Emerging Threats Analyst - Threat Intelligence
Trinity Cyber is a leading developer and provider of advanced cybersecurity technologies and services. Our breakthrough core technology can deeply, quickly, and precisely interrogate and transform Internet sessions, creating a family of products and services. As a secure edge, our system automatically identifies, neutralizes and transforms malicious Internet traffic in line and at line speed with granularity and precision beyond other cybersecurity technologies. As an API-driven file inspection platform, it delivers sub-second conviction results and metadata to third-party providers like email security and packet capture vendors. It can also deliver rapid file context and content to cybersecurity analysts. Our customers and go-to-market partners are growing and span multiple industries.
An Emerging Threats Analyst at Trinity Cyber is responsible for digging deep into the world of open source and proprietary threat intelligence. You will work alongside a team of motivated developers, threat analysts, and operators to translate some of the newest and most complex vulnerabilities, exploits, and threats in cyber space into actionable outcomes. You will be responsible for collecting intelligence that fuels the development of signatures, heuristics, and mitigations within Trinity Cyber’s exclusive technology, as well as communicating and documenting such findings within a team environment.
- Utilizing open source and paid intelligence to understand new and existing vulnerabilities, exploits, techniques, malware families, and malicious infrastructure.
- Synthesizing and reporting this information to internal teams to protect customers in a quick manner.
- Working with external vendors to understand the intelligence they provide and use it in new and exciting ways that benefit Trinity Cyber.
- Working collaboratively with threat analysts, engineers, and customer success teams to deliver intelligence in a timely manner.
- Documenting your work, process, and outcomes to several audiences – from internal to external.
- Developing automation (with Python) to enhance the following:
• Collection of Open Source Intelligence (OSINT)
• Dissemination of intelligence to partners
• Enrichment of threat intelligence data within repositories, portals, and databases.
- Constantly improving your knowledge of the Cybersecurity community as a whole.
- Curiosity, tenacity, and out of the box thinking.
- Strong logical/critical thinking abilities, especially analyzing potentially malicious artifacts and infected hosts.
- Experience with open source research and the ability to do it both securely and anonymously.
- Experience tracking one or more of the following (over multiple months/years)
o Malware Families
o Malicious Infrastructure
- Experience working with free or paid Threat Intelligence Platforms (TIPs) to track techniques, IOCs, and other relevant information.
- Working knowledge of network protocols (TCP, UDP, HTTP(S), DNS) and common file types (Binaries, Documents, Scripts) to understand where threats may live within them.
- The ability to write and understand signatures (Yara, Snort, Suricata, Bro) at a TTP level rather than indicator level.
- Functional understanding of decoding and deobfuscating malware communications.
- The ability to categorize, triage, and analyze passive network traffic.
- The ability to translate technical vocabulary into meaningful, higher level situational awareness and finished reports.
- An ideal candidate would possess a Bachelors degree in the area of Science, Technology, Engineer, Math or a related field and have 2 – 4 years of cyber security experience. A Masters degree would be plus.
- Must possess the highlest level of personal integrity, value team success over individual achievement, have the ability to contribute significantly to extending a culture of collaboration, both internally and externally, in order to maintain the superior reputation of Trinity Cyber, and enjoy having fun.