Security Analyst - Threat Intelligence (L3)
The Security Intelligence Analyst and Use-case engineer role is part of the SOC. Candidates in this role will analyze information and intelligence relevant to threats facing the systems, infrastructure, and resources critical to BPI and use this information to develop use-cases for the SIEM/SoC. Ideal candidates will be experienced in analyzing cyber threats and security intelligence and determining indicators of compromise that are relevant to the environment.
- Provide initial analysis of security intelligence feeds
- Provide communication and escalation as per Security Incident Management Process /
- Guidelines for severe intelligence findings.
- Takes an active part in the gathering, analysis, and communication of threat intelligence through the intelligence process.
- Review and analyze external threat intelligence feeds (industry feeds and security partners)
- Hunting based on indicators of compromise or suspicious anomalous activity based on data alerts or data outputs from various tool sets
- Publish Actionable Intelligence alerts to L2 and L3 analysts for defined use cases (e.g. compromised credentials, Indicators of Compromise associated with active malicious campaigns)
- Publish Situational Awareness alerts to L2, L3 and SIEM Admin/Integration Engineer for use cases (e.g. New security threats under consideration that could impact the business)
- Submit change control to apply customized rules to prevent attacks and SOC rules to count the number of attacks prevented
Required Technical and Professional Expertise
- Strong Analytical and Problem Solving Skills
- Knowledge of security intelligence threats and threat actors.
- Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
- Knowledge of packet capture and analysis
- Experience with log management or security information management tools
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
- Ability to make information security risk determinations based of threat intelligence analysis
- Effective verbal and written communication skills
Preferred Tech and Prof Experience
- Intrusion Detection In Depth - SEC503 (GCIA certification) or equivalent
- Cyber Threat Intelligence (FOR 578) or equivalent
- Reverse Engineering Malware Analysis (optional GREM certification)
- Hacker Techniques, Exploits & Incident Handling - SEC504 (optional GCIH certification)
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Back to top