Apply on Employer Site

NuHarbor Security · 2 days ago

Threat Intelligence Lead

United States

Full-time

Remote

Mid, Senior Level

$120K/yr - $147K/yr

5+ years exp

NuHarbor Security is focused on enhancing cybersecurity for its clients through a range of services. The Threat Intelligence Lead plays a vital role in identifying and analyzing cyber threats, collaborating with teams to refine detection strategies, and providing actionable intelligence to clients and internal stakeholders.

ConsultingCyber SecurityEnterpriseNetwork SecuritySecurity

Culture & Values

No H1B

U.S. Citizen Only

Responsibilities

Conduct client directed proactive investigations to identify cyber threats, advanced persistent threats, and anomalous activity within enterprise networks and endpoints

With a focus on client environments and desired outcomes, research new and existing threat actors and associated tactics, techniques, and procedures (TTPs); developing a detailed understanding of their potential impact on the client

Perform deep-dive analysis of suspected security incidents to determine impact, risk, and response actions

Lead and manage threat research initiatives to assess emerging threats and vulnerabilities, and correlate adversary activities, attack chains, and artifacts to provide threat intelligence that supports the timely detection of active threats

Identify and propose automated detections for new and previously unknown threats. Collaborate with NuHarbor internal and external Cyber organizations to mitigate risk by testing, deploying, and developing investigative playbooks

Produce and disseminate timely, actionable, and relevant threat intelligence to detection engineering to inform NHS’ detection package based on relevant threats to NuHarbor’s client base

Develop and deliver finalized threat intelligence to the SOC that directs intelligence-driven threat hunting efforts and convert results into actionable intelligence that can inform the adjustment of existing detections and the creation of new detections

Lead threat intelligence requirement development and intelligence delivery (tactical, operational, and strategic) across all applicable NuHarbor stakeholders

Lead the management, maintenance, and general administration of NuHarbor’s threat intelligence tooling, infrastructure, Threat Intel Platform (TIP), threat feeds, and threat information sharing efforts

Work with Managed Services and Client Success to deliver high priority situational awareness/intelligence to the NuHarbor client based in response to emergent threats while collaborating with detection engineering to provide timely solutions

Act as a centralized point for threat hunters and red team to collaborate with when researching emerging threats that provide opportunities to address detection gaps

Qualification

Threat IntelligenceThreat HuntingOSINTSplunkCybersecurity CertificationsMITRE ATT&CKIncident ResponseNetworking ConceptsClient InteractionAgile DevelopmentCommunication Skills

Required

Bachelor's Degree and five (5) years of experience. Experience should be in a cybersecurity field and should include relevant industry certifications

In lieu of a degree, two (2) years of experience in a related technology field and relevant industry certifications are required

Two (2) or more years of experience in a threat analyst role

A minimum of two (2) years of experience with OSINT and threat hunting

A minimum of one (1) year of experience using Splunk and or other SIEM technologies

Demonstrated expertise in intelligence tradecraft, the intelligence lifecycle, common threat modeling frameworks: MITRE ATT&CK, Diamond Model, PEAK, Cyber Kill Chain, D3F3ND

Experience using Threat Intelligence tools and processes necessary to collect information about adversary groups and cybercriminals that may target the NuHarbor Security client base: OpenCTI, Shodan, AbuseIPDB

Ability to communicate complex security concepts to audiences of varied technical understanding, including business stakeholders, sales, engineering, and customers

Demonstrated understanding of networking concepts and architecture

Experience giving security recommendations and meeting with clients

Familiarity with network, system, and application layer attacks and mitigations

Maintain at least one (1) industry certification required to support the managed services (MS) Catalog: Security+, Network+, CeH, CYSA+

Must be a citizen of the United States

Preferred

Three (3) or more years of experience in a threat analyst role and/or with OSINT and threat hunting

Five (5) or more years of experience in a security analyst role

Two (2) years of Experience performing threat hunting across client accounts via Splunk, Microsoft Sentinel, or other SIEM

Demonstrated experience with security controls and frameworks and the technologies that supply these controls: NIST Risk Management Framework/NIST Cyber Security Framework, CIA Triad, Identity and Access Management, Encryption, Incident Response Lifecycle

Experience drafting threat intelligence portions of bi-weekly and quarterly reports

Maintains multiple industry certifications required to support the managed services (MS) Catalog

Threat Intelligence Certifications: The GIAC Cyber Threat Intelligence (GCTI), The GIAC Defending Advanced Threats (GDAT), The GIAC Enterprise Incident Response (GEIR)

Experience in engineering event detection & response tuning

Proven ability to implement simple, scalable, testable, and maintainable detections and code

Experience working in an Agile development process

Experience in Security Operations Center (SOC) content development and automation implementations