Advanced Threat Management L3 Analyst
The Advanced Threat Management L3 Analyst is part of the Global Advanced Threat Management Office which conducts cyber research, threat hunting, incident response, forensics analysis, red team operations, malware reverse engineering and innovations.
The candidate should be able to demonstrate a thorough understanding of Cyber security and in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, threat actors and forensics methodologies and tools. The candidate shall keep up to date on any advanced cyber concepts.
The Advanced Threat Management Office is CGI’s global corporate multi-disciplinary team of highly skilled experts across various geographies with primary objective to manage advanced cyber security threats. This is a European position and work can be performed from any suitable CGI office with limited travel.
The ATMO NA L3 Analyst will directly report to the ATMO Blue Team/Operations Director.
Your future duties and responsibilities:
The role responsibilities include;
- Analyse and respond to security events and incidents from monitoring technologies or escalated by Level 2 analysts or as identified individually.
- Capability to perform one or multiple of - Advanced Digital Forensics Analysis, Reverse Engineering, Dynamic, Static, Host based or Network based analysis as required during an investigation. *Note: Not all L3 Analysts are expected to be experts in all of the aforementioned fields, however they should be able to cover the majority.
- Utilize, contribute and be a leader on threat intelligence knowledge.
- Act as the senior subject matter expert where required during security incidents.
- Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organization.
- Mentor Level 2 analysts, review and advice on Standard Operating Procedures (SOPs) and training documentation as required.
- Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes).
- Perform advanced threat “Hunting” for unknown cyber security events in order to find, identify and categorize advanced cyber threats.
- Take technical direction from GSOC incident response leads during an incident
- Contribute to the development/maintenance of bespoke tooling used within the L3 pool or contribute through performing research and thought leadership into emerging malware and cyber threats. *Within the L3 pool, a mixture of both elements is required.
- Be a recognized senior expert within your region or business unit.
- Be recognized as an individual with expert knowledge and a large amount of hands on experience in advanced threat, incident response, forensics or many of the other areas covered previously.
- Expected to work additional hours as required in the event of an incident requiring L3 involvement. Additional Hours worked will be owed in lieu.
• Participate in innovation projects & technology evaluation, deployment, build,
• Define advanced threat process and best practices
• Provide advanced threat awareness and education to members of the team
• Assist and mentor a diverse team of analysts in Global SOC
Required qualifications to be successful in this role:
Level 3 Analysts are expected to be experts in advanced threat investigations, the following are some of the key requirements:
- The ability to complete complex security investigations to closure.
- Determine sources of information required to complete an investigation, assemble and correlate those information sources
- Intermediate to advanced capability in three or more of the following:
o The ability to operate and optimize the configuration or make recommendations on any of CGI’s security defence platforms
o The ability to write scripts that can be leveraged by other analysts to conduct and complete investigations
o The ability to securely investigate and reverse-engineer suspicious files
o Expert-level knowledge of the Windows operating system and common applications including common areas of vulnerability and attack
o Expert-level knowledge of Unix/Linux operating system and industry standard server hardening approaches
o Expert-level knowledge in Networking including secure architecture and design concepts as well as detailed TCP/IP knowledge
o Expert-level knowledge of forensics including law enforcement requirements and concepts such as chain of custody.
- Self-directed and has the ability to take on improvement initiatives
- The ability to mentor less experienced analysts and assist with career development
- Knowledge of industry standards and best practises
• Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
• Strong understanding of Windows/Linux/Unix operating systems.
• Strong understanding of Incident Response methodologies and tools.
• Strong understanding of operating system and software vulnerabilities and exploitation techniques.
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint)
• Host analysis Experience with Forensics/EDR tools (enCase, FireEye, CarbonBlack, RSA ECAT, Crowdstrike, Endgame)
• Network analysis experience with Network sensors (FireEye, Cisco, Fortinet, TrendMicro)
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilising threat intelligence sources
• Penetration testing experience
• Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines.
• Programming languages: C/C++, Python, Ruby, Assembly, Bash, Powershell
• User investigations, behavioural analysis technology and or processes
• Degree in IT Security, Engineering or Technology related fields a major plus.
• Knowledge of malware packing, obfuscation, persistence, exfiltration techniques.
• Experience with tools: IDA Pro, radare2, OllyDbg, WinDBG.
• Experience using other big data analysis platforms and the development of advanced queries used to interrogate big data sources.
• Experience with Machine Learning & Artificial Intelligence
The application must be in english.
The selection process will take place continuously, so please send in your application as soon as possible, latest the 05-January-2019.
For questions, please contact: email@example.com
What you can expect from us:
Utveckla din karriär hos oss.
Det är en extraordinär tid i vår bransch. Den digitala transformationen accelererar och CGI är i centrum för förändringarna – som hjälp för våra kunders digitala resor och med spännande karriärmöjligheter för våra medarbetare.
På CGI når vi framgång genom våra medarbetares talang och engagemang. Som ett team delar vi de utmaningar och belöningar som kommer genom att vi skapar ett växande företag, vilket stärker vår ägarskapskultur. Alla våra medarbetare drar nytta av det värde vi gemensamt skapar.
Var med och bygg ett av världens största oberoende tjänsteföretag inom IT och affärsprocesser.