Intelligence Analyst at Red Canary
What You'll Do
- Investigate raw telemetry, potential malicious activity, and confirmed threat detections for the purpose of identifying threats, providing context, and informing decisions about detection and response.
- Perform open and closed source research to associate the suspicious activity and confirmed threats we observe to known threats. Sources include social media, blog posts, intelligence reports, sandbox output, private information sharing partners, internal detections, and more.
- Identify patterns and trends in detections and write actionable Intelligence Insights about trends we are observing, how customers can respond to them, and why they are relevant.
- Produce intelligence reports and communicate actionable insights based on analysis, both internally and externally to customers and the community.
- Create and update Intelligence Profiles on threats to effectively track known TTPs, detection coverage, and response/mitigation recommendations associated with specific malware and activity clusters.
- Conduct analysis to identify unique or emerging threat behaviors that the Detection Engineering team can leverage to create new detection analytics.
What You'll Bring
- Previous experience in the fields of cybersecurity or cyber threat intelligence.
- A desire to work collaboratively and tackle new challenges as part of a rapidly evolving team and fast growing company.
- Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike.
- A general understanding of endpoint telemetry, adversary behaviors, and MITRE ATT&CK ®.
- Demonstrated ability to perform open source threat research of threat intelligence sources including social media, blog posts, malware sandboxes, and other sources.
- An inquisitive mind and the curiosity to dive into data and better understand threats.
- Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information.
- Ability to quickly learn new tools.
- Experience working in a Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security focused roles preferred.
- Experience working with Endpoint Detection & Response (EDR) tools preferred.