Principal Threat Analyst

  • Full-time
  • Travel Required: 20 - 29%

Company Description

At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest growing companies in a truly essential industry.

In your role at Optiv, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients, and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.

Job Description

What we are looking for

The Principal Threat Analyst will identify and provide analysis for new cyber threats. They will be responsible for identifying threats that security devices are not configured to detect by using advanced analytical techniques and automation. Threat hunting requires some specific analytic skills, such as familiarity with the enterprise and the ability to generate and investigate hypotheses. Hunting benefits from analysts using automation to make these hunts faster, easier, more frequent and more accurate due to the large, diverse sets of data is the primary responsibility of the Hunting Team.

How you will make an impact

  • Experience in a large enterprise environment, of analyzing security event data for attack patterns and understanding attacker tactics
  • Experience in creating automated log correlations in a SIEM to identify anomalous and potentially malicious behavior
  • Working experience with Threat intelligence teams to be able to interpret IOCs and use them efficiently for alerting
  • Experience using multiple online sources in order to identify new threats
  • Understanding of monitoring devices such as firewalls, network and host-based intrusion detection systems, web applications, AV, WAF, Proxy and operating system logs
  • Create technical documentation around the content deployed to the SIEM
  • Ability to partner with anomaly detection and incident responders to improve data quality and reduce false positives.
  • Ability to recognize patterns and inconsistencies that could indicate complex cyber-attacks
  • Experience in developing SIEM correlation rules to detect new threats beyond current capabilities
  • Proactively “hunt” for potential malicious activity and incidents across multiple customers using advanced threat network and host-based tools
  • Analyze threat intelligence (e.g. actors, hack tools, exploits, malware, etc.) and determine techniques, tactics, and procedures (TTPs) of Threat Actors, including detailed technical analysis of the TTPs. Analyze events/ data feeds for event detection, correlation from monitoring solutions, triage and classify the output using automated systems for further investigation.
  • Provide support in the detection, response, mitigation, and reporting of cyber threats affecting client networks with the ability to evaluate IT environments and identify security goals, objectives and requirements
  • Develop threat hunting playbooks and patterns across a variety of technologies
  • Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in Cybersecurity operations
  • Maintenance, monitoring and analysis of audit logs with a strong ability to perform in-depth security forensics and analysis to effectively identify suspicious activity
  • Perform quality assurance (validation) to ensure customer security devices are functioning properly
  • Provide technical leadership within the managed services practice and client facing calls
  • Translate analytical findings into security “use cases” that can be implemented within available surveillance capabilities.   Review available surveillance data to further develop and improve the threat scenarios and use cases.
  • Assist in discovery of cyber vulnerabilities and investigation of global cyber security incidents where required.
  • Utilize proprietary tools and technologies and pattern matching skills to accurately identify emerging malware
  • Identify new malware distribution methods
  • Collaborate with multiple internal engineering and cross-functional teams on technical analysis
  • Manage multiple projects simultaneously while quickly learning a breadth of new concepts and technologies
  • Write, review and organize technical content that will be published to the Threat blog, FAQs and Knowledge-base for use by both internal and external customers
  • Document IOCs in the Optiv threat intelligence platform

Qualifications

  • 2+ years’ experience in malware analysis or equivalent experience - Strong understanding of malware, it's delivery mechanisms and behaviors
  • 2+ years’ experience in programming experience/scripting (eg. Python, Powershell, Ruby, VBScript, etc.)
  • 2+ years of relevant work experience in IT Security, regulatory compliance, risk management,
  • Experience in security-related forums and industry events for malware, security, digital crimes
  • Demonstrated and proven experience in Cybersecurity Incident Discovery and event management, network forensics, IPS/IDS, Firewalls, Content Filtering Technology, DLP, Configuration Management, and Monitoring, End-Point Protection, Database Security and Log Collection and Analysis.
  • Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory, etc.)
  • Strong understanding of malware families, delivery mechanisms and behaviors
  • Incident response or network security with a strong knowledge working as part of a SOC team
  • Understanding of tactics, techniques, and procedures employed by threat adversaries
  • Excellent customer service skills addressing the needs of both the external and internal customer with strong communication and process skills
  • Knowledge of Virtualization software (VMWare, Virtual PC/ Virtual Box, XEN, etc)
  • Demonstrated and proven experience in Cybersecurity Incident Discovery and event management, network forensics, IPS/IDS, Firewalls, Content Filtering Technology, DLP, Configuration Management, and Monitoring, End-Point Protection, Database Security and Log Collection and Analysis
  • Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory, etc.)
  • Strong analytical and critical thinking skills
  • Strong verbal and written skills – The senior hunter will regularly prepare reports and comprehensive documentation for customers

Desired Skills and Experience:

  • Documentation of threats in common expression languages such as STIX, Cybox and MAEC
  • MPS and Continuous Endpoint Monitoring Solutions
    • Carbon Black
    • CrowdStrike
    • FireAMP
    • SourceFire
    • FireEye
    • Tanium
    • RSA ECAT
    • Trend Micro Deep Security
  • Malware Analysis Tools
    • Sandbox technologies – Cuckoo, ThreatGrid
    • Volatility
    • Rekall
    • YARA
    • VirusTotal
  • Hands-on experience one or more with SIEM platforms
  • IBM Q-Radar
  • Intel Nitro / ESM
  • Arcsight
  • LogRhythm
  • Experience with data analytics platforms
  • ElasticSearch / ELK Stack
  • Splunk
  • Exabeam
  • Experience with reverse engineering malicious files or code
  • Experience with Python, Perl, Bash, PowerShell a plus
  • Knowledge of the Cyber Kill Chain and the Diamond Model of Analysis
  • Involvement in Threat Intelligence and Cybersecurity community
  • CISSP, GCIA, GCIH, GPEN, GNFA, GREM, GCFA, CSFA, OSCP - Not required, but a plus

Additional Information

All your information will be kept confidential according to EEO guidelines.

Privacy Policy