Cyber Threat Intelligence Analyst
- Belfast, Northern Ireland, United Kingdom
- Permanent, Full time
- Chicago Mercantile Exchange
- 18 Nov 18
Cyber Threat Intelligence Analyst
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
The Cyber Defense Analyst (Engineer I) is part of a team of analysts who consume, process, analyze, and operationalize cyber threat intelligence, threat data, or other indicators of threat activity for the purposes of improving enterprise security detection and prevention capabilities.
Key responsibilities include:
- Timely development and deployment of customized detection logic based on provided intelligence.
- Coordinate and conduct proactive hunting exercises, retrospective searching for known indicators of malicious activity.
- Coordinate with security operations and incident response staff to tune and improve detection capabilities or to aid in investigations or respond to incidents.
- Consume and analyze threat intelligence reports in order to author signatures, queries, or other analytics that will be deployed for detection and prevention purposes. Examples include SIEM rules and alerts; Suricata, Snort, and YARA rules; and host-based intrusion detection signatures.
- No formal work experience is required for this position. Successful candidates should be able to demonstrate a passion for information security through course work/degrees completed, self-study, and/or certifications that have been completed.
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
- Experience with cyber, incident response and digital forensics, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber.
- Experience with scripting languages, including Python and PowerShell.
- Experience working in security operations environments; experience with key security operations technologies such as SIEM and log aggregation (e.g., Splunk).
- Experience with host and network log sources to apply to investigation, IR methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
- Knowledge of common network and host security technologies and appliances.
- BA or BS degree in Computer Science, Cyber Security, or related field.
- Experience with performing basic static and dynamic malware analysis and with setting up and leveraging automated malware analysis platforms.
- Ability to develop and coordinate hypothesis-driven analytics (hunting); ability to apply creative approaches to identifying malicious network activity.
- Knowledge of commercial and open-source malware analysis tools.
- Knowledge of Cyber threat intelligence processes and tradecraft to include the Cyber Kill Chain and Diamond Model of Intrusion Analysis.
- Knowledge of attacker tactics, techniques, and procedures and common attack vectors and vulnerabilities.
- Knowledge of one or more scripting languages.
- Knowledge of network security technologies, log formats, SIEM technologies, and security operations.
- Possession of excellent oral and written communication skills.
- Experience working in the Five Eyes or similar intelligence experience.
- BA/BS in Computer Science, Cyber Security, or related field or related work experience.
- GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or other relevant GIAC Certification such as GIAC Security Essentials (GSEC).
- Network+, Security+, or other technical industry certifications.
- Threat Intelligence Courses.
- Log aggregation training.
- Strong customer-service orientation.
- Strong analytical skills
- High level critical thinking skills.
- Excellent listening and interpersonal skills.
- Ability to communicate ideas in both technical and user-friendly language.
- Ability to conduct research into geopolitical events.
- Comfortable working in a dynamic environment with multiple goals.
- Highly self-motivated and directed, with keen attention to detail.
- Able to prioritize and execute tasks in a high-pressure environment.
- Experience working in a team-oriented, collaborative environment.
- Ability to deal diplomatically and effectively at all levels of the organization including both technical and non-technical, management and senior leadership.