Cyber Threat Intelligence Analyst

Cyber Threat Intelligence Analyst

The purpose of the role is to work with the Cyber Resilience Centre team to enhance and implement the strategy and approach for cyber resilience and financial services sector engagement.

The role holder will possess cyber threat intelligence operational and toolset development experience as well as an understanding of the financial services ecosystem. The resource will support the enhancement of the cyber threat intelligence operations centre (CTIOC) and associated cyber threat intelligence capabilities such as threat hunting, horizon scanning and trending with a particular focus on emerging technologies and innovative CTI capabilities.

They will support in delivering our externally facing cyber resilience programmes that aim to enhance the cyber resilience of individual firms and the financial services sector as a whole. These programmes include the threat-led penetration testing (TLPT) programme (TIBER-IE), the cyber threat intelligence operations centre (CTIOC) programme, the financial services sector cyber threat intelligence and information sharing initiative (CIISI-IE), and other sector engagement.

Responsibilities:

• Work with the Cyber Resilience Centre team to enhance and implement the strategy for cyber resilience, utilising knowledge of the financial services ecosystem and cyber threat intelligence expertise.
• Provide CTI capabilities and support to the team, particularly in the area of CTI threat correlation and aggregation, threat hunting, trending and horizon scanning,
• Assist in the CTI Operations Centre (CTIOC) technical tooling and operational enhancements, with consideration of ML/LLM usage in CTI as well as new and emerging technologies.
• Provide cyber threat intelligence updates and present on evolving cyber risks.
• Research and assess on-going and developing cyber resilience issues, using surveillance of cyber threats and vulnerabilities to support dissemination of timely cyber information and intelligence.
• Based on intelligence requirements, conduct CTI collection, processing and analysis in order to produce high-quality strategic and technical threat intelligence reports.
• Contribute to the management of the TLPT/TIBER-IE (Threat Intelligence Based Ethical Red-teaming) programme, with particular use of CTI and financial sector expertise/experience to help inform innovative attack vectors.
• Build trust and foster relationships with relevant industry stakeholders to enhance the cooperation and trusted information sharing across the industry, building strong sector and service provider engagement networks.
• Further develop the strategic sharing partnerships with other authorities and agencies in Ireland, the UK, the EU and internationally.

Requirements:

• Preferred 3+ years of hands-on cyber threat Intelligence operational experience with tooling development/Scripting experience is a strong benefit.
• A high-level of relevant academic achievement eg a third-level honours degree in information systems, computer science or similar.
• A professional cyber threat Intelligence accreditation from bodies such as SANS, GIAC, Crest or similar would be preferred.
• An understanding of financial ecosystems including the practical operation of companies within financial services sectors, their evolving operating models and the cyber threat landscape they operate in.
• Knowledge of and experience using CTI methodologies, MITRE ATT&CK and the Extended Kill Chain.
• Experience in analytical techniques in addition to threat mapping, hunting and tracking preferred.
• Experience working with MISP and cyber threat intelligence platforms with a working knowledge of YARA rules, STIX/TAXI would be preferred.
• Knowledge of threat intelligence led assessments with frameworks such as TIBER/CBEST.
• Additional experience of buildouts with technologies such as elasticsearch, kibana, minio, rabbitmq, redis, web frameworks, docker containers and ML/LLM based applications would be advantageous.
• Relevant experience in IT or cyber security such as experience in security operations, incident response, red-teaming or related InfoSec functions would be advantageous.
• Acting professionally, ethically and with integrity.