Hybrid Pathways is hiring a
Security Threat Intelligence Engineer

Summary

Hybrid Pathways is seeking a Security Threat Intelligence Engineer Consultant to support their Threat Management team objectives for 6 months. The role involves collecting, processing, analyzing security threats, producing intelligence products, and maintaining threat data sources. The candidate should have at least 10 years of information security experience with all-source cyber intelligence and analysis.

Requirements

• Solid understanding of common and advanced threats, penetration/intrusion techniques & attack vectors such as Malware analysis, APT/Crimeware ecosystems, Exploit kits, Cyber Hunting, Cyber Threat intelligence, Software vulnerabilities & exploitation, Data analysis
• Knowledge of current hacking techniques, cyber threat actors, attribution concepts, security analysis techniques, recent cyber incidents & vulnerability disclosures
• Understanding of common threat analysis, and threat modeling techniques used in CTI such as diamond model, kill chain, F3EAD, MITRE ATT&CK framework, and the threat intelligence lifecycle
• Competency in using common intelligence datasets obtained from information sharing sources, malware collections, & other internet derived data
• Familiarity with the following tools: Threat Intelligence Platform (TIP), Threat intelligence feeds, STIX, MISP and TAXII frameworks, Open Source Intelligence feeds and tools (OSINT), Malware Analysis / Reversal Tools, Security Incident and Event Monitoring (SIEM), Security Orchestration, Automation & Response (SOAR), Network sniffers and packet tracing tools, Threat Intelligence Platforms (TIP), Security Information& Event Management (SIEM), Intrusion Detection& Prevention (IDS/IPS), End Point Detect& Response (EDR), Email and Web filtering technologies, link-analysis methods and software (e.g., Maltego, Analyst Notebook)
• A minimum of 10 years of information security experience with at least 7 years of experience with all-source cyber intelligence and analysis
• Experience working on threat intelligence teams with specific experience in cyber threat intelligence, cybersecurity operations, security monitoring, malware analysis, threat hunting, and/or adversary emulation

Responsibilities

• Collecting, processing, and analyzing information regarding security threats
• Producing and disseminating intelligence products, advisories or tailored reports
• Analyze and report on unique attack vectors, emerging cyber threats, and current trends used by malicious actors
• Daily threat intelligence monitoring through open and closed sources
• Continually improve how the threat intelligence team works, including creation of run books, procedures, automation or other efficiencies
• Maintain, develop and continually analyze threat data/intelligence sources, both technical and non-technical
• Identify, evaluate and communicate new and ongoing cyber security threats through regular and ad-hoc reporting; produce intelligence briefings, attribution reports, and position papers
• Produce concise tactical warning bulletins and other analytic reports that detail daily findings, events, and activities
• Conduct collection and support attribution and analysis from incident response and threat hunting functions case findings
• Collection and analysis of All-Source intelligence, research data from multiple intelligence providers in order to analyze findings and produce quality Intelligence Products
• Support threat hunts and purple teaming endeavors to identify threat actor groups and their techniques, tools, and processes utilizing threat intelligence
• Analysis of anomalous log data, and results of collaborative team sessions to detect, and eradicate threat actors on the network
• Analyze and support security incidents for further enrichment of detection and alerting capabilities
• Generate reporting of trending metrics

Preferred Qualifications

• Relevant industry security certifications such as CISSP, SANS GIAC (e.g. GCTI, GCIH, GNFA, GCFE, GCFA, GREM), AWS certifications (SAA, SAP, or SCS), etc
• Experience developing and presenting cybersecurity topics in written products and presentations, including conference presentations, webinars, and blog posts

Benefits

This is a 6-month remote opportunity