Principal Threat Intelligence Consultant
Jobtailor –
Deutschland
Gehalt: Von 90.000,00 € bis 130.000,00 €
Gehalt: Von 90.000,00 € bis 130.000,00 €
Responsibilities
- Operate as a technical resource within the Practice and actively participate in DFIR investigations to provide actionable intelligence.
- Mentor junior analysts and provide leadership.
- Effective engagement communication, time management, and collaboration with peers.
- Author comprehensive engagement deliverables that are tailored to both technical and managerial audiences as well as fully detail the technical findings, recommendations, business impact, and realistic remediation strategies.
- Foster client relationships by providing support, information, and guidance.
- Utilize automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients.
- Contribute to integration of existing and future open-source and commercial tools to help improve GRIT processes and procedures.
- Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry.
- Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company.
- Perform other duties as assigned.
Requirements
- Five (5+) years of experience performing Threat Intelligence analysis.
- Five (7+) combined years of IT and information security experience.
- Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes.
- Prior experience in a Consulting Services role.
- Experience implementing or improving operational processes or procedures in the intelligence analysis lifecycle.
- Proficiency hunting APT data using open source or commercial cyber threat analytic tools or data repositories such as VirusTotal, Passive Total, Threat Miner, or Maltego.
- Core capabilities include:
- Network traffic analysis
- Host forensics
- Malware handling / triage
- Log review
- Experience with a variety of industry-related solutions including EDR, SIEM, NDR, FW, NGAV, Velociraptor, OSQuery, and others.
- Strong ability to correlate data and research using open source repositories (ex. VirusTotal, Domaintools, Threatminer, etc.)
- Intermediate ability to present technical information and analysis to audiences up to 50 persons on a quarterly basis.
- Ability to apply formal intelligence analysis methods, develop hypothesis, prove/disprove relationships, always ask why, defend your analysis, and apply attribution to cyber threat activity.
- Ability to make confidence-based assessments for purposes of attribution based on their technical analysis of network traffic, multi-source data, malware and system analysis. Candidate must be able to identify analytic bias.
- Experience with common programming languages including PowerShell, Python, BASH, Go, or others.
- Experience with cloud technologies for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
- Awareness of attacker techniques, advanced threat groups, and integration of intelligence into an investigation.
- Other relevant industry certifications, such as but not limited to GCIA, GCIH, GDAT, GCFE, and GFCA.
ATS Optimization Keywords
Hard Skills
- Threat Intelligence analysis
- Network traffic analysis
- Host forensics
- Malware handling
- Log review
- Programming languages
- Automation
- Orchestration
- Scripting
- Operational processes
Soft Skills
- Mentoring
- Leadership
- Effective communication
- Time management
- Collaboration
- Client relationship management
- Adaptability
- Desire to learn
- Problem-solving
- Presentation skills
Certifications & Qualifications
- GCIA
- GCIH
- GDAT
- GCFE
- GFCA
Industry Keywords
- DFIR investigations
- Cyber threat analysis
- APT data hunting
- Intelligence analysis lifecycle
- Emerging technologies
- Attacker techniques
- Advanced threat groups
- Integration of intelligence
- Confidence-based assessments
- Analytic bias
Tools & Technologies
- VirusTotal
- Passive Total
- Threat Miner
- Maltego
- EDR
- SIEM
- NDR
- FW
- NGAV
- Amazon Web Services