CTU Threat Intelligence Researcher - Dell Secureworks - Bucharest, Romania
Bucharest, RomaniaJob ID R80411 Date posted Nov. 15, 2019
Technical Threat Intelligence (TI) Analyst/Threat Intelligence-Support/Surveillance
Counter Threat Unit
Secureworks® (NASDAQ: SCWX) is a technology-driven cybersecurity leader that protects organizations in the digitally connected world. Built on proprietary technologies and world-class threat intelligence, our applications and solutions help prevent, detect, and respond to cyber threats. Red Cloak™ software brings advanced threat analytics to thousands of customers, and the Secureworks Counter Threat Platform™ processes over 300B threat events per day. We understand complex security environments and are passionate about simplifying security with Defense in Concert™ so that security becomes a business enabler. More than 4,000 customers across over 50 countries are protected by Secureworks, benefit from our network effect and are Collectively Smarter. Exponentially Safer.™ www.secureworks.com
We enjoy competitive compensationand benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.
The Threat Intelligence (TI) Analyst is a fast-paced technical consulting role that is the first interaction many clients have with SecureWorks when they seek assistance for threat intelligence services. This role is focused on demonstrating excellent client service by coordinating between stakeholders to include the prospect or client, service delivery specialists, and account executives in order to determine a course of action for incoming service requests. The incumbent will monitor several communication channels, answer inbound telephone calls, address client emails, triage service requests, and coordinate the scheduling of teleconference calls to discuss potential service delivery events. Subsequently, this role will conduct research and analysis to enrich support requests with intelligence available via OSINT and internal CTU data holdings.
This role also provides initial triage instructions to the prospect/client on how to preserve artifacts and initiate standard information gathering activities before transitioning to a service delivery team. This role will also help triage, coordinate and fulfill Threat Intelligence enrichment service requests.
This position does not require travel. This position is a remote position.
- Leverage internal, commercial and open-source tools and data sources to analyze and synthesize indicators of compromise and / or other intelligence artifacts to provide meaningful and actionable intelligence. Analyze raw data sets and extract relevant insight to form threat intelligence responses.
- Maintain a deep understanding and knowledge of the latest offensive and defensive Tactics, Techniques and Procedures (TTPs) as well as the Threat Landscape.
- Provide timely intelligence analysis reports and support client deliverables.
- Collaborate internally and externally to develop and enhance Secureworks Threat Intelligence products.
- Own and execute ongoing projects such as client on-boarding and threat briefs.
- Identify any intelligence collection gaps and communicate findings and collection requirements.
- Initiate, propose, and update processes and standard threat intelligence operating procedures.
- Take ownership of, triage, and update tracking systems for service requests
- Gather contextual information from multiple sources to establish a service request course of action or respond to a standard request for information, to include threat intelligence data sets, service delivery engagements in progress, previous service delivery engagements, service delivery procedures, and service descriptions
- Meet service level agreements regarding initial response time and client notification as it pertains to SecureWorks IR and TI services
- Evaluate contracts for existing client service requests to ensure contractual coverage and funding for the service request
- Liaise with practice leaders, team leads, and account executives to schedule the appropriate personnel to join teleconference calls with prospects and clients seeking IR and TI services
- Provide instructions in written and oral formats to prospects and clients for media handling and artifact collection that are required for IR and TI enrichment service requests
- Provide internal stakeholders the necessary information for decision support and situational awareness on service request intake activities
- Route service requests to the proper service delivery team with the appropriate level of urgency and communication channel in a professional and courteous manner with an emphasis on client satisfaction. Assess and escalate to the next level as needed
- Support the development and documentation of process improvements for efficient and effective response to IR and TI service requests
Knowledge, Skills, and Abilities
- Theoretical and practical knowledge in the following areas:
- Unix, Linux, Windows, and OSX operating systems
- Exploits, vulnerabilities, intrusion vectors, and malware
- Host forensics, network forensics, and malware analysis techniques
- Network traffic analysis, endpoint activity analysis, and log analysis techniques
- Understanding of enterprise cyber incident management and response processes
- Understanding of enterprise cybersecurity controls and failure modes
- Excellent technical communication skills (oral and written) including experience briefing executive management and experience in times of crisis
- Excellent organization and resource management skills
- Excellent capability to prioritize multiple and concurrent urgent tasks
- Excellent customer service skills and ability to quickly establish technical credibility and rapport with clients
- Minimum five (5) years of experience in cybersecurity operations or technical support
- Professional degree relevant to cybersecurity
- GCIH, GCFE, GCFA, GREM, CISSP, CISM, or similar cybersecurity technical and managerial certifications
- DevOps methods and ITIL framework knowledge are a plus
- Relevant military training and experience in cybersecurity and other industry standard certifications are a plus
- 8-10 years of relevant experience or equivalent combination of education and work experience
Our Bucharest office is vital to Dell Secureworks. It serves as our core Security Centre of Excellence hub for EMEA. Dell Secureworks is 24x7x365 operations environment, and depending client and business needs you will be required to work a rotating shift
Here are more reasons to join our team!
Take a look at what we offer and feel free to reach out to us for more details!
- Development programs and cyber security trainings/ certifications – because we grow together
- Internal Career Progression Plan for top performers - we encourage you to follow internal opportunities
- Regular workshops – we are the largest community of cyber security experts and we enjoy sharing our best practices during our Communities of Practice and to our trainees
- Great location – multiple ways to get to work – subway, tram, even your own car – also your lunch just around the corner - you can find us at AFI Park 4-5 and Campus 6
- Work from home policy – your time matters
- Relaxation Area – because a good gaming break never hurt nobody
- Weekly professional massage sessions and even our own massage chairs
- Medical and Dental subscription – flexible package and you can include your family members
- Life Insurance
- Weekly fresh fruits – vitamins are important for your health
- Annual Performance Bonus
- Internal Employee Rewarding System/ Tool – we value working as a team and we recognize each other’s efforts
- Meal tickets
Why work with us?
Secureworks, a Dell Technologies company, is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.