[Remote] Threat Intelligence Lead

Note: The job is a remote job and is open to candidates in USA. NuHarbor Security is focused on improving the cybersecurity of clients through a comprehensive suite of services. The Threat Intelligence Lead plays a critical role in proactively hunting for threats, collaborating with teams to refine detection capabilities, and providing actionable intelligence to clients.

Responsibilities

• Conduct client directed proactive investigations to identify cyber threats, advanced persistent threats, and anomalous activity within enterprise networks and endpoints
• With a focus on client environments and desired outcomes, research new and existing threat actors and associated tactics, techniques, and procedures (TTPs); developing a detailed understanding of their potential impact on the client
• Perform deep-dive analysis of suspected security incidents to determine impact, risk, and response actions
• Lead and manage threat research initiatives to assess emerging threats and vulnerabilities, and correlate adversary activities, attack chains, and artifacts to provide threat intelligence that supports the timely detection of active threats
• Identify and propose automated detections for new and previously unknown threats. Collaborate with NuHarbor internal and external Cyber organizations to mitigate risk by testing, deploying, and developing investigative playbooks
• Produce and disseminate timely, actionable, and relevant threat intelligence to detection engineering to inform NHS' detection package based on relevant threats to NuHarbor's client base
• Develop and deliver finalized threat intelligence to the SOC that directs intelligence-driven threat hunting efforts and convert results into actionable intelligence that can inform the adjustment of existing detections and the creation of new detections
• Lead threat intelligence requirement development and intelligence delivery (tactical, operational, and strategic) across all applicable NuHarbor stakeholders
• Lead the management, maintenance, and general administration of NuHarbor's threat intelligence tooling, infrastructure, Threat Intel Platform (TIP), threat feeds, and threat information sharing efforts
• Work with Managed Services and Client Success to deliver high priority situational awareness/intelligence to the NuHarbor client based in response to emergent threats while collaborating with detection engineering to provide timely solutions
• Act as a centralized point for threat hunters and red team to collaborate with when researching emerging threats that provide opportunities to address detection gaps Skills
• Bachelor's Degree and five (5) years of experience. Experience should be in a cybersecurity field and should include relevant industry certifications
• In lieu of a degree, two (2) years of experience in a related technology field and relevant industry certifications are required
• Two (2) or more years of experience in a threat analyst role
• A minimum of two (2) years of experience with OSINT and threat hunting
• A minimum of one (1) year of experience using Splunk and or other SIEM technologies
• Demonstrated expertise in intelligence tradecraft, the intelligence lifecycle, common threat modeling frameworks: MITRE ATT&CK, Diamond Model, PEAK, Cyber Kill Chain, D3F3ND
• Experience using Threat Intelligence tools and processes necessary to collect information about adversary groups and cybercriminals that may target the NuHarbor Security client base: OpenCTI, Shodan, AbuseIPDB
• Ability to communicate complex security concepts to audiences of varied technical understanding, including business stakeholders, sales, engineering, and customers
• Demonstrated understanding of networking concepts and architecture
• Experience giving security recommendations and meeting with clients
• Familiarity with network, system, and application layer attacks and mitigations
• Maintain at least one (1) industry certification required to support the managed services (MS) Catalog: Security+, Network+, CeH, CYSA+
• Must be a citizen of the United States
• Three (3) or more years of experience in a threat analyst role and/or with OSINT and threat hunting
• Five (5) or more years of experience in a security analyst role
• Two (2) years of Experience performing threat hunting across client accounts via Splunk, Microsoft Sentinel, or other SIEM
• Demonstrated experience with security controls and frameworks and the technologies that supply these controls: NIST Risk Management Framework/NIST Cyber Security Framework, CIA Triad, Identity and Access Management, Encryption, Incident Response Lifecycle
• Experience drafting threat intelligence portions of bi-weekly and quarterly reports
• Maintains multiple industry certifications required to support the managed services (MS) Catalog: Security+, Network+, CeH, CYSA+
• Threat Intelligence Certifications: The GIAC Cyber Threat Intelligence (GCTI), The GIAC Defending Advanced Threats (GDAT), The GIAC Enterprise Incident Response

Apply tot his job Apply To this Job