Dell Senior Advisor, Cyber Security (Threat Intel) in Bedford, Massachusetts

Why Work at Dell?

Endless challenges and rewards. Opportunities on six continents. A team of colleagues fueled by collaboration. All this, and a company deeply committed to integrity and responsibility.

Threat Intelligence Curation is the research, collection, processing, classification, annotation, enrichment, pivoting and attribution of threat intelligence data. This data includes indicators of compromise (IoCs); Tools, Tactics and Procedures (TTP); Threat Actor dossiers and campaign information related to threat actors. The curation function includes the use and management of a centralized management system for threat intelligence data.

Responsible For

•Collection, Classification, Storage and Maintenance of IoC, TTP, and threat actor profile data

•Validate, verify and increase the confidence of threat intelligence data

•Develop and execute processes for threat intelligence data enrichment and pivoting

•Research, re-classify and re-categorize threat intelligence data as applicable

•Maintain and refine existing sources and develop new sources of threat intelligence data

•Evaluate sources of threat intelligence data both internal and external to the organization

•Manage threat intelligence validity, integrity or classification escalations

•Manage threat intelligence data source relationships and data ingestion mechanisms

•Collaborate with and establish threat intelligence data sharing mechanisms with peers, partners and appropriate external parties

•Research and develop new threat intelligence data types

•Develop presentations, reports and metrics related to threat intelligence data in the enterprise

Accountable

•For ensuring indicators are properly curated

•For ensuring the indicators are properly ingested

•For the evaluation and recommendation of new or alternate intelligence sources

•For otherwise ensuring responsibilities above are resourced and executed

Consulted

•For suggestions for new intelligence types and sources

•To incident responders and threat hunters on additional detail pertinent to an incident

Informed

•Core changes in the application or use of threat intelligence data

•When there is a need for a new threat data type or property of existing intelligence data

•When underlying curation functionality or architecture changes

Educational and Certification Requirements

•Bachelor/Masters in Computer Science, Information Science, or Information Systems Management and/or 4+ years of relevant experience

Skills Requirements

•Excellent analytical skills

•Excellent familiarity with attacker methodology

•Creative and critical thinking

•Familiar with application function concepts

•Familiar with Internet and networking foundational technologies

oDNS, WHOIS, Web, Mail, Remote connection protocols

•Familiar with network configurations and security control deployments

oRouters, Switches, Firewalls, Proxies, IDS, DNS, etc.

•Excellent familiarity with popular IoC data types

•Familiarity with popular enterprise class operating systems

•Understanding of the enterprise “threatscape” at all major threat actor capability levels

•Familiarity with critical flaw trends in widely deployed enterprise environments

•Knowledge of one or more scripting languages (e.g. python, perl, bash)

Additional Preferred Skills

•Experience with database structures and query languages

•Familiarity with major and widely deployed enterprise application technologies

oe.g. Apache, Java, JBoss, ColdFusion, BIND, MS-SQL, etc.

•Knowledge of Yara and similar signature based languages

Successful Candidates Will

•Possess a strong interest in, and knowledge of network and computer security principles

•Demonstrate a working knowledge of the cyber kill chain

•Understand the company threatscape, threat actor types and specific threat actors

•Have the ability to work in high pressure environment

•Work meticulously with careful attention to detail

•Identify and ensure the timely delivery of critical information

•Work, prioritize and communicate effectively in a global team environment

•Develop and explain technical decisions

•Effectively communicate to technical and non-technical audiences

•Ability to quickly learn new procedures, skills, and techniques

•Show the ability to meet inflexible deadlines

Preferred Requirements

Preferred candidates will possess good analytical, technical, problem-solving, and organizational skills. They must have the ability to adjust quickly to shifting priorities and make timely decisions with limited information. They will also be able to make decisions independently and in a self-directed manner in support of the goals of the team and organization, as well as be motivated to tackle challenging problems.

Metrics

•Indicator Fidelity

•Intelligence Source Quality

•Effectiveness of Briefings

•Threat Actor Activity

•Intelligence Applicability Against Controls

Mentorship

•Mentors junior threat intelligence analysts in the application and use of threat intel data

Peering

•Team: Content Engineers to understand the application and use of IoC, TTP and TA data

•Team: Incident Responders to understand how intelligence is used and is useful

•Internal: Describes how internal intelligence mechanisms work

•External: Curators at partners and other teams for the exchange of method and use of threat intel

•External: Threat intelligence providers to track trends and suggest directions

Integration

•Works with counterparts to ensure the secure exchange and application of threat intelligence data

•Participates in planning and requirements definition of curation systems integration efforts

•Learns the legacy and current counterpart organizational structures to set up required peering

•Builds curation roadmap to reach integration effort goals