Senior Analyst, Threat Hunting
At Prudential, we understand that success comes from the talent and commitment of our people. Together, we have a shared vision in securing the future of our customers and our communities. We strive to build a business that you can shape, an inclusive workplace where everyone's ideas are valued and a culture where we can thrive together. Our people stay connected and tuned in to what's happening around us, keeping us ahead of the curve. While focused on the long-term, we look to the future to bring growth, development and benefit to everyone whose lives we touch. Job Purpose:
At the core of our Cyber Security Operations Centre (CSOC), our Cyber Threat and Intelligence Analyst proactively detects malicious behavior using a unique blend of device logs and threat intelligence feeds from multiple commercial and open source feeds. The analyst is responsible for CSOC's cyber threat information and intelligence collection analysis, production, and inseminations of finished intelligence products to CSOC teams and overall executive decision makers. The Threat and Intel Analyst coordinates with external peer groups and information security circles over cyber threats and on the development of global cyber policy to address events ranging from intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information. Job Responsibilities:
Cyber Threat Monitoring
- Responsible to monitor the incident tickets and manage these tickets in a timely manner according to appropriate severities.
- Ensure tickets are managed appropriately and closed within stipulated service level
- Ensure requests are closed with sufficient quality with full incident lifecycle
- Responsible for Level 2 / Level 3 Alert Reviewing and Investigation, when Security Analysts identify high risk indicators of compromise or attack
- Record, update, maintain and follow-up on escalated security events and/or incidents
- Design use cases that cover native model and anomaly (machine learning model)
- Record and Manage Knowledgebase on all incident handling performed in CSOC covering source of threat, source of logs, rating of criticality, monitoring mechanism, alerting mechanism, escalation method, recording and reporting mechanism.
- Coordinate with the support of the Incident Response Leader and Security Analysts, any escalation of IT Security events and/or incidents, to Local Business Units and Regional counterparts
Cyber Threat Intel Monitoring
- The Threat and Intel Analyst is responsible for CSOC's cyber threat information and intelligence collection analysis, production, and dissemination of finished intelligence products to CSOC teams and overall executive decision makers.
- Real-time monitoring of third party security feeds, forums, and mailing lists to gather information on vulnerabilities and exploits related to our environment
- Assessing each event based on factual information and wider contextual information available
- Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds
- Participate in regular threat focus meetings with CSOC
- Serve as an open source Cyber threat intelligence analyst
- Develop and hold expertise on emerging Cyber threats and trends, and the evolving policy and regulatory framework related to Cyber security
- Perform documentation support focused on Cyber Intel doctrine, policies, strategies, capabilities, and intent to conduct Cyberspace operations and Cyber-oriented groups, individuals, organizations, tools, tactics, and procedures
- Assist with drafting, editing, critiquing, and proofreading threat intelligence estimates, briefs, assessments, and memorandums for analyses
- Work closely with CSOC to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks
- Provide critiques of written threat intelligence for the benefit CSOC
- Partner with CSOC's incident response team and investigations team to understand incidents and support technical analysis of malicious cyber security events
- Oversee collection management, analysis, and/or production capabilities
- The Intel Analyst coordinates with external peer groups and information security circles over cyber threats and on the development of global cyber policy to address events ranging from intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information.
- Degree in Computer Science, Information Security, International Relations, Intelligence Studies, Political Science, or related field
- Security Certifications such as GCIA, GCIH, or similar
- 5 years of experience performing intelligence analysis, collection management, or technical/malware analysis
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources
- Experience with intrusion analysis, computer network operations, information operations, or information warfare.
- Ability to write high-quality intelligence assessments and briefings for a senior-level audience
- Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing Cyber threats
- Ability to leverage well-honed online researching expertise to identify and navigate relevant online forums, including Web sites, social media, and traditional sources to support research and analysis
- Deep interest in open source research
- Investigative and analytical problem solving skills.
- Critical thinking and contextual analysis abilities
- Inherent passion for information security and service excellence
- An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security;
- Willing to work out of hours and public holidays as part of a stand-by and when on call as needed.
- Prior experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).