GRF Seeking Cyber Threat Intelligence Analyst
POSITION: CYBER THREAT INTELLIGENCE ANALYST
Job Status: Full Time FLSA Status: Exempt
Reports To: TBD Travel Required: None
Work Schedule: Mon - Fri: 40 hours Positions Location: Reston, VA
Firm: New Hire
To apply, please send a cover letter and resume to HR@fsisac.com with the position title listed in the subject line.
The mission of the Global Resilience Federation (GRF) is to help assure the resilience and continuity of vital infrastructure and individual organizations against threats and acts that could significantly impact individual organizations and various sectors’ ability to provide services critical to the orderly functioning of the global economy. GRF is a non-profit spin-off from the Financial Services Information Sharing and Analysis Center (FS-ISAC) that provides support and technology to ISACs, ISAOs, and other communities around the world, with co-located analysts supporting individual communities and participating in cross-sector sharing and collaboration.
GRF is seeking an individual to serve as a Cyber Threat Intelligence Analyst. The primary focus of the Cyber Threat Intelligence Analyst is to support oil and gas critical infrastructure and members of that sector.
Monitor external, internal, and open source feeds for relevant cyber threats, incidents, and/or cyber activity that may have an impact on the oil and gas sector and/or relevant sectors and assets.
Stay up to date on commodity/opportunistic malware and threats and targeted malware variants and threats.
Analyze indicators, observables, and incidents that are submitted by clients/members to create actionable intelligence reports with mitigation recommendations and in-depth analysis.
Conduct briefings and host meetings on threat actors, threats, malware variants, TTPs, and APTs to clients/members.
Produce predictive and reactive cyber threat intel reports on new or updated cyber threats, new TTPs, campaigns (phishing/spear phishing/watering hole).
Correlate activity found on internal/external feeds with what companies and members within critical infrastructure sectors are seeing or may see.
Conduct analysis on files/binaries, packet captures, and supporting materials to extract relevant artifacts, observables, and IOCs.
Proactively look for cyber threats via open feeds, internal feeds, VirusTotal, Hybrid-Analysis, or similar sources.
DESIRED SKILLS AND EXPERIENCE
Understanding of cyber kill chain model (or intrusion kill chain), diamond model, and ACH
Great writing and communication skills
Experience with ThreatConnect and ThreatStream
Ability to analyze network packet captures (PCAPs), IP addresses, triage binaries and files, and incidents
Understanding of certain threat actors, correlating cyber and geopolitical activity, and ability to produce tailored intel reports
Basic Cybersecurity Certifications (Security+, CEH, GCIH, etc.)
Security clearance or eligibility for clearance desired
3 – 5 years of relevant experience; previous experience in a SOC, intelligence, or cyber threat intelligence
SANS/GIAC Certification in one of the following: GREM, GCTI, GCIA, or GPEN, or a similar certification
Understand malware analysis or are familiar with reverse engineering
Ability to write and understand YARA and SNORT rules
GRF offers a comprehensive benefits package including paid time off, medical and dental benefits paid for by the employer, annual bonuses, 401k plan with company match and others.