T&T-Cyber-Defense & Resilience-Threat Intelligence

Key Responsibilities:

1. Threat Intelligence Gathering and Analysis: o Continuously monitor and collect data from a variety of internal and external threat intelligence sources, including open-source intelligence (OSINT), commercial feeds, and dark web monitoring.

o Analyze threat actor tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to understand potential impact on client environments.

o Identify new and emerging threats, vulnerabilities, and exploits that could affect MSSP clients. o Conduct deep-dive research into cyber threat activity groups, campaigns, and malware to provide actionable intelligence to SOC teams.

2. Threat Reporting and Dissemination:

o Develop and distribute threat intelligence reports to SOC analysts and clients, including daily, weekly, and monthly intelligence updates.

o Create tailored threat briefs for specific industries or clients based on their environment and threat profile. o Collaborate with SOC and incident response teams to ensure threat intelligence is utilized effectively in detection rules, playbooks, and incident response activities. o Provide timely alerts and threat advisories to clients regarding active or emerging threats. 3. Integration with SOC Operations: o Work closely with SOC analysts to integrate threat intelligence into existing monitoring, detection, and response workflows.

o Enrich SIEM alerts and incident investigations with threat intelligence to improve context and accuracy of detections.

o Help develop and tune detection use cases and correlation rules based on threat intelligence and evolving adversary behaviors.

o Provide input into incident response playbooks and processes, ensuring they are aligned with the latest threat intelligence.

4. Threat Hunting Support: o Support the SOC team in proactive threat hunting activities by identifying indicators of compromise (IOCs) and providing guidance on where to focus investigations.

o Assist in identifying advanced persistent threats (APTs), malware infections, and other high-risk activities within client environments.

o Develop and share hunting hypotheses with SOC teams based on the latest intelligence and observed attack patterns.

5. Threat Intelligence Platform (TIP) Management: o Manage and maintain the organization's Threat Intelligence Platform (TIP) and ensure it integrates with the SIEM and other security tools.

o Curate threat intelligence feeds and prioritize intelligence that is most relevant to MSSP clients and their industries.

o Perform regular updates and quality checks on IOCs, threat indicators, and intelligence data within the TIP.

o Ensure that threat intelligence data is actionable, timely, and relevant to improve operational SOC effectiveness.

6. Collaboration with External Threat Intelligence Communities: o Participate in threat intelligence sharing communities, Information Sharing and Analysis Centers (ISACs), and trusted industry networks. o Share relevant intelligence and receive updates from industry peers, law enforcement, and government agencies. o Stay current on the global threat landscape by attending conferences, webinars, and engaging in continuous learning opportunities.

7. Threat Intel Automation and Analytics:

o Implement automation where possible to streamline the ingestion and analysis of threat intelligence data.

o Use data analytics to identify patterns in threat intelligence and produce predictive insights for clients.

o Collaborate with the security engineering team to automate the integration of IOCs and threat indicators into detection platforms.

8. Client Interaction and Customization: o Work directly with MSSP clients to understand their specific threat landscape, industry challenges, and business requirements.

o Provide threat intelligence briefings tailored to client-specific concerns, such as sectoral threats or geopolitical risks.

o Assist clients with identifying and mitigating threats specific to their environment through actionable intelligence.

o Contribute to periodic client meetings by delivering updates on emerging threats, industry trends, and recommendations for improving security posture.

9. Training and Knowledge Sharing:

o Provide ongoing training and threat intelligence updates to SOC teams to enhance their awareness of the current threat landscape.

o Develop knowledge-sharing resources like threat intelligence dashboards, wikis, and threat actor profiles for use by internal teams and clients.

o Mentor junior SOC analysts in understanding and applying threat intelligence in day-to-day operations.

Desired qualifications

•Education: Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.

• Experience: • 4+ years of experience in cybersecurity with at least 2 years focusing on threat intelligence or incident response.

• Experience working in a SOC or MSSP environment preferred.

• Strong familiarity with threat intelligence platforms, SIEMs, and security analytics tools.

• Experience with threat intelligence sources (OSINT, commercial feeds) and frameworks like MITRE ATT&CK.

Certifications: One or more of the following (or equivalent):

• GIAC Certified Threat Intelligence Analyst (GCTI)
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH) o SANS Cyber Threat Intelligence (CTI) certification