M+E Technology Job Board

Cyber Threat Intelligence Sr. Manager

Sony Pictures Entertainment

Sony Pictures Entertainment is looking for a Cyber Threat Intelligence Sr. Manager to join our team.

The CTI Sr. Manager identifies, collects, analyses and reports on cyber threats.  This role works with the Incident Response team to rapidly assess and attribute incidents.  This position also works with IT and other departments to identify root cause and develop corrective and preventive measures.  The incumbent possesses the ability to identify patterns and leverage technical information to develop threat and threat actor profiles.  Additionally this position works with information security peers to identify and make recommendations to the Incident Response Executive Director to improve the security stance and incident response capabilities of the organization.

Reporting to the Incident Response Executive Director, the Cyber Threat Intelligence Sr. Manager is responsible for managing SPE’s intelligence collection, analysis, dissemination and vendor management.  In addition, the position is responsible for link analysis and report production.

Core Responsibilities 

  • Collect and analyze open source intelligence
  • Develop regional and/or technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures TTPs.
  • Draft, edit, and review threat intelligence analysis from multiple sources
  • Inform the development of the team’s operating rhythm and priorities
  • Manage cyber threat vendor relationships
  • Develop intelligence on, characterize, and track threat actors’ activities, ranging from tactical level capabilities to global operations
  • Produce intelligence reporting (ranging from short to longer reports) on threat actor activities
  • Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures (TTPs) of attackers;
  • Identify and hunt for related TTPs and IOCs across all internal/external repositories
  • Correlate collected intelligence, in order to build upon a larger knowledge base of tracked threat activity
  • Provide both technical and executive level intelligence briefings / presentations
  • IOC collection and management

Functional knowledge of:

  • Knowledge of current adversary techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
  • Experience in analyzing, gathering intelligence on, developing, and documenting threat group activities
  • Experience in analyzing malware / offensive tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions
  • Demonstrated understanding of remediation and counter measures for challenging information security threats
  • Moderate to advanced technical experience in the following:
    • Analysis of TCP/IP network communication protocols
    • Conducting forensic analysis on and data captures from networks / packet capture, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
    • Cyber Threat visualization tools (Palentir, Analysts Notebook, Maltego, etc.)
    • Familiarity with investigative tools and techniques such as host and network based analysis tools, forensic tools (Encase, FTK, Helix, Paraben, etc.), volatile memory analysis techniques
    • Multiple operating systems, such as Windows, Linux, and Mac/OSX
    • Knowledge of common security controls, detection capabilities, and other practices / solutions for securing digital environments, to include packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
    • Scripting (Shell/Python/R/etc.) / Programming in support of data analysis
    • Big Data analysis experience (Splunk/Hadoop/Tableau/MongoDB/etc.)

Qualifications  

Technical/Certification Requirements

Preferred  

  • One or more of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), EnCE or equivalent certifications in these areas

Experience

Required

  • Bachelor’s degree or equivalent working experience
  • 5 years of experience in incident response or other technical InfoSec positions
  • 2 years of experience in cyber threat analysis
    • Must be focused on one of the following areas:
      • Nation State Cyber Threats
      • Piracy Cyber Threats
      • Hacktivist Cyber Threats
  • Excellent communication skills (report writing and briefings)

Preferred (Addition to required)

4-7+ years of experience in either:

  • Security researcher
  • Network forensics analyst
  • Security engineer/ consultant
  • Investigative or Incident Response environments
  • Threat analytics / Link Analysis

Other Preferred Technology Knowledge/Skills/Abilities

Ability to:

  • Take on new responsibilities and influence others as needed to deliver consistent results
  • Strong organizational and multi-tasking skills
  • Pick up new skills through self-learning and on the job training
  • Innovate and stay current on security technologies
  • Manage multiple requirements and deliverables simultaneously
  • Work well both independently and within a team environment
  • Work well under pressure and with short deadlines