Threat Intelligence Analyst
Midrand, Johannesburg Metro, Johannesburg Metro
4d ago

Formal Education

  • BSC degree in relevant field / technology (or equivalent years of experience)
  • Experience

  • minimum of 4 years of related experience
  • Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting
  • Experience analysing phishing attacks
  • Significant experience in network intrusion detection
  • Experience creating specific mitigation tactics such as IDS signatures
  • Experience producing reports and briefs on the current threat landscape and associated risks
  • Experience with conducting vulnerability assessments using tools like Tenable or similar
  • Experience on threat intelligence feeds in terms of application and usability
  • Experience monitoring third party security related websites, forums and social media sites for information regarding vulnerabilities and exploits
  • Experience conducting malware analysis usage of VirusTotal etc
  • Experience using common sandbox technologies to perform dynamic malware analysis
  • Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and / or exploit tools
  • Technical / Legal Certification

  • CISSP, CEH, GPEN, OSCP or similar security certifications
  • Certification in IBM Qradar essential
  • Responsibilities

  • Supports the Threat and Advanced Cyber Defence Team with reporting, management, and remediation of threats against customers.
  • Conduct cyber intelligence operations including intelligence collection, tracking threat actors, identifying malicious behaviours and operations.
  • Participates on Incident Response teams as threat / forensic SME (Subject Matter Expert)
  • Perform network traffic and anomaly analysis, as well as indicators of compromise from system logs (Unix & Windows), application / database and firewall logs, IDS / IPS alerts, WAF alerts, endpoint malware alerts.
  • Manages multiple investigation requests through the entire lifecycle of initiation, data collection, analysis, and data production
  • Performs assessments of security profiles and correlates vulnerability data with network topology information to quickly identify risks
  • Recommends and tracks the application of fixes, security patches and security updates on various levels
  • Produces recommendation reports on patches, exploits and vulnerabilities
  • Works with customers, vendors and internal resources for problem resolution and security advisories
  • Standardizes process and procedures and provides continual improvement
  • Develops and maintain comprehensive documentation on incidents and analysis for clients and internal
  • Compile security advisories for internal and external in document format with technical recommendations
  • Use case writing, development and refinement for detection of threats
  • Proactively search for rogue behaviour, malicious attacks & suspicious activity
  • Training of junior analysts
  • Analyse threat feeds to produce daily / weekly / monthly Threat Intelligence brief and regular threat trend reporting
  • Knowledge

  • Ability to identify and recommend mitigations for vulnerabilities, exploits, patches
  • Understanding of "attacker" methodologies and tactics, including kill-chain analysis
  • Familiarity with Advance Persistent Threat groups and Hacker activity
  • Construct correlation and application rules in a SIEM environment from use cases
  • Knowledge of cyber security methodology and security best practices
  • Familiar with Data Privacy laws and the associated security requirements.
  • Skills

  • Excellent problem solving and analytical skills
  • Excellent written and oral communication skills
  • Strong security research skills on hackers, threats and the attack surface at a global and local level
  • Programming skills required : Python, Java, Perl
  • Ability to read network logs and analyse network packet capture data. Wireshark
  • Ability to perform malicious code reverse engineering (advantageous)
  • Ability to utilize common sandbox technology to perform dynamic malware analysis
  • Attributes

  • Comfortable working in a virtual team environment
  • Presenting and Communicating Information
  • Deciding and Initiating Action
  • Coping with Pressures and Setbacks
  • Applying Expertise and Technology
  • Following Instructions and Procedures
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form