Senior Security Research Analyst

Summary

Join BlueVoyant as a Senior Security Research Analyst - Internal Data and conduct in-depth analysis of internally sourced security data to identify and investigate potential threats. Work within the Threat Fusion Cell, providing threat intelligence insights through data correlation and analysis. Analyze EDR/SIEM tool data and SOAR tooling to identify attack trends. Explore alerting data to filter for novel security incidents and facilitate Threat Fusion Cell automation efforts. Collect and maintain client information to support threat detection and conduct analysis on reports to provide quality intelligence to various teams. Follow processes to identify high-profile cases and understand data structures for indicators derived from SOC client alerting and open-source intelligence feeds.

Requirements

• Strong analytical and problem-solving skills with attention to detail; experience with VirusTotal, Joe Sandbox and other open-source intelligence tools
• Experience with log analysis and forensic investigation techniques
• Practical knowledge of Linux, macOS and Windows operating systems
• Understanding of TCP/IP networking and the OSI model
• Experience with SIEM platforms and log analysis tools
• Familiarity with IDS/IPS systems
• Knowledge of common programming or scripting languages
• Strong written and verbal communication skills
• Experience with packet analysis tools (e.g., Wireshark)
• Ability to deconstruct complex problems and identify patterns
• Bachelor's degree in Computer Science, Information Security, or related field
• 1+ years of experience in security research or threat analysis
• Experience with data analysis and enrichment techniques
• Knowledge of security tools and technologies

Responsibilities

• Analyze EDR/SIEM tool data sources and SOAR tooling to contribute to automated collection of essential elements of information extraction in an effort to identify attack trends and campaigns from client alerting
• Explore alerting data to filter for novel security incidents by creating and implementing periodic queries to identify previously undocumented malware and new attack TTPs
• Facilitate Threat Fusion Cell automation efforts to maximize operational efficiency and effectiveness for delivery of threat intelligence
• Collect and maintain client firmographic information and historical security touchpoints (malware, adversaries, tools noted in environment) to support threat detection and SOC operations
• Conduct analysis on report items from collected data to provide quality intelligence to Advanced Threat Detection, SOC analyst teams, and Cyber Defense Platform users
• Analysis should focus on corroborating findings, ascertaining attribution, highlighting infrastructure, identifying targets and cataloging all in a digestible format for report review and publishing
• Follow process to identify recently processed high-profile SIR or MSS cases for which greater threat intelligence context exists and provide to SOC analyst teams in timely manner
• Understand data structure for indicators derived from SOC client alerting and Open-Source intelligence feeds to provide succinct, enriched context to downstream analysts

Preferred Qualifications

• Experience with malware analysis
• Knowledge of threat hunting methodologies
• Relevant security certifications (GCIA, GCIH, etc.)
• Experience with automation and scripting for data analysis