Sr. Threat Intelligence Consultant

Role Overview:

Company Overview:

Join an industry leading team performing challenging and soulful work. Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’ security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers. More at https://trellix.com.

Trellix Threat Intelligence is a portfolio of solutions and services from our team of experts including our cybersecurity product team, Trellix Guardians Group, and our Advanced Research Centre (ARC). We help defend our customers against everyday threats with the tight collaboration between both our product team and our threat researchers working together in real time.

The Trellix Guardians deliver cyber threat intelligence, assessment, education, and incident response services to global customers to enable them to prepare, detect, and respond to the wide array of malicious cyber activity that persistently threatens organizations across all industry sectors.

The Threat Intelligence Analyst will collaborate with customers to enhance their cyber threat intelligence capabilities by leveraging the experience, knowledge, tools, and data of the Trellix cyber defense enterprise. The role is responsible for delivering cyber threat intelligence services, which include knowledge of sophisticated threat actors and associated tactics, techniques, and procedures, along with research, collection, analysis, and reporting of finished intelligence. The role will support customer security operations including planning and risk assessment, vulnerability assessment, 24x7x365 monitoring, and incident response.

About the Role:

The Threat Intelligence Analyst will report to the Senior Manager of the threat intelligence branch of Trellix Guardians. This is an on-site role at a customer facility at Fort Belvoir in Virginia. As a member of the Guardians, the Analyst will collaborate with Guardian teammates, members of the ARC, Trellix Professional Services Consultants, and third-party partners. The analyst will serve as a primary customer interface and will become immersed in customer operations through rapid learning and establishing relationships. This is a resident analyst role supporting a customer in a full-time capacity. Support may be 100% on-site or hybrid.

• You will serve as a cyber threat intelligence subject matter expert and trusted advisor.
• You will integrate with customers’ operations-intelligence cycles to inject cyber threat intelligence.
• You will work with other Trellix employees, customers, and third-parties collectively supporting the defense of the customer’s network and other mission elements.
• You will develop information/intelligence requirements and associated priorities.
• You will identify intelligence gaps and opportunities to improve intelligence sharing and utility.
• You will create tailored strategies for research, data collection, analysis, and reporting focused on customers’ areas of interest.
• You will develop comprehensive responses to customer requests for information/intelligence (RFIs).
• You will perform all-source research and analysis using Trellix tools and data sets, third party tools, and open sources.
• You will develop comprehensive written and oral reporting including peer review and quality assurance.
• You will identify relationships between malicious cyber activity and world events such as geo-political events, natural disasters, crises, etc.
• You will deliver oral and written threat intelligence reports and presentations to customer teams composed of representatives of varying organizational levels up to senior executive level (general officers, flag officers, SES/SIS, and C-Suite).
• You will maintain current knowledge of the cyber threat landscape, including advanced persistent threats; including motivations, attack vectors, tools, and tactics, techniques, and procedures (TTPs) of attackers.

About You:

• You are self-motivated and passionate about cybersecurity.
• You have a keen interest in tracking threat actors.
• You have a strong understanding of structured analytical techniques, including but not limited to Quality of Information Check, Analysis of Competing Hypotheses, Key Assumptions Check, and Gap Analysis.
• You are a strong critical thinker with the ability to avoid biases.
• You are able to produce clear, complete, and concise reporting in a timely manner with extreme attention to detail.
• You have expertise with cyber threats, attack vectors, detection capabilities, and associated countermeasures.
• You have experience with open-source intelligence collection and associated methods and tools.
• You have experience working with Security Operations Center to monitor security alerts, respond and remediate detected issues.
• You have a clear understanding of organizational Incident Management processes in relation to threats and vulnerabilities.
• You have knowledge and experience with XDR/EDR, Endpoint Security tools (AV, whitelisting, etc.) and Threat Hunting.
• You have a high-level understanding of malware types, malware detection methods, and malware analysis techniques.
• You possess knowledge of MITRE ATTACK and DEFEND frameworks along with Kill Chain methodology and the Diamond Model.
• You have experience with identifying and mitigating cyber threats, including detection and countermeasures strategies and tools.
• You understand technical vulnerabilities and associated risk.
• You have experience with a SIEM tool and working with SIEM Analyst.
• You have experience with event correlation and analysis.

Required Qualifications:

• At least 10 years of intelligence gathering, analysis, and reporting experience.
• A Bachelor's degree in information security, cyber discipline, political science or a related analytical field is not required but considered an asset.

Certifications: the candidate needs to have, or be willing to get, the 8140 IAT III and 8140 IASAE II certificates.

Clearance Requirement: Active Top Secret SCI clearance with CI polygraph

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.