Posted: November 2021
Principal Threat Intelligence Analyst (Remote, Global)
Volexity is on the hunt for a Principal Threat Intelligence Analyst to help expand its rapidly growing Threat Intelligence service.
You want to be one of the first to assist in investigating and uncovering attackers behind some of the most exciting incidents in the industry, such as the SolarWinds supply chain attack or the Microsoft Exchange 0-day CVE-2021-26855. You are an expert in analyzing attacker infrastructure, tools, and investigating both criminal and nation state actors.
You are looking for a job opportunity where you can:
- Expose the use of unknown vulnerabilities, tools, and tactics used by advanced threat groups.
- Work on investigations that you are personally invested in.
- Be part of a growing industry-leading threat intelligence team.
- Have flexible work hours and a remote-friendly environment.
- Help protect NGOs, activists, dissidents, human rights defenders, and other highly targeted groups.
- Contribute to open-source projects, if desired.
Successful candidates will have worked in Threat Intelligence focused roles for a minimum of four years.
As a Principal Threat Intelligence Analyst, your responsibilities include:
- Identifying new and interesting threats leveraging proprietary, commercial, and open-source data sources
- Building, designing and maintaining methods for monitoring ongoing and emerging threat activity
- Triaging malware to identify its purpose and function, and extracting key information that can be used to defend networks
- Producing and reviewing high-quality written communication, summarizing findings from investigations using succinct, clear language
- Working closely with incident response and network monitoring teams to improve detection and bolster response efforts by finding additional tools, malware, and infrastructure
- Playing a key part in managing and publishing threat data to customers
As a Principal Threat Intelligence Analyst, your expected skillset will include some of the following:
- Excellent understanding of network protocols and operating systems as they relate to threat detection
- Excellent knowledge of the current threat landscape and the TTPs of various threat actors
- Expert knowledge of writing YARA and Suricata signatures; a successful candidate will be able to recognize the qualities of good signatures and creates solid signatures for both the YARA and Suricata formats
- High-quality written communication skills, with the ability to document findings for customers in long-form reporting
- Experience in reviewing the work of others to ensure a high standard across the team
- Ability to quickly extract relevant threat intelligence from public reporting and apply that to various detection scenarios
- Resourceful self-starter who is able to work both with a team and independently, when required
Successful candidates for this role may also demonstrate some of the following experience or skills:
- Moderate or higher proficiency in Python, with ability to produce scripts to manipulate data, interact with API endpoints to retrieve desired data, or assist in analysis of malware
- Basic or higher proficiency in Malware Analysis
- Writing detection logic for a variety of systems, such as Carbon Black, Defender ATP, etc.
- Maltego expertise, both writing transforms and general manipulation of the tool
- Network analysis tools (Wireshark/Tshark, TCPDump, etc.)
- Prior career experience working in a SOC or IR team responding to interesting attacks, with an understanding of what facets of signatures can lead to false positives and how to avoid them
In terms of working with others, Principal Threat Intelligence analysts will be expected to:
- Work with different organizations and/or service providers to obtain actionable threat intelligence information
- Mentor junior staff and help them develop new skills
- Compile threat intelligence bulletins from multiple sources and report out to our valued customers
- Maintain a strong working relationship with government or relevant business entities in threat intelligence
Volexity Inc. is an Equal Opportunity Employer.