Cybersecurity Threat Intelligence Content Advisor
The Dell Security & Resiliency organization manages the security risk across all aspects of Dell’s business. We are currently experiencing incredible growth in order to meet the security needs of the world’s largest technology company. With team members located in over 15 countries, you will have an excellent opportunity to influence the security culture at Dell and further develop your career.
Dell is a worldwide provider of information technology services and business solutions to a broad range of clients. We seek men and women who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our Clients' success.
We are currently seeking a Cybersecurity Threat Intelligence Advisor to join our Security & Resiliency team, based in Cyberjaya, Malaysia. Threat Intelligence Content Advisor implements detective and analysis capabilities within existing IR and team platforms in the form of meta-data, reports, alerts and rules. The main focus is to take disparate log, packet, threat intelligence and behavioral data and turn it into strategic and tactical intelligence relevant to the defense of the company. Secondarily the advisor will support non-content based intelligence operations such as curation, analysis and briefings.
Key Responsibilities
Development, research and deployment of analysis content for CSIRT consumption including meta-data, parsed log data and packet data, rules and alerts
Programmatic enrichment and dissemination of intelligence from all available sources
Automation of repeatable CSIRT processes related to workflow within platforms
Collaboration with Curation functional role in deriving features from known IoCs and TTPs to develop behavioral or specific detection and response content
Maintaining developed content documentation including how it aligns with different platform, automation and workflow mechanics
Tracking dependent support issues
Validate, verify and increase the confidence of threat intelligence data
Develop and execute processes for threat intelligence data enrichment and pivoting
Research, re-classify and re-categorize threat intelligence data as applicable
Manage threat intelligence validity, integrity or classification escalations
Collaborate with and establish threat intelligence data sharing mechanisms with peers, partners and appropriate external parties
Research and develop new threat intelligence data types
Issuing Critical Advisories
Supporting event security efforts
Developing executive briefings for threats and threat actors
Requirements
Bachelor’s Degree or Master’s Degree in Computer Science, Information Science, or Information Systems Management and/or 4+ years of relevant experience
Excellent analytical skills
Excellent familiarity with attacker methodology
Creative and critical thinking
Experience with security technologies
SIEM and Log management solutions
Deep packet inspection tools, IDS, Endpoint detection, Web Proxy, Authentication platforms, and Incident management solutions
Familiar with application function concepts
Familiar with Internet and networking foundational technologies
DNS, WHOIS, Web, Mail, Remote connection protocols
Familiar with network configurations and security control deployments
Routers, Switches, Firewalls, Proxies, IDS, DNS, etc.
Excellent familiarity with popular IoC data types
Familiarity with popular enterprise class operating systems
Understanding of the enterprise “threatscape” at all major threat actor capability levels
Knowledge of one or more scripting languages (e.g. python, perl, bash)
Additional Skills
Experience with database structures and query languages
Familiarity with major and widely deployed enterprise application technologies
e.g. Apache, Java, JBoss, ColdFusion, BIND, MS-SQL, etc.
Knowledge of Yara and similar signature based languages