Cyber Threat Intelligence Analyst - CA, US - Red Sky Consulting

Cyber Threat Intelligence Analyst - CA, US - Red Sky Consulting

Job Description:

1 year Contract


Dedicated to sharing the latest cybersecurity threat data, alerts, and intelligence gathered by the City of Los Angeles and its partners. A Board of Advisors, and consisting of leadership from over 30 top Los Angeles businesses and government entities, develops policy and practices to help guide the clients' mission. Membership is open to all businesses and residents at no cost.

Duties and Responsibilities:
  • The Cyber Threat Intelligence Analyst will be under the direct supervision of the Security Operations Center Manager and will report to, as required, the City's Chief Information Security Officer (CISO) and the Mayers' Policy Director for Cybersecurity. Organizationally, the analyst will report to the Cyber Lab's Executive Director. The incumbent will also work alongside the Cyber Lab Policy and Program Directors with special regards to information-sharing initiatives. The intelligence analyst's specific duties include:
  • Develop threat intelligence and indicators of compromise (IOCs) from analyzing system logs, firewalls logs, NIDS/HIDS alerts, WAF alerts, endpoint malware alerts and other emerging log sources/technologies¬†
  • Manage a threat intelligence platform and support a near- real time data exchange via the STIX data format and TAXII protocol
  • Detect and triage security events and escalate incidents as required by SOC processes/playbooks
  • Perform network forensic analysis (e.g. Netflow and PCAP) to produce accurate threat detection rules (SNORT, YARA, etc.)
  • Analyze and reverse-engineer malicious files and payloads
  • Collaborate and assist SOC team in Event Monitoring, Incident Response, and endpoint forensics, etc.
  • Compile and send daily and weekly threat intelligence reports - including reports including lists of IOC's and news articles regarding recent cybersecurity trends - to the Client's customer distribution list
  • A degree from an accredited college or university.
  • Professional experience in cyber security, IT, public safety or related security development, or equivalent experience;
  • Demonstrated knowledge of the current cyber threat landscape, defenses, motivations, and techniques.
  • Familiar with the technical aspects of malware, botnets, and other malicious tools.
  • Proficient with log analysis, SIEM searching, IOCs
  • Familiar in scripting in at least one of the following : Python, Perl, or similar
  • Experience with intelligence analysis tools, methods analyzing, classifying and prioritizing threats.
  • Proven record of exercising good judgement and professionalism in a fast-paced and/or intense working environment: strong writing and research skills
  • Excellent communication skills and ability to work with the private sector, and City Department staff.