ROLES AND RESPONSIBILITIES Develop Indicator Enhancement/Enrichment Playbook for the Threat Intelligence Platform (TIP).Collect and ingest data from various sources to the TIP.Develop systems integration between multiple Threat Intelligence Source APIs and the TIP to ingest indicators of compromise.Develop threat intelligence data dashboards, based on various tagging, and indicator types along with their threat severity and confidence levels.Develop and maintain API connections with various security stack solutions.Understand and maintain API that enables the system integration between Apache Nifi and the indicators database (mirror of the Threat Intelligence Platform Database). This API handles requests to build IOC feeds based on indicator types, indicator attributes or tags, and indicators severity, and handles the enrichment of indicators.Develop and maintain threat intelligence system to gather IOC data from multiple external threat intelligence feeds.Collect, review, and analyze internal, open source, and dark web datasets to integrate with TIP and other security monitoring solutions.Apply knowledge of current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks.Understand and maintain VPN infrastructure.Understand and maintain email servers used to deliver notifications and automated projects.Provide accurate and priority-driven analysis on cyber activity/threats and present complex operational/technical topics to senior managers and stakeholders.Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the organization, as well as different business segments.Ability to develop processes, scripts, and code in a quick manner to support current operations and to improve automation processes.Ability to work in a fast-paced environment with minimal supervision.BASIC REQUIREMENTS/TECHNICAL SKILLS REQUIRED Excellent English verbal and written communications skills.Firm understanding and implementation of Software Development Life Cycle (SDLC) processes and executions.Firm understanding of programming languages: Python, Perl, PHP, Java, .net, and C.Good understanding of JQuery/Javascript web client applications.Firm understanding of database infrastructure development and management (PostgreSQL, MySQL, etc.) and NOSQL (MongoDB, DocumentDB, Elasticsearch, etc.) databases.Firm understanding of STIX/TAXII formats and integration with security stack.Firm understanding of Apache Nifi and Kafka.8+ years of cybersecurity, threat intelligence, or network security experience; experience can include one or more of the following cyber-security functions: Cyber Threat Intelligence, Threat Hunting, System Administration, Intrusion Detection/Prevention, Monitoring, Incident Response, Digital Forensics, Vulnerability Management.Firm understanding of network security concepts, including threat and risk analysis, security event/incident monitoring, asset and risk management, and intrusion detection and prevention sensors.Experienced configuring both Windows and Linux networks.Prior experience as a technical cyber threat intelligence (or related) subject matter expert that has worked across organizational boundaries to analyze cyber threats to their organization's infrastructure and services.A strong understanding of the cyber security principles, methodologies and best practices including knowledge of common threats, attack vectors, zero-days and exploitation techniques.A strong understanding of the Threat Intelligence terminology, the threat intelligence life cycle (cyber threat intel collection, data processing, analysis and findings reporting).
#J-18808-Ljbffr
