Cyber Threat Analyst

Back

Cyber Threat Analyst

@ CGI

The responsibilities of the Cyber Threat Analyst include, but are not limited to:

• Monitor and perform initial triage on security events populated in a Security Information and Event Management (SIEM) system;

• Investigate intrusion attempts and perform in-depth analysis;

• Provide network intrusion detection expertise to support timely and effective decision making when determining whether or not to declare an incident;

• Conduct Open Source (OSINT) Cyber Threat Intelligence (CTI) research to identify threat actor motivations, capabilities, intentions and evolving TTPs;

• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident;

• Independently follow procedures to contain, analyze, and eradicate malicious activity

• Document all activities during an incident and provide leadership with status updates throughout the life cycle of the incident;

• Develop advanced queries and custom dashboards to detect adversary actions;

• Assist in the discovery of cyber vulnerabilities and the investigation of global cyber security incidents, as required;

• Conduct threat hunts to identify threat actor groups based on the MIRTE ATT&CK framework;

• Track threat actors and their associated TTPs, tools and infrastructure, and update internal threat cards;

• Provide thoroughly vetted intelligence products on emerging cyber threats, indicators of compromise and trend analysis;

• Create a final incident report detailing the events of the incident;

• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall CTAC operations;

• Provide detailed and accurate technical reporting of analysis results in the form of PowerPoint presentations and/or Word documents, as well as oral briefings on complex technical subjects attuned to senior management, technical, or non-technical audiences.


Qualifications:

• Minimum of two (2) years of direct experience in an IT Security Operations Center or Computer Incident Response Team;

• Experience with FedRAMP, and SOX compliance;

• Experience with cloud security for AWS, and Azure environments;

• Experience with cyber advanced persistent threats, actors, infrastructure, and TTPs;

• Experience with network architecture concepts, common ports and protocols, and network monitoring tools;

• Experience and extensive knowledge working with a SIEM and performing triage, information gathering and analysis;

• Experience with writing clear and concise technical documents specifically event analysis and incident handling documentation;

• Experience with IDS/IPS, EDR, SOAR, SEG, and malware sandbox solutions;

• Experience with Linux/UNIX and Windows based devices at the System Administrator level

Experience with Event log management and Log Analysis

• Organizational skills and the ability to work autonomously with attention to detail and processes;

• Excellent communication skills with experience providing incident briefings to peers, management and clients;

• Excellent written skills with experience creating formal incident reports.

DESIRED QUALIFICATIONS

• Industry recognized professional certification such as GCIH, GCIA, CEH, Security• Experience with government intelligence processes and systems

• Direct experience with Malware analysis techniques and methodologies

• Scripting skills (e.g., PERL, Python, shell scripting)

• US Federal Government security clearance


How to Apply:

Apply online at https://www.cgi.com/en/careers

Visit Site to Apply

Location: Lafayette, LA
Date Posted: March 19, 2021
Application Deadline: April 19, 2021