Cyber Threat Intelligence Analyst
Windsor (Royal Borough of Windsor and Maidenhead) IT development
Job description
· Location
Windsor, Berkshire
· Salary
£ 600 - £ 650 / Daily
· Job type
Contract
· Industry
IT
· External Reference
CCACTIA123
· Category
IT - IT Security
Cyber Threat Intelligence Analyst
Utilities
Remote working
6 months+
£600 - £650 per day
In short: Cyber Threat Intelligence Analyst required to join a large utilities provider in supporting their small Cyber Threat team with typical activities.
Threat Modelling experience would be very nice-to-have but not essential.
In full:
Job Description
Assisting the Head of Security Defence & Posture in the management of all aspects of threat intelligence, including:
· Monitor and process the regular (daily/weekly/monthly/quarterly/yearly) reports produced by the open source and premium intelligence vendors that we have access to
· Monitor the Cyber Threat Intelligence (CTI) "news" dashboards and feeds to identify relevant threats and vulnerabilities
· Perform threat modelling using threat intelligence and business knowledge to identify the most prominent cyber threats and actors for different areas of the business
· Produce ad-hoc, daily, weekly and monthly threat intelligence briefings and reports, both for a technical audience and for senior leadership
Act upon actionable elements from reports:
· Extract actionable intelligence related to tactics, techniques and procedures (TTP's), mapping them to the MITRE ATT&CK and share the actionable intelligence with relevant Cyber Security teams.
· Ensure indicators of compromise (IOC) are ingested into the platform (mostly automated already)
· Notify leadership when new, industry relevant threats appear on our radar
· Create and fine tune dark web threat detection rules
· Process "potentially compromised credentials" alerts
· Process dark web monitoring alerts
· Process ransomware alerts > validate with Global Security Operations Centre (GSOC) if a business relationship with the impacted third party company exists and assess potential impact
· Raise request for information (RFI's) for high interest topics
Monitor the Threat Intelligence Platform to:
· Ensure intelligence is properly ingested and exported to security monitoring and defence tooling
· Adjust the delivery parameters to increase the amount of intelligence flowing to security tooling
· Evaluate existing and potentially relevant intelligence feeds
· Add in and fine tune data sources
· Perform threat intelligence analysis and advanced research
· Build complete and highly detailed threat actor profiles, emulation plans & collaborate with the Purple Team and Threat Hunting Team
· Define new enrichment capabilities and new intel integration opportunities
· Maintain and develop documentation
· Maintain and update the post incident reports (PIRs) and the threat actor library
· Complete ad-hoc and time sensitive threat intelligence report development requests
· Develop scripts to parse data from a wide range of sources
Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
To speak to a recruitment expert please contact Dan Minor