Location: Issaquah, WA.
Description of Position:
The role of every Information Security team member is to support the overarching values and business goals as they relate to meeting legal, ethical and regulatory obligations; protecting member’s and employee’s privacy; and maintaining a security technology environment for our operations. The Incident Response Threat Intelligence Engineer provides threat information to help identify threat actors and methods; to enable IT solutions to build effective controls against these threats; provide situation awareness to incident response; run threat assessments for high risk events (zero-days); support proactive incident hunting; advises on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise. The Incident Response Threat Engineer develops, leads and monitors the Threat Intelligence Program.
Tasks and Responsibilities:
- Identifies and assesses internal and external cybersecurity risks that threaten the security of business operations.
- Develops and formalizes effective threat identification and assessment processes, including maintaining playbooks for obtaining, monitoring, assessing, classifying severity, and responding to evolving threats and vulnerabilities.
- Develops, maintains, and updates a repository of cybersecurity threat information that may be used in conducting risk assessments and report on cyber risk trends.
- Conducts research and evaluate intelligence data, with specific emphasis on tactics, techniques, and procedures.
- Turns threat information into actionable intelligence by integrating related Indicators of Compromise (IOC) into SIEM operations and incident response strategies.
- Correlates threat data from various sources and analyzes network events to establish the identity and modus operandi of malicious users active in or posing potential threats.
- Develops and documents Threat Intelligence procedures into Playbooks.
- Ensures that Threat Intelligence documentation is comprehensive and accurate including completes all relevant fields in case tracking database.
- Reports security performance against established security metrics.
- Works closely with various international Information Technology teams, state agencies and 3rd party vendors to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors.
- Coordinates activities or engagements with loss prevention, 3rd party security retainers, interact with legal and law enforcement as required.
- Monitors Operation, Intelligence Analyst and Hunt Teams work queues and metrics. Requests and releases team members to different roles as needed.
- Identifies, develops, and implements mechanisms to detect security incidents and report on key metrics.
- Identifies and improves security incident detection and monitoring capabilities.
- Provides management and the IR team with a contextual snapshot of the Incident Response team challenges for multiple uses by the team and management.
- Participates in the assessment, analysis and design of solutions for the Threat Intelligence Program.
- Identifies gaps and recommends changes to the Incident Response Plan.
- Subject matter expertise and provide leadership to develop the Threat Intelligence Program.
- Provides mentoring and training on tools and processes to the Threat Intelligence Team and partners.
- Regular and reliable workplace attendance at your assigned location.
Required Skills, Abilities, and Certifications:
- A Bachelor’s degree in Computer Science or a minimum of 10 years of information security experience with a focus on threat intelligence.
- High degree of ethics/confidentiality required. May be required to pass security screening.
- Ability to provide accurate analysis that minimizes bias and error.
- Ability to develop processes and tools to effectively share actionable intelligence information.
- Rule correlation evaluation and development experience highly recommended but not required.
- Ability to work effectively, independent of assistance or supervision.
- Ability to work under pressure in a highly team focused environment is required.
- Innovative, creative, and extremely responsive, with a strong sense of urgency.
- Willing to share knowledge and assist others in understanding technical and business topics.
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
Recommended:
- One or more professional security certifications such as CISSP (or equivalent).
- Experience with scripting languages such as Python.
- Familiarity with link analysis and data mining tools like Maltego.
- Successful internal candidates will have spent one year or more on their current team.