Cyber Threat Hunting and Intelligence Analyst

Joining Marvell as Cyber Threat Hunting and Intelligence Analyst, you will be a senior-level expert at identifying and responding to cyber threats against Marvell. The SOC is the central nervous system for the cybersecurity organization, a 24x7 service responsible for detection, assessing, and responding to security threats globally. In this role you will enable the SOC to excel. You will have a high degree of freedom to hunt for and investigate sophisticated threats, and to develop detection logic, response playbooks, and automation to accelerate Marvells ability to respond to emerging threats.

• Keep a finger on the pulse of threat and actor trends; advise IT and business stakeholders when immediate action is justified; and adjust detection engineering priorities based on the current threat landscape.
• Identify and digest threat data from various open and closed sources, correlating it against environmental context and ATT&CK matrix to produce threat intelligence. Validate for actionable items, and communicate validated threats to SOC for appropriate action.
• Threat hunting and forensic analysis. You will devise hunt hypotheses, creatively find new and unusual threats, and will confirm the reach of threats identified by the front line.
• You will test existing detection logic for gaps and faulty assumptions, creatively identifying ways adversaries might evade detection, and then come up with solutions.
• Provide expert threat analysis support to CSIRT and Global SOC. Research actors and tactics, identify ways for SOC to detect and CSIRT to contain a threat in real-time. Research anomalies detected by SOC to assess whether threat or benign.
• Produce threat reports tailored to Marvell business and distributed to the relevant stakeholders throughout the company; in varying forms from real-time immediate action to in-depth periodic assessments of trends and future expectations.
• When required, provide real-time and expert threat investigation support to the global Cyber Security Incident Response Team.
• Collaborate with the SIEM and SOAR engineering teams as well as SOC to turn hunting hypotheses into production detection cases and response playbooks.

• 8+ years experience in one or more security-relevant domains including 5+ years as a SOC Analyst, or a Network Analyst with security scope; preferably for a >5000 person enterprise.
• Experience in working with a geographically diverse team in multiple time zones around the globe
• Strong communication skills and an ability to adapt a message to audiences ranging from technology SMEs to company executives to stakeholders in every business discipline.
• Deep understanding of MITRE ATT&CK, with demonstrated experience building detection cases and playbooks around the tactics and techniques most relevant to your business.
• Demonstrated experience devising, executing, and interpreting the results of threat hunting hypotheses from open and closed-source intelligence as well as personal knowledge and curiosity.
• Proficient technical writing skills (documenting processes and procedures);
• Ability to solve problems and work through ambiguity and uncertainty;
• Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
• Proficiency with one or more SIEM query language
• Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
• Expert level and continually expanding understanding of common and emerging security threats and vulnerabilities
• Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast moving industry.
• Industry security certifications such as CISSP and relevant GIAC certifications or equivalent highly desirable.
• Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
• Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.

#LI-RS1