Align Group - Cyber Security Engineer - Threat Modeling (8-12 yrs)

- Experience:

- 4+ years of experience in cybersecurity with at least 2 years focusing on threat intelligence or incident response.

- Experience working in a SOC or MSSP environment preferred.

- Strong familiarity with threat intelligence platforms, SIEMs, and security analytics tools.

- Experience with threat intelligence sources (OSINT, commercial feeds) and frameworks like MITRE ATT&CK.

Certifications : One or more of the following (or equivalent) :

- GIAC Certified Threat Intelligence Analyst (GCTI)

- Certified Information Systems Security Professional (CISSP)

- Certified Ethical Hacker (CEH)

- SANS Cyber Threat Intelligence (CTI) certification

1. Threat Intelligence Gathering and Analysis :

- Continuously monitor and collect data from a variety of internal and external threat intelligence sources, including open-source intelligence (OSINT), commercial feeds, and dark web monitoring.

- Analyze threat actor tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK to understand potential impact on client environments.

- Identify new and emerging threats, vulnerabilities, and exploits that could affect MSSP clients.

- Conduct deep-dive research into cyber threat activity groups, campaigns, and malware to provide actionable intelligence to SOC teams.

2. Threat Reporting and Dissemination :

- Develop and distribute threat intelligence reports to SOC analysts and clients, including daily, weekly, and monthly intelligence updates.

- Create tailored threat briefs for specific industries or clients based on their environment and threat profile.

- Collaborate with SOC and incident response teams to ensure threat intelligence is utilized effectively in detection rules, playbooks, and incident response activities.

- Provide timely alerts and threat advisories to clients regarding active or emerging threats.

3. Integration with SOC Operations :

- Work closely with SOC analysts to integrate threat intelligence into existing monitoring, detection, and response workflows.

- Enrich SIEM alerts and incident investigations with threat intelligence to improve context and accuracy of detections.

- Help develop and tune detection use cases and correlation rules based on threat intelligence and evolving adversary behaviors.

- Provide input into incident response playbooks and processes, ensuring they are aligned with the latest threat intelligence.

4. Threat Hunting Support :

- Support the SOC team in proactive threat hunting activities by identifying indicators of compromise (IOCs) and providing guidance on where to focus investigations.

- Assist in identifying advanced persistent threats (APTs), malware infections, and other high-risk activities within client environments.

- Develop and share hunting hypotheses with SOC teams based on the latest intelligence and observed attack patterns.

5. Threat Intelligence Platform (TIP) Management :

- Manage and maintain the organization's Threat Intelligence Platform (TIP) and ensure it integrates with the SIEM and other security tools.

- Curate threat intelligence feeds and prioritize intelligence that is most relevant to MSSP clients and their industries.

- Perform regular updates and quality checks on IOCs, threat indicators, and intelligence data within the TIP.

- Ensure that threat intelligence data is actionable, timely, and relevant to improve operational SOC effectiveness.

6. Collaboration with External Threat Intelligence Communities :

- Participate in threat intelligence sharing communities, Information Sharing and

- Analysis Centers (ISACs), and trusted industry networks.

- Share relevant intelligence and receive updates from industry peers, law enforcement, and government agencies.

- Stay current on the global threat landscape by attending conferences, webinars, and engaging in continuous learning opportunities.

7. Threat Intel Automation and Analytics :

- Implement automation where possible to streamline the ingestion and analysis of threat intelligence data.

- Use data analytics to identify patterns in threat intelligence and produce predictive insights for clients.

- Collaborate with the security engineering team to automate the integration of IOCs and threat indicators into detection platforms.

8. Client Interaction and Customization :

- Work directly with MSSP clients to understand their specific threat landscape, industry challenges, and business requirements.

- Provide threat intelligence briefings tailored to client-specific concerns, such as sectoral threats or geopolitical risks.

- Assist clients with identifying and mitigating threats specific to their environment through actionable intelligence.

- Contribute to periodic client meetings by delivering updates on emerging threats, industry trends, and recommendations for improving security posture.

9. Training and Knowledge Sharing:

- Provide ongoing training and threat intelligence updates to SOC teams to enhance their awareness of the current threat landscape.

- Develop knowledge-sharing resources like threat intelligence dashboards, wikis, and threat actor profiles for use by internal teams and clients.

- Mentor junior SOC analysts in understanding and applying threat intelligence in day-to-day operations.