Vice President - Senior Threat Intel Analyst
The Cyber Threat Intelligence analyst, reporting to the Head of Cyber Defense, participates as the main cyber threat intel analyst in the distributed threat intelligence capability at BNP Paribas.
•Proactively monitors threats arrayed against the bank and develop appropriate detective controls.
•Develops highly technical options for mitigating existing and emerging threat actor tactics, techniques, and procedures (TTPs) across the full suite of preventive and detective controls, including but not limited to architecture & engineering changes, new or updated sensor signatures, as well as auditing & logging changes.
•Oversees the development of use cases for integration into our Security Incident and Event Management platform.
•Integrates an in-depth understanding of threat actor motivations and capabilities into existing risk management processes.
•Performs threat assessments across the technology environment to identify high value targets and to help prioritize additional preventive/detective/corrective controls.
•Develop and maintain interconnections with peers in other regions for an efficient and optimized response to security events and incidents.
•Produce Key Performance and Risk Indicators.
•Develop and lead the intelligence planning portion of incident response activities.
•Contribute to a management awareness program.
•Other activities as they relate to improving the firm's posture towards cyber security incident response and threat intelligence. Qualifications Minimum Required Qualifications:
- Minimum 3 years professional work experience, including a minimum of 2 years in an Information Technology or Information Security role.
- Bachelor degree from an accredited college or university, or equivalent work experience.
- Either 2+ years prior experience as a penetration tester or 5+ years prior experience working in a military or national intelligence (all source or SIGINT) role along with a minimum of 6 months of all source or SIGINT training.
- Understanding of operational planning and risk management methodologies used in military and intelligence environments, especially as it relates to integrating collections management with operational planning and as documented in US Army ADP 2-0, ADP 5-0, ADRP 5-0, ATP 2-01, and ATP 2-01.3. Understanding of how these planning approaches related to cyber threat intelligence supporting cybersecurity planning, operations, and incident response. Understanding of how to relate IOCs to PIRs and decision points during monitoring and incident response activities.
- Strong ability to analyze threat actor TTPs at a highly detailed and technical level.
- Strong ability to develop control options for existing and emerging threat actor TTPs and to communicate to both a highly technical audience and to a non-technical audience how those options counter such TTPs. Specific focus on controls as they relate to networking (routing, switching, firewalls, security sensors) and operating systems (*Nix, Windows).
- Strong critical thinking and analysis skills as well as the written/verbal communication skills necessary to organize and concisely convey complex technical, tactical, operational, and strategic topics.
- Either a) a strong ability to develop both sensing and SIEM correlation logic against indicators of compromise that the candidate has developed, or b) strong programming skills which demonstrate an ability to quickly learn the skills in a).
- Ability to adapt to changing priorities, handle multiple assignments, and adhere to deadlines.
- Ability to coordinate actions from several different teams.
- Bachelor degree from an accredited college or university in Computer Science, Computer Engineering or Electrical Engineering.
- Have held one or more of the following certifications (does not need to be current as long as the candidate can fully leverage these skills): CISSP, GCED, OSCP, LPT, ECSA, RHCE, CCNP, or MCSA Win Server 2012/2016.
- Knowledge of how to deploy, operate, and integrate modern threat intelligence platforms and threat intelligence feed services with existing cyber and risk management processes.
- Understanding of the concepts in book 'Windows Internals', 7th edition.
- Ability to design and operate a use case life cycle process to feed into the sensing and correlation platforms (e.g., Security Incident and Event Management [SIEM] platforms, security analytics platforms).
FINRA Registrations Required: