IBM X-Force Incident Response & Intelligence Services (IRIS) is looking for cyber threat analysts to join their Threat Hunt and Discovery team. The candidate will provide industry-leading threat intelligence services across several security domains in an exciting and growing security delivery organization within IBM.
Analysts will work with IBM Incident Response teams to triage cyber threat activity, cooperate across IBM Security’s proprietary telemetry to model threat activity (open source and from industry leading sources in IBM Security), and support analysts writing intelligence research on X-Force Exchange.
Analysts will also work with teams across and external to IBM Security to support the intelligence needs of the organization, foster collaboration and promote IBM’s thought leadership in the cyber security space. The ideal candidate will have demonstrated strong skills in threat hunting; have a strong foundation in cyber security threats and best practices; ideally in large enterprise environments or government.
Analysts will occasionally travel for training, conferences or client engagements.
Threat Analyst Skills:
Perform threat hunting based on emerging IOCs or vulnerabilities based on analysis of network or host activity in intrusions by advanced attackers or open source intelligence.
Experience interpreting DFIR data such as malware analysis, digital forensics and log data.
Demonstrate knowledge of tactics, techniques, and procedures associated state and non-state threat groups.
Understand and develop threat actor profiles, the typical indicators associated with those profiles, and be able to synthesize the two to develop innovative techniques to detect threat actor activity.
Model cyber threat campaigns.
Demonstrates and provides subject matter expertise of the threat landscape including, but not limited to cyber-attack vectors, threat actors, and security trends in the public and private sector.
Takes a proactive approach to learning about the latest threats, threat actors, tactics, techniques and procedures and malware.
Experience conducting and correlating threat research using OSINT, incident response engagement data, and proprietary tools, performing threat modeling, and producing intelligence threat assessments .
Required Technical and Professional Expertise
3-5 years of experience conducting security research and producing threat assessments with subject matter expertise in one or more of the following specialties: attack vectors, threat actors, industry or sector-specific threats, and network security.
3-5 years of experience verbally communicating security threats to both technical and non-technical audiences via training, conferences, or client engagements.
Preferred Tech and Prof Experience
Experience performing various types data analysis including pivot, visual and temporal
Experience with modeling and hunt tools such as Maltego, Palantir, I2 and aligning data to various threat models
Experience working as part of a threat intelligence team
Experience with creating YARA and/or Snort/Suricata rules
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.