The Senior IT Security Threat Analyst independently develops, maintains, and implements comprehensive information security monitoring programs including defining security policies, processes and standards for large and complex environments. Perform comprehensive threat analysis and recommends an appropriate course of action, mitigation, and remediation. Provide consultative guidance on the development of information security strategies and programs through demonstrated expertise and knowledge of industry trends and changes with respect to advanced and sophisticated cyberattacks and threats. Lead efforts, oversee work results, provide formal training and serve as a technical resource for Information Security team members. They are the single point of contact and coordination for third-party incident response teams and law enforcement agencies if the environment is breached.

Essential Functions:

• The essential functions listed represent the major duties of this role, additional duties may be assigned.


• Independently, proactively and automatically correlates and analyzes threat data from various sources and analyzes network events to establish the identity and modus operandi of malicious users active in the computing environment or posing potential threats to the computing environment. Provides guidance and assistance to junior members of the team.


• Independently conducts industry research and technical evaluation of all-sources and vendor-supplied intelligence--with specific emphasis on network operations and advanced and sophisticated cyber tactics, techniques, and procedures


• Subject matter expert in the detection and identification of cyber-attack signatures, tactics, techniques and procedures associated with advanced threats


• Leads assessments and development of cyber threat profiles of current events based on the collection, research and analysis of open-source information


• Lead creation and publication of high-quality intelligence work products and after-action reviews.


• Serve as the primary lead in incident response and forensic security investigations.


• Leads root cause analysis of any monitoring alerts and threats identified by a third-party vendor, or internal systems and workforce. Once the root cause is determined, proposes and leads cross-departmental efforts, if required, to implement appropriate security controls and solutions that will mitigate risk and vulnerabilities, as well as safeguard our systems and data.


• Independently and proactively prepares detailed technical papers, presentations, recommendations, and findings for Management and other Technology Leaders


• Develops and maintains documentation for security monitoring procedures and security diagrams


• Leads the development of proposed design, configuration, and implementation of security monitoring architecture.


• Serve as a subject matter expert for team members, specializing in network security monitoring, host analysis, and log analysis.


• Creates and leads initiatives to improve security monitoring operations centre processes.


• Leads improvements discussions with the third-party vendor regarding security monitoring functions


• Proactively identifies company-wide program opportunities and works to implement solutions. Guides the direction of the overall information security monitoring and threat analysis program.

SPECIALIZED SKILLS DESIRED FOR THIS ROLE

• Help with installation and base configuration of Phantom.

• Experience with integrating security-related use cases into Phantom.

• Craft reusable, testable, and efficient Python-based Playbooks.

• Configure and program to enable the integration of Phantom with other systems per defined use cases and playbooks.

• Extend the platform through the development of Security Apps.

• Train and mentor security development teams on the use and capabilities of Phantom

• Identify and use existing tools and the Phantom platform to enable automation and orchestration.

• Work with customer to identify security integration and implementation strategies.

• Help the customer develop their expertise and knowledge of the Phantom product. This role also includes supporting the definition of requirements that enable creative integrations and playbooks.

• Partner with security operations teams, threat intelligence groups and incident responders.

• Codify workflows into automated playbooks using our visual editor or the integrated Python development environment.

• Experience in integrating and using Phantom’s flexible app model, hundreds of tools and thousands of unique APIs (REST and SOAP).

• Experience in developing python scripts, PowerShell and use of Linux commands.

• Drive efficient communications across your team with integrated collaboration tools.

• Experience in using Phantom event and case management to rapidly triage events in an automated, semi-automated, or manual fashion.

• Experience with other SOAR Platform tools such as IBM Resilient's SOAR, swim lane is a plus point.

• Experience with Splunk enterprise security as that is a part of integrating alerts into Phantom.

Additional Required Qualifications:

• Demonstrated proficiencies in emerging technologies.

• Strong technical knowledge of security architecture, tools and controls with specific demonstrated experience in proactive detection, mitigation, and resolution of advanced cyberattacks and./or threats

• Strong technical knowledge of security infrastructure including security firewalls, data loss prevention, encryption, and endpoint protection appliances

• In-depth knowledge of information threat analysis and detection concepts and principles and impact

• Experience working and managing vendor performance and service level agreements

• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.

• Proven ability to work under stress in emergencies with the flexibility to handle multiple high-pressure situations simultaneously.

• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.

• Ability to manage tasks independently and take ownership of responsibilities

• Ability to learn from mistakes and apply constructive feedback to improve performance

• Strong customer focus with the ability to manage customer expectations and experience and build long-term relationships.

• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.

• Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyber attacks

• High critical thinking skills required to evaluate complex, multi-sourced security intelligence information, analyze and confirm root cause, and independently identify mitigation alternatives and solutions that safeguard our technical environment.

• Highly advanced or expert level proficiency with Network components and design and tools used to administer security in these environments.

• Highly advanced or expert level proficiency with Windows environments and tools used to administer security in these environments

• Highly advanced or expert level proficiency of UNIX/Linux environments and tools used to administer security in these environments

• Highly advanced or expert proficiency with Database environments and tools used to administer security within the various databases, e.g., UDB, DB2, SQL and Oracle.

• Highly advanced or expert level proficiency with application design and development to include next-generation programming and scripting. Ability to perform application security testing.

Proficiency with productivity tools are required, e.g., Windows Explorer, Word, Excel, PowerPoint, Outlook, Visio etc.

Preferred Licenses and Certifications

CISSP - Cert Information Systems Security Prof Or CEH, CISM, CRISC, etc

Education Level

Related Bachelor’s, Master’s, or PhD degree or additional related equivalent work experience