12 days old

Threat Fusion Analyst (TFA)

AT&T
Bedminster, NJ 07921
Apply Now
Apply on the Company Site

Primary Responsibility

The candidate will work as a Principal Malware Analyst on the Threat Fusion Team, as part of the AT&T Chief Security Office Threat Analytics Program. They will be required to apply deep technical expertise to analyze and investigate cyber threats and facilitate exchange of threat information between internal and external teams to protect AT&T across its products, services, infrastructure, networks, and/or applications while providing protection for its customers and its vendors/partners. Will work with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Analysis of complex security issues and the development and engineering activities to help mitigate detected risks. Includes forward looking research, planning and strategy to strengthen our stance against future cyber security threats, and enhance our mitigation techniques and technology solutions

The Threat Fusion Analyst will:

  • Use advanced analysis techniques and collaborate with various multi-disciplinary teams to exchange threat information to protect AT&T employees and customers from cyber threats. 

  • Stay up to date on the latest cyber security news. Monitor ongoing security events and incidents to identify cyber security threats that need closer attention and investigation.

  • Collect, organize and analyze threat information from multiple sources and apply it to security monitoring elements. 

  • Analyze and reverse engineer malware to identify new ways of tracking cyber threats.

  • Analyze network traffic to detect suspicious and malicious patterns and identify new ways of tracking cyber threats.

  • Use existing processes and frameworks to track cyber threats. Prototype new monitoring strategies and make recommendations on response process improvements. 

  • Work with the Algorithm Development and Response Engineering teams to implement and refine algorithm prototypes and implement process improvements.

  • Provide malware and network analysis support for investigations.

  • Research a variety of cyber threats and devise and prototype strategies for detecting, tracking, and preventing them.

Education: Preferred bachelors degree in information systems, Engineering, Mathematics or Cyber Security or equivalent experience.

Experience: Typically requires 8-10 years experience. Technical Career Pathway (TCP) role.

Supervisory: No.


The candidate will
possess:

  • Deep knowledge of multiple
    programming languages and a strong command of a scripting languages such as
    Python.

  • Strong technical
    ability to use, configure, and troubleshoot Windows and Linux systems.

  • Strong technical
    ability to use and modify existing custom tools.

  • Deep technical
    understanding of Cryptography, Forensics, and Cyber Security principles.

  • Strong technical
    understanding of Enterprise Architecture and common Security Solutions.

  • Deep technical
    understanding and experience analyzing malware, reverse engineering, and
    investigating network anomalies.

  • Strong work ethic,
    leadership, time management and organizational skills with a track record of
    executing deliverables and commitments on time.

  • Strong ability to
    work in diverse and geographically distributed teams.

  • Strong ability to
    communicate complex information, concepts, and ideas in a confident, concise
    and well-organized manner through verbal, written, and/or visual means.

    Minimum Requirements:

  • 2 or more years of
    technical experience in the Information Security field.

  • At least one relevant
    security certification is preferred, such as but not limited to: CISSP, CEH,
    GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN.

  • Experience reviewing
    and writing cyber threat intelligence reports.

  • Experience triaging
    cyber threat indicators and information about adversary tactics, tools, and
    techniques to discover new indicators and malware variants. Experience using
    Log Analysis and SIEM tools to create rules, alerts, and dashboards to find
    malware.

  • Experience analyzing
    netflow and packet capture data to uncover suspicious activity.

  • Experience creating
    and modifying SNORT rules.

  • Deep technical
    knowledge of computer networking, protocols, and security concepts.

  • Deep technical
    knowledge of common network and host protection elements and security
    appliances, such as but not limited to: Firewall, IDS, Proxy, EDR, AV.

  • Experience with a
    variety of programming languages, such as but not limited to Python, Perl, Go,
    Java, C, C++.

  • Experience reviewing
    and modifying existing scripts as well as creating new scripts to automate
    manual processes.

  • Deep technical
    knowledge of malware analysis methods. 

  • Experience
    reverse-engineering, debugging, and triaging malware samples.

  • Experience creating
    and modifying YARA rules.

  • Familiarity and
    strong understanding of common cyber-attack stages and frameworks: e.g. CYBER
    KILLCHAIN, ATT&CK, etc...

  • Strong interpersonal
    skills. The ability to work with diverse and geographically distributed team in
    a dynamic environment. The ability to stay focused and organized with a strong
    track record of meeting deliverables. Often goes above and beyond to exceed
    expectations.

    The description
    provided above is not intended to be an exhaustive list of all job duties,
    responsibilities and requirements. Duties, responsibilities and requirements
    may change over time and according to business needs.



The candidate will possess: 

  • Deep knowledge of multiple programming languages and a strong command of a scripting languages such as Python. 

  • Strong technical ability to use, configure, and troubleshoot Windows and Linux systems. 

  • Strong technical ability to use and modify existing custom tools. 

  • Deep technical understanding of Cryptography, Forensics, and Cyber Security principles. 

  • Strong technical understanding of Enterprise Architecture and common Security Solutions. 

  • Deep technical understanding and experience analyzing malware, reverse engineering, and investigating network anomalies.

  • Strong work ethic, leadership, time management and organizational skills with a track record of executing deliverables and commitments on time. 

  • Strong ability to work in diverse and geographically distributed teams. 

  • Strong ability to communicate complex information, concepts, and ideas in a confident, concise and well-organized manner through verbal, written, and/or visual means. 

     

    Minimum Requirements: 

  • 2 or more years of technical experience in the Information Security field.

  • At least one relevant security certification is preferred, such as but not limited to: CISSP, CEH, GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN. 

  • Experience reviewing and writing cyber threat intelligence reports. 

  • Experience triaging cyber threat indicators and information about adversary tactics, tools, and techniques to discover new indicators and malware variants. Experience using Log Analysis and SIEM tools to create rules, alerts, and dashboards to find malware. 

  • Experience analyzing netflow and packet capture data to uncover suspicious activity. 

  • Experience creating and modifying SNORT rules. 

  • Deep technical knowledge of computer networking, protocols, and security concepts. 

  • Deep technical knowledge of common network and host protection elements and security appliances, such as but not limited to: Firewall, IDS, Proxy, EDR, AV. 

  • Experience with a variety of programming languages, such as but not limited to Python, Perl, Go, Java, C, C++. 

  • Experience reviewing and modifying existing scripts as well as creating new scripts to automate manual processes.

  • Deep technical knowledge of malware analysis methods.  

  • Experience reverse-engineering, debugging, and triaging malware samples. 

  • Experience creating and modifying YARA rules. 

  • Familiarity and strong understanding of common cyber-attack stages and frameworks: e.g. CYBER KILLCHAIN, ATT&CK, etc... 

  • Strong interpersonal skills. The ability to work with diverse and geographically distributed team in a dynamic environment. The ability to stay focused and organized with a strong track record of meeting deliverables. Often goes above and beyond to exceed expectations. 

     

    The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business needs. 


Posted: 2020-05-23 Expires: 2020-07-04
Sponsored by:
ADP Logo

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Threat Fusion Analyst (TFA)

AT&T
Bedminster, NJ 07921

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast