We are a Fortune 100 financial services leader with a dynamic and diverse workforce and a strong emphasis on talent management. Our High Technology Investigations Unit, part of the larger Cybersecurity and Privacy Law Team, is seeking a threat intelligence analyst. The employee will be assigned to the National Cyber Forensics Training Alliance (NCFTA), performing threat intelligence collection and analysis, along with the coordination and expansion of the unit’s internal and external information sharing program. The analyst will report to the incident response and cybersecurity investigations team, and will be responsible for real-time, proactive, and retroactive response and analysis of IT, cybersecurity, and cyber-enabled fraud incidents in support of the High Tech Investigations Unit, Information Security Office, and Prudential Financial businesses.
The analyst will continuously research and report on threat actors, vulnerabilities, and TTP’s that represent a risk to the enterprise. Through coordination with a variety of industry and governmental groups, paid and open-source intelligence assets, and information-sharing groups and portals, the threat intelligence analyst will conduct intelligence-driven incident response, and early warning in the furtherance of the information security and anti fraud mission of the High Tech Investigation Unit. The analyst will apply findings to proactive use cases in the enterprise SIEM, and will survey and harden the fraud gatekeeping infrastructure of Prudential Financial . The analyst will serve as a liaison between numerous internal and external security, investigative, and counter-fraud entities, and will facilitate sharing and analysis of technical and behavioral TTP’s.
The successful candidate will possess and develop strong technical and interpersonal skills and will have the ability to handle high-profile matters and to work under pressure with minimal supervision. While the primary work location is the NCFTA office in Manhattan, NY and the company’s Newark, NJ office, the employee may be asked to participate in a variety of industry working groups and task force operations internationally. The employee will periodically be required to travel for training and work assignments as needed.
Roles and Responsibilities:
Represent Prudential as a member of the NCFTA at their New York City offices
Collect and report to management on threat intelligence indicators relevant to Prudential Financial
Prepare regular threat intelligence briefs to management from a variety of sources
Develop new sources of threat intelligence for consideration by management
Develop systematic exploitation of available information sharing and threat intelligence sources
Brief business units and their leadership regarding impending security threats gleaned from analysis of the gathered intelligence
Participate in highly sensitive, complex, and confidential response, analysis, and protection against fraud, IT, and cybersecurity incidents
3 years professional experience, including intelligence gathering and analysis and/or incident response and technical investigations experience, preferably involving financial services investigations. We will consider post-graduate education on a year for year basis in lieu of professional experience.
Experience or training using Recorded Future, TruStar, Virus Total, Domaintools or similar threat intelligence tools
Advanced experience or training using Splunk or similar tools
Experience or training in analytic report writing
Experience or training in incident handling
Knowledge of typical attack vectors, network exploitation techniques, and exfiltration channels
Knowledge of current conventional and cyber threats and the associated tactics, techniques, and procedures used for account takeover and fraud.
Knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures
Knowledge of personal computers, mobile devices, and server hardware, including RAID networked drive storage systems
Excellent analytical and problem-solving skills
Excellent communications skills, both written and oral are critical
Experience and/or training in computer evidence seizure, computer forensic analysis, and data recovery on Windows, Apple and Linux-based systems and devices
EnCE, ACE, CFCE, CISSP, or similar industry-accepted certifications
Experience with computer network surveillance/monitoring
Knowledge of network intrusion detection and response operations
Experience or training with analysis of security events from multiple sources including but not limited to events from Security Information Monitoring (SIEM) tools, network and host-based intrusion detection systems, firewall logs, system logs (Unix and Windows), mainframes, mid-range, applications, and databases
Knowledge of and experience using Splunk to create reports, write complex search queries and conduct ad-hoc queries
Knowledge of and/or certifications with industry digital forensic tools such as EnCase, X-Ways, F-Response, and/or open source tools
Understanding of Windows, MAC and Linux operating systems
Knowledge of Cloud computing platforms, primarily AWS and Microsoft.
Experience with Python scripting language; additional languages a plus