Threat Intel Technical Analyst Fusion, Associate, Singapore
- Singapore Singapore Singapore SG
- Permanent, Full time
- Morgan Stanley
- 20 Jun 18 2018-06-20
See job description for details
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firms 55,000 employees, located in 747 offices across 42 countries, serve clients including corporations, governments and individuals. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, a strong team ethic and giving back to our communities. Morgan Stanley provides a superior foundation for building a professional career - a place for people to learn, achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Division & Department Profile
The mission of the Global Technology division is to provide a highly reliable and commercial technology platform, which supports the Firms strategy, delivered by an innovative, world-class team of professionals. Technology & Information Risk (TIR) is part of the Global Technology organization and manages operational and technology related risks on behalf of the Firm. TIR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology and Data understands how to manage escalate and monitor risk.
Morgan Stanleys state-of-the-art Cybersecurity Fusion Center (Fusion) is charged with orchestrating prevention, detection, and response to cyber events that threaten the Firms clients, assets, and reputation. Partnering with key stakeholders across Enterprise Technology & Risk and the Business Units, Fusion manages cyber events from detection through response to resolution, and serves as the Firms focal point for cyber communications and reporting. Fusing together information received externally from our partners and internally from our detection and analytics teams to enable rapid decision-making, Fusion is the cornerstone of the Firms agile and adaptive cyber defense strategy - enabling the Firm to rapidly align our defensive capabilities to adapt to changing adversary tactics.
The Threat Intelligence (TI) Team specializes in the collection and analysis of information pertaining to the cyber threat landscape and assesses potential impact to the Firm and its operations. The teams key mission is to support and enhance the Firms security posture by providing situational awareness and a thorough understanding of the cyber threat landscape through the delivery of timely and actionable intelligence. The team regularly produces intelligence analysis for its defined stakeholders and contributes to Fusions detection efforts, preventative security controls and response to cyber events.
By combining technical expertise with a thorough understanding of the geopolitical and strategic threat landscape, the team ensures depth and breadth of coverage of cyber threats and events, and contextualizes them to help determine their relevance to the Firm. The team is made up of a Strategic Hub (New York), a Technical Analysis Hub (Baltimore) and Joint Hubs (Glasgow, Singapore).
The team is currently seeking a Technical Threat Intelligence Analyst to join the Joint Hub in Singapore which is responsible for providing both technical and strategic assessment of the threat landscape to key leaders and stakeholders. The Hub will play a key role in fostering engagement and partnerships with regional government and private sector peers. Members of the Hub will actively participate in information-sharing initiatives to increase the Threat Intelligence Teams profile among local peers and contribute to develop the Teams understanding of the regional threat landscape.
The Technical Analyst is responsible for performing day-to-day intelligence collection, analysis and dissemination. The analyst will cultivate and maintain sources and methods necessary to efficiently perform their function. On a daily basis, the analyst will research vulnerabilities, threats, tactics, techniques and procedures (TTPs) related to threats to the financial sector. They will identify threat indicators, perform OSINT research, analyze Splunk logs, triage indicators of compromise (IOCs) of phishing campaigns and other malicious activity as collected from external sources, perform analysis of malicious code and support the Global TI Head and local TI Team Leader as required. The Technical Analyst will possess a solid understanding and knowledge of malware families/capabilities, exploitation techniques and adversarial Tactics, Techniques and Procedures (TTPs) to assist other security teams with analysis and interpretation of indicators/artifacts during security events.
Monitor intelligence sources for actionable indicators/information, including:
Vendors and Private Sources
Internal Sources (Situational Awareness/Identifying Patterns/Trends/Holistic Approach)
Perform analysis/assessment of actionable indicators
Analyze malicious code to obtain additional actionable indicators and gain deeper understanding of specific threats
Collect, assess, and catalogue threat indicators and add context to convey urgency, severity, and credibility
Maintain and curate Threat Register entries in line with defined Areas of Responsibility (AORs)
Maintain and curate high-quality/high-fidelity IOCs for ingestion into Threat Intelligence Platform
Engage Strategic Intelligence Analysts for collaborative threat assessments
Author technical deep-dive reports and other malware analysis as requested
Respond to RFIs
Research and provide analysis of new exploitation techniques observed in the wild
Share information collected with appropriate internal teams and external partners
Actively participate in external engagements with financial sector peers to provide representation for Morgan Stanley
Experience & Skills Required (essential)
2+ years of professional analytical experience, preferably within an intelligence function in the financial sector
General understanding of the tactics, techniques, and procedures of cyber threat actors
Experience and understanding of a wide range of information security disciplines including basic Splunk queries, malware analysis via sandboxing, static/dynamic analysis and familiarity with a broad range of programming languages (preferably Python)
Experience working with the Kill Chain, Diamond Model of Intrusion and similar frameworks and concepts
Experience with conducting intelligence investigations and familiarity with investigative tools, including Maltego, DomainTools, and VirusTotal
Understanding of key intelligence analysis concepts, including the intelligence cycle
Excellent writing, presentation and communications skills, preferably used in communicating findings and recommendations
Bachelor Degree in Information Technology, Computer Science, or Intelligence fields or equivalent professional qualification.
Experience & Skills Preferred
International experience or experience working for a globally distributed organization
Malware analysis experience in professional or personal capacity
Script experience using Python
Familiarity with Threat Rating Methodology
Experience using Threat Intelligence Platforms (TIPs)
Active memberships with associations across the security and intelligence community