Cyber Threat Intelligence Analyst II
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com . Position Description:
The Cyber Threat Intelligence Analyst (Engineer II) is part of a team of analysts who consume, process, analyze, and operationalize cyber threat intelligence, threat data, or other indicators of threat activity for the purposes of improving enterprise security detection and prevention capabilities. Key responsibilities include:
- Timely development and deployment of customized detection logic based on provided intelligence.
- Coordinate and conduct proactive hunting exercises, retrospective searching for known indicators of malicious activity.
- Coordinate with security operations and incident response staff to tune and improve detection capabilities or to aid in investigations or respond to incidents.
- Consume and analyze threat intelligence reports in order to author signatures, queries, or other analytics that will be deployed for detection and prevention purposes. Examples include SIEM rules and alerts; Suricata, Snort, and YARA rules; and host-based intrusion detection signatures.
- 2+ years of experience in the field of information security, computer science, computer forensics, or information assurance.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
- Experience with cyber, incident response and digital forensics, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber.
- Experience with scripting languages, including Python and PowerShell.
- Experience working in security operations environments; experience with key security operations technologies such as SIEM and a log aggregation solution
- Experience with host and network log sources to apply to investigation, IR methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
- Knowledge of common network and host security technologies and appliances.
- BA or BS degree in Computer Science, Cyber Security, or related field.
Formal Education & Certifications
- Experience with performing intermediate static and dynamic malware analysis and with setting up and leveraging automated malware analysis platforms.
- Ability to develop and coordinate hypothesis-driven analytics (hunting); ability to apply creative approaches to identifying malicious network activity.
- Knowledge of commercial and open-source malware analysis tools.
- Knowledge of Cyber threat intelligence processes and tradecraft to include the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
- Knowledge of attacker tactics, techniques, and procedures and common attack vectors and vulnerabilities.
- Knowledge of two or more scripting languages.
- Knowledge of network security technologies, log formats, SIEM technologies, and security operations.
- Ability to conduct research into geopolitical events.
- Possession of excellent oral and written communication skills.
- Experience working in the U.S. Intelligence Community or similar intelligence experience.
- BA/BS in Computer Science, Cyber Security, or related field or related work experience.
- GIAC Python Coder (GPYC) or other relevant GIAC Certification such as GIAC Security Essentials (GSEC).
- Network+, Security+, or other technical industry certifications.
- Threat Intelligence Courses.
- Log aggregation training.
- Strong customer-service orientation.
- Strong analytical skills
- High level critical thinking skills.
- Excellent written and oral communication skills.
- Excellent listening and interpersonal skills.
- Ability to communicate ideas in both technical and user-friendly language.
- Comfortable working in a dynamic environment with multiple goals.
- Highly self-motivated and directed, with keen attention to detail.
- Able to prioritize and execute tasks in a high-pressure environment.
- Experience working in a team-oriented, collaborative environment.
- Ability to deal diplomatically and effectively at all levels of the organization including both technical and non-technical, management and senior leadership.