EY - Cyber Threat Intelligence - Fusion Analyst

Cyber Defense Response Center (CDRC)

CTI Fusion Analyst

The CTI Fusion Analyst is primarily responsible for the analysis, production, and dissemination of Cyber Threat Intelligence products, as well as the collaborative development and management of requirements. The Fusion analysts will perform analysis and documentation of threats both internally and externally identified, and provide threat assessments and trend reports. They will manage the production and dissemination of all forms of intelligence product - both within Cyber Defense and outside to the larger EY IT community.

Essential Functions of the Job :

- Track attack vectors used by Threat Actors and evaluate the effectiveness of existing controls.

- Production of clear and concise technical threat alerting, malware reports, and other short form assessments for Cyber Defense team

- Support the Threat and Vulnerability Assessment process to ensure proper prioritization of remediation efforts.

- Identify new threat TTP and signatures used by cyber threat actors.

- Maintain up-to-date awareness of computer network exploitation and attack tools and tradecraft, threats and vulnerabilities, and respective countermeasures

- Production of, or contribution to, tactical assessments and guidance in response to threats

- Contribution to long range Strategic threat assessment reports for leadership

- Identify and remediate or escalate gaps

- Manage and improve information security documentation as required

- Assist Cyber Defense team members on research and resolution of incidents

- Provide support during investigations when required

- Work with Information Security teams to manage and maintain security posture

Analytical/Decision Making Responsibilities:

- Assist in the resolution of events by identifying root cause and solutions

Knowledge and Skills Requirements:

- Under Graduate/Post Graduate Degree in Computer Science or Engineering or related domain (MCA/MTech/BTech/BCA /BSc CS or BSc IT).

- Professional experience in systems administration, systems engineering, software development, Database Administration and/or TCP/IP network administration

- Deep theoretical and practical knowledge in the following areas:

Unix, Linux, Windows, etc. operating systems

Exploits, vulnerabilities, network attacks, and malware

Fundamental Internet protocols, services, and technologies (e.g., HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, ICMP, JSON, REST)

- Promote a security-first mindset, ensuring decisions are made without compromising core security objectives

- Ability to analyze an emerging threat in order to appropriately classify and provide meaningful insight into its technical aspects

- Knowledge in application development.

Soft Skills:

- Excellent communication skills; written and verbal.

- Good Attitude.

- Good Presentation skills

- Good Investigative, analytical and problem solving skills

- Ability to work in a team, with little supervision and using own initiative

5+ years experience in one or more of the following:

- Experience with a variety of security-related processes, including secure coding practices, patch management, vulnerability analysis, IDS/IPS, and malware analysis.

- Understanding of Cyber Threat Actors and motivations.

- Detailed understanding of Advanced Persistent Threat (APT) and associated tactics.

- Understanding of common classes of security vulnerabilities and attack/defense methodologies

- Understanding of computer intrusions, malicious code, cyber terrorism, threat finance, money laundering / fraud / eCrime, and other criminal activity

- Ability to utilize data visualization tools, similar to Palantir, Maltego, IBM i2 Analyst Notebook or similar tools to create both working level and presentation grade visualization charts.

- Experience assessing technical intelligence collection and analytic products.

- Ability to demonstrate comprehensive, practical knowledge of research / collection skills and analytical methods

- Strong written and verbal communication skills with both technical and non-technical audiences.

- Ability to express technical and non-technical concepts verbally, graphically, and in writing.

- Security Information & Event management (SIEM) tools.

- Incident Handling and Incident Response.

Supervising Responsibilities:

Coordinate escalations and collaborate with internal technology teams to ensure timely resolution of issues

Other Requirements:

- Should be willing to work in shifts (24/7)

Certification Requirements:

- SIEM Certifications would be a plus

- CCNA/CCNA Security, RHCE

- CCSA/CEH/CIH