Search jobs
Search salary
Tax calculator
Log In
For Employers
Threat Intelligence Analyst
Gijima
Midrand, Johannesburg Metro, Johannesburg Metro
4d ago

Formal Education

  • BSC degree in relevant field / technology (or equivalent years of experience)

    • Experience

  • minimum of 4 years of related experience
  • Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting
  • Experience analysing phishing attacks
  • Significant experience in network intrusion detection
  • Experience creating specific mitigation tactics such as IDS signatures
  • Experience producing reports and briefs on the current threat landscape and associated risks
  • Experience with conducting vulnerability assessments using tools like Tenable or similar
  • Experience on threat intelligence feeds in terms of application and usability
  • Experience monitoring third party security related websites, forums and social media sites for information regarding vulnerabilities and exploits
  • Experience conducting malware analysis usage of VirusTotal etc
  • Experience using common sandbox technologies to perform dynamic malware analysis
  • Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and / or exploit tools

    • Technical / Legal Certification

  • CISSP, CEH, GPEN, OSCP or similar security certifications
  • Certification in IBM Qradar essential

    • Responsibilities

  • Supports the Threat and Advanced Cyber Defence Team with reporting, management, and remediation of threats against customers.
  • Conduct cyber intelligence operations including intelligence collection, tracking threat actors, identifying malicious behaviours and operations.
  • Participates on Incident Response teams as threat / forensic SME (Subject Matter Expert)
  • Perform network traffic and anomaly analysis, as well as indicators of compromise from system logs (Unix & Windows), application / database and firewall logs, IDS / IPS alerts, WAF alerts, endpoint malware alerts.
  • Manages multiple investigation requests through the entire lifecycle of initiation, data collection, analysis, and data production
  • Performs assessments of security profiles and correlates vulnerability data with network topology information to quickly identify risks
  • Recommends and tracks the application of fixes, security patches and security updates on various levels
  • Produces recommendation reports on patches, exploits and vulnerabilities
  • Works with customers, vendors and internal resources for problem resolution and security advisories
  • Standardizes process and procedures and provides continual improvement
  • Develops and maintain comprehensive documentation on incidents and analysis for clients and internal
  • Compile security advisories for internal and external in document format with technical recommendations
  • Use case writing, development and refinement for detection of threats
  • Proactively search for rogue behaviour, malicious attacks & suspicious activity
  • Training of junior analysts
  • Analyse threat feeds to produce daily / weekly / monthly Threat Intelligence brief and regular threat trend reporting

    • Knowledge

  • Ability to identify and recommend mitigations for vulnerabilities, exploits, patches
  • Understanding of "attacker" methodologies and tactics, including kill-chain analysis
  • Familiarity with Advance Persistent Threat groups and Hacker activity
  • Construct correlation and application rules in a SIEM environment from use cases
  • Knowledge of cyber security methodology and security best practices
  • Familiar with Data Privacy laws and the associated security requirements.

    • Skills

  • Excellent problem solving and analytical skills
  • Excellent written and oral communication skills
  • Strong security research skills on hackers, threats and the attack surface at a global and local level
  • Programming skills required : Python, Java, Perl
  • Ability to read network logs and analyse network packet capture data. Wireshark
  • Ability to perform malicious code reverse engineering (advantageous)
  • Ability to utilize common sandbox technology to perform dynamic malware analysis

    • Attributes

  • Comfortable working in a virtual team environment
  • Presenting and Communicating Information
  • Deciding and Initiating Action
  • Coping with Pressures and Setbacks
  • Applying Expertise and Technology
  • Following Instructions and Procedures
    • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    Add to favorites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form