (or disprove) those hypotheses through research; communicate that information to stakeholders both verbally and in writing.
- Produce quality intelligence products at the Operational, and Tactical level for audiences with diverse technological backgrounds.
- Review and process and analyze external/brand abuse and digital risk data.
- Develop automation processes and dashboards to measure trends.
- Ability to work in a fast-paced environment with minimal supervision.
- Review and analyze internal, open source, and dark web datasets to find threat information and use it to provide value to ADP.
- Provide accurate and priority driven analysis on cyber activity/threats, and present complex operational/technical topics to senior managers and stakeholders.
- Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the organization, as well as different business segments.
- Create and evaluate trend/correlation analysis for scenario forecasting at both the tactical and operational level.
- Provide expertise and recommend relevant remediation and countermeasures during incident response efforts.
- Provide security risk mitigation methods and compensating controls to help drive remediation efforts for the business.
- Generate presentations that illustrate research through visualizations, charts, graphs, infographics, and evidence capture for senior leadership.
- Provide input for the development of objectives, key results, and program metrics.
- Exhibit strong critical thinking and problem-solving skills with sound judgement.
- Maintain or develop professional contacts in the various communities in support of operations.
- Support the Critical Incident Response Center (CIRC)/SOC with intelligence collection, analysis and/or dissemination as it relates to on-going investigations.
- 5+ years of cybersecurity, threat intelligence or IT experience; 2+ years of experience in operational or tactical cyber threat analysis; experience can include one or more of the following cyber-security functions: Cyber Threat Intelligence, Threat Hunting, System Administration, Intrusion Detection/Prevention, Monitoring, Incident Response, Digital Forensics, Vulnerability Management
- Ability to write scripts for automation process development using Python and other languages.
- Ability to work with API and implement integrations between tools/solutions.
- Ability to work in a fast-paced environment with minimal supervision.
- Ability to introduce and provide improvements to the current processes for more efficiency and actionability.
- Prior experience working with Threat Intelligence tools such as: Recorded Future, Titan, ThreatQ, Virus Total, ThreatConnect, Spycloud, etc.
- Prior experience as a technical cyber threat intelligence (or related) subject matter expert that has worked across organizational boundaries to analyze cyber threats to their organization's infrastructure and services.
- Candidates must be able work independently with minimal supervision.
- Excellent English verbal and written communication skills are required.
- A Computer Science College degree is a plus, but not required. What's more important is having the skills and experience to do the job.
- Holds certifications such as SANS FOR578, GIAC OSI, Security+, CISSP, GCTI, GREM, OSCP or similar training and certification.
- Knowledge of advanced cyber threats, threat vectors, attacker methodology to include, tools, tactics, and procedures and how they tie into the Cyber Kill Chain or ATT&CK framework, Diamond Model etc.
- Experience in malware detection and analysis using static and dynamic malware analysis methods.
- Knowledge of cloud services and their attack surface.
- Knowledge of how malicious code operates and how technical vulnerabilities are exploited.
- Experience with premium threat intelligence tooling and/or open-source intelligence techniques.
- Experienced in developing network and host-based signatures to identify specific malware.
- Experience with disseminating information in accordance with TLP classification and handling protocols, to the sector through the appropriate mechanisms.
- Experience with various link analysis and intelligence software applications.
- Organizational and self-directing skills -- ability to initiate, coordinate and prioritize responsibilities and follow through on tasks to completion
- Programming / Scripting experience to automate tasks is a plus (python, Perl, .net, etc.)
- Understanding the following foreign languages is a plus (Mandarin, Farsi, Korean, Arabic)
- Experience with developing tools to enhance cyber-threat intelligence capabilities.
- Banking or Financial industry experience