Threat Intelligence Analyst

Job Purpose

The primary function of this role is to monitor the ENOC environment on 24*7 basis and conduct intelligence gathering to identify, monitor, assess, and counter the threat posed by cyber threat actors against ENOC IT/OT assets. In addition to preforming advance threat modelling of the cyber security incident and escalate to Cyber Intelligence Center Manager as per approved policies, processes and procedures.

Principal Accountabilities

Operational

• Follow response procedures and other CIC related SOPs based on the incident impact analysis & predetermined response actions procedures Manage the communication of policies & guidelines and monitor the compliance CIC operations to the cyber-security policies & guidelines.
• Identify cyber threats, trends, and new developments on various cyber security topics by analysing raw intelligence and data.
• Track developments and changes in the technology field and cyber threat environments to ensure that they're adequately addressed in cyber security strategy plans and architecture artefacts
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
• Monitor security vulnerability information from vendors and third parties
• Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security unites, including the security operations center (CIC)
• Perform analysis of data and information pertaining to ENOC line of business as well as critical infrastructure current cybersecurity posture, specifically as it pertains to indicators of compromise (e.g., implants, backdoors, and other malware which indicate the presence of a persistent adversary).
• Produce quality intelligence reports for management and other teams.
• Apply understood analytic tradecraft to gathered intelligence in a consistent manner Investigate, document, and report on information cybersecurity issues and emerging trends
• Identify and monitor the Tactics, Techniques, and Procedures (TTPs) used by cyber threat actors by analysing raw intelligence and data.
• Identify intelligence gaps and submit requests for information to fill gaps.
• Provide actionable strategic, technical, and tactical cyber information and intelligence through reports, briefings, and presentations
• Make analytical predictions about cyber threat actors and their future activities based on what is already known about them
• Effectively recognize threats by performing relevant research and data analysis using both internal and external tools and resources.
• Work closely with security analysts and senior analysist to get direct feedback about new, unknown suspicious behaviour
• Provide functional support and content development and improvements for the SIEM and other security technologies used by CIC.
• Participate in Development and implementation of new correlation rules and use-cases in SIEM and enhance the monitoring and detection capabilities of the CIC to integrate SIEM with other monitoring tools with appropriate scripting knowledge skills
• Should be on-call 24 hours per day to respond to cyber security emergences