onsite

Cyber Threat Analyst

Cyber Threat Analyst position — see original posting for full details.

About the role

Specific Duties and Responsibilities:

Threat Lead Identification: Research new adversary tactics, techniques, and procedures (TTPs) using open sources (public information such as security vendor reporting, social media, code repositories); closed sources (dark web and underground forums); and proprietary sources.
Subject Matter: Threat leads should focus on team priority intelligence requirements (PIRs). Examples of such subject matter include malware developments, offensive security tools, vulnerability exploits, cloud security, and mobile security.
Key Detail Identification: During research, identify and take note of infection chains, host and network IoCs, malware samples, threat actors, and MITRE ATT&CK tactics and techniques
Author Insikt Notes: Write TTP Instances detailing identified threat leads. TTP Instances include a combination of information from open-source reporting and your own analysis (i.e. code review, static malware analysis). TTP Instances are written and formatted to help our customers understand infection chains while also helping them prepare and validate their defenses.
Cadence: Write at least 2 TTP Instance notes daily
Quality: Authored TTP Instances should include minimal grammatical or syntax errors. Plagiarism is not acceptable.
Malware Analysis: Using sandbox environments and static analysis tools, analyze malware samples associated with threat leads.
Use Cases: Malware analysis is used to provide additional insight into an event, validate open-source reporting, uncover additional IoCs, and assist peers and customers in detection engineering
Detection Engineering: Create malware or vulnerability detections (e.g. YARA, Sigma, Snort, Nuclei) that can be used for threat hunting, detection, and classification.
Cadence: Create at least 1 malware or vulnerability detection per month
Delivery: In most cases, these detections will be delivered alongside a TTP Instance.
Information Security: Adhere to and implement Infinit-O's quality and information security policies and carry out its processes and procedures accordingly.
Protect client-supplied and generated-for-client information from unauthorized access, disclosure, modification, destruction, or interference (see also Table of Offenses)
Carry out tasks as assigned and aligned with particular processes or activities related to information security.
Report any potential or committed non-conformity, observation and/or security vent or risks to immediate superior.

Qualification

Required Skills:

Strong written communication in English
Demonstrable experience writing reports on technical subject matter (e.g. malware, vulnerability exploits, offensive security tools) in a clear, concise, and logical format
Disciplined time management
Self-starting, self

About the role

Specific Duties and Responsibilities:

Threat Lead Identification: Research new adversary tactics, techniques, and procedures (TTPs) using open sources (public information such as security vendor reporting, social media, code repositories); closed sources (dark web and underground forums); and proprietary sources.
Subject Matter: Threat leads should focus on team priority intelligence requirements (PIRs). Examples of such subject matter include malware developments, offensive security tools, vulnerability exploits, cloud security, and mobile security.
Key Detail Identification: During research, identify and take note of infection chains, host and network IoCs, malware samples, threat actors, and MITRE ATT&CK tactics and techniques
Author Insikt Notes: Write TTP Instances detailing identified threat leads. TTP Instances include a combination of information from open-source reporting and your own analysis (i.e. code review, static malware analysis). TTP Instances are written and formatted to help our customers understand infection chains while also helping them prepare and validate their defenses.
Cadence: Write at least 2 TTP Instance notes daily
Quality: Authored TTP Instances should include minimal grammatical or syntax errors. Plagiarism is not acceptable.
Malware Analysis: Using sandbox environments and static analysis tools, analyze malware samples associated with threat leads.
Use Cases: Malware analysis is used to provide additional insight into an event, validate open-source reporting, uncover additional IoCs, and assist peers and customers in detection engineering
Detection Engineering: Create malware or vulnerability detections (e.g. YARA, Sigma, Snort, Nuclei) that can be used for threat hunting, detection, and classification.
Cadence: Create at least 1 malware or vulnerability detection per month
Delivery: In most cases, these detections will be delivered alongside a TTP Instance.
Information Security: Adhere to and implement Infinit-O's quality and information security policies and carry out its processes and procedures accordingly.
Protect client-supplied and generated-for-client information from unauthorized access, disclosure, modification, destruction, or interference (see also Table of Offenses)
Carry out tasks as assigned and aligned with particular processes or activities related to information security.
Report any potential or committed non-conformity, observation and/or security vent or risks to immediate superior.

Qualification

Required Skills:

Strong written communication in English
Demonstrable experience writing reports on technical subject matter (e.g. malware, vulnerability exploits, offensive security tools) in a clear, concise, and logical format
Disciplined time management
Self-starting, self