Skip to Main Content
← Back to Jobs

Jr. Cyber Threat Intelligence Analyst

TEKsystems Phoenix, AZ
  • Posted: over a month ago
  • $60,000 to $80,000 Annually
  • Full-Time
  • Benefits: Vision, Medical, Life Insurance, 401k, Dental

Permanent Position: Salary expectations are $60-$80K/year + bonus

TOP SKILLS:

  1. Tactical knowledge of common security controls or attack vectors or attack techniques (this person will need to take the time to figure out how attack vectors work as a whole)
  2. Analytical skills… analyst trained: using analysis of competing hypotheses, “what if”, key assumptions check (have to understand you have to do analysis: research, reading, and pulling information together – has to be something they do and like to do)
  3. Background in Threat Intelligence, architecture, forensics, engineering, or security operations (fields that force people to think)

JOB DESCRIPTION:

The Cyber Threat Intelligence Analyst is responsible for providing analysis in order to identify threats, quantify vulnerabilities of current threats in order to develop timely and actionable alerts, briefs and analytical assessments. Focusing on threats originating in information technology environments, the Information Security Analyst will produce actionable information in a clear and concise manner. This position will support the American Express Fusion Center. The individual will report top threats impacting American Express Financial Technologies, by providing awareness, indications, warnings, and operational readiness, the Fusion Center protects the AXP brand, global business operations, technology infrastructure and client trust against cyber threats worldwide.

• Analyze, process, and compare data to produce tactical intelligence products.
• Identify credible, new intelligence and subject matter resources relative to current/emerging threats.
• Author tactical assessments on cyber threats, attacks, and incidents of interest to AXP.
• Provide subject matter expertise on cyber threats to support current analytic operations and initiatives.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Create written and verbal intelligence products for internal AXP customers to assist in proactively addressing threats to the IT or InfoSec infrastructure.
• Perform open source threat collection and analysis activities identifying indication of cyber threats, identify malicious code, websites, and vulnerabilities through automated and manual analysis using existing and purpose-built tools.
• Experience in analyzing malware / hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions.
• Collect, analyze, catalog, store, and assist in the deployment of indicators of compromise (IOCs) in partnership with the Fusion Center to help refine detection and response efforts.
• Conduct intrusion analysis to ascertain the impact of an attack and develop threat trends to develop mitigation techniques and countermeasures that can prevent future attacks.

QUALIFICATIONS REQUIRED

KNOWLEDGE / SKILLS
• In-depth knowledge of common security controls, detection capabilities, and other practices / solutions for securing digital environments, to include packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus, Intrusion Detection/Prevention Systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
• Experience in analyzing malware / hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions.
• Understanding of forensic analysis on and data captures from networks / packet capture, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations.
• Understanding of what information or assets are of value to threat actors and how organizations are breached.
• In-depth understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies).
• Must
have
strong
verbal
and
written
communication
skills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Can apply a variety of structured analytic techniques to generate and test a hypothesis, assess cause and effect, challenge analysis, and support decision making.
• Should have working knowledge in two or more of the following areas:
o Nation State Threat actors
o Cybercrime
o Hacktivism
o Distributed Denial of Service attacks
o Fraud
o Malware (i.e. remote access tools, exploit kits, etc.)
o Emerging Threats
o Phishing Techniques
o Social Engineering
o Web Application Attacks

EXPERIENCE
• Previous experience as a Military Threat Operations team member, Security Researcher, Cyber Threat Researcher, or Cyber Crime investigator preferred.
• 2+ years’ working in one or more of threat intelligence, Security operations, security engineering, security architecture, or forensics
• Possesses the ability to review information to determine its significance, validate its accuracy and assess its reliability.

EDUCATION / CERTIFICATIONS
• Bachelor's degree or equivalent combination of education and experience preferred

ADDITIONAL INFORMATION:

From a threat intelligence perspective this group looks at it mostly from a threat actor perspective. This position will involve reading a lot of information (looking at several different vendors and feeds) and determines if it's a transitional problem. This requires technical background/research

For the Framework, they follow the DOD intelligence cycle but they have to modify it for the private sector, a lot is involved in planning and assessment (they have to understand what the customers need and want and put together priority intelligence). For the collection side they are puling in the information to help answer various question. In order to pull that information there’s automated ways into the threat intelligence platform. All vendors are in there, it's linked to the FS-ISAC where they can ask questions to a listerve and groups and learn where to go, and bounce ideas off of people working at BofA, Wells Fargo, learn the collection part of where to go for information

Within this threat intelligence team, the IOC (indicators of compromise) are IP addresses, email addresses, they are data not intelligence – the threat intelligence platform has automated that, now they get them directly, so they aren't asking as much any more.

This is a high level role, ideally this person will already be doing cyber threat intelligence, if they have the technical capability/knowledge as well as the maturity, can teach them the intelligence part. From a technical capability perspective they are looking for individuals that are a "jack of all trades," don’t need to be experts at everything, in depth knowledge meaning, can go look at this resource (attack vector or that threat) vs. I know how to detect that attack.
This person will have exposure to a lot of strong security operations detections, and need to know what other attack vectors there, thinking beyond the toolset, beyond what policy and procedure they have been taught, have to be able to research beyond as set of tools, they didn’t want to do the in depth research, using tools linking the attack vectors. Have to deep dive into the stuff and the adversaries. There are private Intel vendors so tools used will be access to the portal, raw data, from an open source Intel perspective, hundreds of websites: virus total, google dork, security forums.

There will be a sense of urgency since this is an operations role where previous architects might get a month to research, but this role will require a response within an hour. The job itself is supporting operations, but it’s different in the Intel world, from a career progression perspective – they also get into the strategic analysis part, 20% of the time is an incident response, 80% of the time is more of the 12-18 months out planning. It's a mix of the technical/tactical role. It’s not a step back, it’s just a different career path – cyber threat intelligence is new to the private sector, not a step backward it's more of a step sideways.

INTERVIEW PROCESS:

1-step phone interview. Possibility for a second-round interview in-person as well.

WORK ENVIRONMENT:

The cyber intelligence team is 9, soon to be 10 handling tactical, operational and strategic parts of the business. This role will take place on the fusion center floor, it's very technical so we need someone who understands attacks and can provide context to the attacks (using information from vendors) in order to help minimize the time it takes to react, and also do more in depth research to help move to a proactive defense.

BUSINESS CHALLENGE:

This role is responsible for providing analysis in order to identify threats, and quantify vulnerabilities in order to provide awareness, indications, warnings, and operational readiness. The Fusion Center protects the company brand, global business operations, technology infrastructure and client trust against cyber threats worldwide.

From an operational perspective, this role will be cutting the time of detection and response down significantly on an incident by incident basis. From the strategic side, this position will provide a 6-12 month outlook on if a new attack technique is going to be the attack vector.

NON-TECHNICAL SKILLS:

Create written and verbal intelligence products for internal customers to assist in proactively addressing threats to the IT or InfoSec infrastructure. Must have strong verbal and written communication skills; interpersonal collaboration skills

WHY CONSIDER THIS OPPORTUNITY?

This role is an opportunity to join a high sophisticated and advanced Information Security organization of over 800 people. Within the cyber security world, this company has made huge investments into protecting their brand. This is a high visibility project, with backing from high level leadership in the organization.

We are the world's largest global payments network, owning relationships with Card Members and merchants. They provide products and services to customers around the world, process millions of transactions daily, and drive more than $1 trillion in commerce a year.

Company was ranked #69 on Fortune 100 Best Companies to work for list, it was also ranked #17 on the World's Most Admired Companies list

TEKsystems

TEKsystems is the nation's leading IT staffing and services company.

Address

3202 W. Behrend Drive, Phoenix, AZ 85054
Phoenix, AZ
USA

What email should the hiring manager reach you at?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

What email should we contact you at once we get salary info from the hiring manager?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

Our qualification feature is only available to registered members - what email address would you like for us to keep on file?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.