State Street is seeking a senior cyber threat intelligence analyst to lead the activities of the Cyber Threat Intelligence (CTI) Team. This person will lead a team of analyst to conduct all source cyber intelligence analysis and reporting operations. The ideal candidate will exhibit an innovative mindset and proven capacity for identifying, analyzing, and reporting cyber threats related to the financial sector and to State Street. Duties will include leading and managing intelligence operations and conducting threat modeling and hunting across the network utilizing the ATT&CK Framework. In this role, the candidate will use their understanding of attack vectors to seek out threats looking to exploit the network. We are looking for creative thinkers and a self-starter who possesses the skills and experience to lead teams and build new capabilities.
Who are we looking for:
As a Senior CTI Analyst you will serve in the highest tier of analyst escalation for analyzing and responding to threats confronting State Street. CTI staff analyzes cyber threats related to the financial sector and applies this analysis to SOC operations, threat modeling, threat hunting, and business needs while ensuring that senior leaders are advised of current and ongoing threats.
What will you be responsible for:
Leading investigations and providing support to the incident response team.
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Provide critical input and decision support to shape our threat detection program (e.g. new detection methods & tuning).
Developing and maintaining the Cyber Threat Level (CTL) to determine actions needed during times of escalated threat
Author investigation and incident reports and conduct intelligence briefings for technical and non-technical audiences.
Influence enhancements to preventative and detective controls.
Design, maintain, and implement cyber threat modeling and hunt initiatives using ATT&CK framework.
Participate in incident response preparedness exercises (e.g. table tops & cyber ranges).
Participate within cyber and financial services industry groups (FS-ISAC, ARC, ACSC, etc.)
Act as a backup incident response resource.
What we value:
Ability to lead and conduct investigations and report findings to leadership.
Knowledge of cyber threats and vulnerabilities.
Knowledge of adversarial tactics, techniques, and procedures.
Knowledge of incident response and handling methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of threat hunting techniques, tools and operational procedures.
Familiarization of the MITRE ATT&CK Framework.
Knowledge of IT architecture and operations (computing, network, storage & cloud)
Knowledge of computer networking concepts and protocols, and network security methodologies
Ability to work well with others and under pressure.
Knowledge of responding to audit and regulatory requirements.
Exercise development to include writing scenarios and injects as well as coordinating tests.
Education & Preferred Qualifications
5+ years in a SOC or incident response, threat hunting, forensics or similar role
BS in Cyber Security, Information Systems, Information Technology, or Computer Science preferred
Security certifications a plus: GCIH, CISSP, CEH, OSCP
IT certifications a plus: Cisco, Microsoft, etc.
Software development and/or scripting experience a plus: Python, Powershell, etc.
Financial services experience preferred
On call rotation