CTU Threat Intelligence Researcher

Secureworks® (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team. 

Role Overview

The Threat Intelligence (TI) Support Analyst is a fast-paced technical consulting role that is the first interaction many customers have with Secureworks when they seek assistance for TI services. The candidate will monitor several communication channels, triage requests for intelligence (RFIs), address customer emails and coordinate the scheduling of conference calls to discuss service delivery events, such as customer on-boarding and threat landscape presentations. For each inbound request, this role will triage, categorize, coordinate if needed, and ultimately fulfill the RFI. This is primarily done by conducting research and analysis to enrich indicators with TI using both Open Source intelligence (OSINT) and CTU all-source intelligence. Excellent communication and collaboration skills are imperative as customer requests frequently require expertise from other internal teams and candidates will be expected to synthesize multiple inputs into concise, coherent, comprehensive customer responses. Additionally, analysts in this role will evaluate each response to determine if core response would benefit larger TI customer-base and should be crafted into a TI product, and thus experience completing the intelligence analysis lifecycle is strongly desired.

This position does not require travel. This position is a remote position.

Role Responsibilities:

• Leverage internal, commercial, and open-source tools and data sources to analyze, enrich and synthesize indicators of compromise and/or other intelligence artifacts to provide meaningful and actionable intelligence
• Analyze raw data sets and extract relevant insight to form high quality TI responses
• Perform proactive all-source research to identify and characterize new threats to the customer base and draft related TI products, where appropriate
• Maintain a broad understanding and knowledge of the latest offensive and defensive Tactics, Techniques and Procedures (TTPs) as well as overall Threat Landscape trends
• Collaborate internally and externally, and develop, enhance and produce Secureworks TI products
• Own and execute ongoing projects such as customer on-boarding and threat landscape presentations
• Identify intelligence collection gaps and communicate findings and collection requirements
• Initiate, propose, and update processes and standard TI operating procedures for efficient and effective response to TI and IR RFIs
• Take ownership of, triage, and update tracking systems for TI requests
• Gather contextual information from multiple sources to establish a TI request course of action or respond to a standard request for information related to the TI-Support service line
• Meet service level agreements regarding initial response time and customer notification as it pertains to Secureworks TI and Incident Response (IR) services
• Evaluate contracts for existing customer RFIs to ensure contractual coverage, in scope services and funding for the service request
• Provide internal stakeholders the necessary information for decision support and situational awareness on service request intake activities
• Route RFIs to the proper service delivery team with the appropriate level of urgency and communication channel in a professional and courteous manner with an emphasis on customer satisfaction; assess and escalate to the next level as needed

Qualifications:

Knowledge, Skills, and Abilities:

• Understanding and experience with the intelligence analysis lifecycle, including but not limited to:
  • Conducting all-source intelligence research
  • Mining internal and external databases/repositories
  • Pivoting research focus on TI indicators of interest
  • Developing assessments with evidential basis
  • Translating findings into client responses and/or threat intelligence reports

• Fundamental knowledge in most of the following areas:
  • Familiarity with advanced search engine functionality and search query customization.
  • Unix, Linux, Windows, and OSX operating systems
  • Exploits, vulnerabilities, intrusion vectors, and malware
  • Host forensics, network forensics, and malware analysis techniques
  • Network traffic analysis, endpoint activity analysis, and log analysis techniques
  • Understanding of enterprise cyber incident management and response processes
  • Understanding of enterprise cybersecurity controls and failure modes

• Excellent technical communication skills (oral and written) including experience briefing executive management
• Excellent organization and resource management skills
• Excellent capability to prioritize multiple and concurrent urgent tasks
• Excellent customer service skills and ability to quickly establish technical credibility and rapport with customers
• Team player with the ability to work autonomously in a fast-paced, dynamic environment
• Passionate about information security and service excellence

Desired Experience/Training:

• Professional degree relevant to cybersecurity or intelligence analysis or equivalent work experience within a technical information security-related role such as Security Operations, Incident Response, or Threat Intelligence analysis
• Relevant governmental, military, commercial training and experience in cybersecurity and other industry standard certifications are a plus
• Professional certifications such as GCTI, GCIA, GCIH, GREM, CISSP, CISM, or similar cybersecurity technical certifications are a plus
• DevOps methods and ITIL framework knowledge are a plus

Here are more reasons to join our team!

Take a look at what we offer and feel free to reach out to us for more details!

• Development programs and cybersecurity training/ certifications – because we grow together  
• Internal Career Progression Plan for top performers - we encourage you to follow internal opportunities
• Regular workshops – we are the largest community of cybersecurity experts and we enjoy sharing our best practices during our Communities of Practice and to our trainees
• Work from home policy – your time matters
• Medical and Dental subscription – flexible package and you can include your family members  
• Life Insurance  
• Annual Performance Bonus
• Meal tickets

Why work with us?

Secureworks, a Dell Technologies company, is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.