Summary The Threat Intelligence (TI) analyst is a self-motivated, independent, and critical thinker skilled in the application of threat intelligence for the enablement of a stakeholder’s network security. The qualified individual will address threat intelligence requirements and leverage Arete’s unique data to produce threat intelligence products such as briefings, threat actor profiles, flash reports, and technical reports. The TI analyst will conduct research with a focus on dark web and open-source data to develop high-quality assessments for both internal and external stakeholders. The Threat Intelligence Analyst will support the broader Threat Intelligence team by leveraging a solid foundation of technical knowledge of Cybersecurity, CTI, Dark Web, Incident response and Digital Forensics (DFIR) to successfully execute responsibilities. The APAC region is diverse, encompassing various countries with distinct technological landscapes, levels of cybersecurity maturity, and prevalent threat actors. This necessitates a specialized focus for threat intelligence professionals in this area. Threat actors in APAC can range from state-sponsored groups and sophisticated cybercriminal organizations to hacktivists with regional agendas. Understanding local laws, regulations, and data privacy requirements within APAC countries is also important for threat intelligence specialists, especially when dealing with cross-border threats and data sharing. Roles & Responsibilities Threat Monitoring and Analysis: Continuously monitor various threat intelligence sources, including open-source intelligence (OSINT), dark web forums, threat feeds (both commercial and open), and security vendor reports, with a specific focus on threats relevant to the APAC region. Analyze this data to identify emerging threats, trends, attack vectors, and threat actors targeting APAC. Regional Threat Landscape Expertise: Develop and maintain a deep understanding of the specific threat actors, campaigns, and geopolitical factors influencing the cyber threat landscape in APAC countries. This includes understanding the tactics, techniques, and procedures (TTPs) commonly employed by threat actors in this region. Threat Intelligence Production: Produce timely and relevant threat intelligence reports, briefings, and alerts tailored to different stakeholders, including technical teams, management, and sometimes clients. These reports should provide context, analysis, and actionable recommendations to mitigate risks. Indicator Management: Develop and manage threat indicators (IOCs) such as malicious domains, IP addresses, and file hashes, and ensure their effective dissemination and integration with security tools and monitoring systems. Vulnerability Analysis: Analyze vulnerabilities and exploits that are being actively used or are likely to be used in attacks within the APAC region, and provide insights to relevant teams for patching and mitigation efforts. Incident Response Support: Support incident response teams by providing relevant threat intelligence during security incidents, helping them understand the attacker's motives, TTPs, and potential impact. Threat Hunting Support: Collaborate with threat hunting teams by providing intelligence and context to proactively search for and identify hidden or advanced threats within the organization's network. Collaboration and Information Sharing: Collaborate with other security teams, industry peers, and potentially law enforcement agencies within the APAC region to share threat information and best practices. Tool and Platform Management: Utilize and manage threat intelligence platforms (TIPs) and other relevant tools for collecting, analysing, and disseminating threat data. Evaluate and recommend new tools and technologies to enhance threat intelligence capabilities. Customized Intelligence: Tailor threat intelligence gathering and analysis to the specific industry, business operations, and risk profile of the organization within the APAC context. Develop APAC specific quarterly / annual crimeware reports. Conduct dark web research by using knowledge of deep/dark web infrastructure, along with third-party resources to formulate hypotheses on the cybercrime ecosystem, such as initial access broker (IAB) activity, profiling ransomware affiliates, and more. Assist in the analysis and production of client-facing intelligence products, including email updates, briefing material, requests for information (RFIs), and other client requirements. Share meaningful insights about the context of an organisation’s threat environment that improve its risk management posture. Produce briefing material, written products, and graphics to convey analysis, both verbally and in writing, to a variety of audiences. Support client engagements by maintaining an understanding of networking principles and how adversaries could exploit network-related issues. Correlate threat intelligence to identify relevant threat activity and trends. Analyze the origins, pathways, and methodologies of malicious cyber activities to attribute, model and predict future intrusions. Contribute to the development and enhancement of threat intelligence tools, technologies, and processes to improve automation, data analysis, intelligence sharing, and service offerings. Collect accurate technical information from the client concerning the engagement to include, but not limited to, search terms, security incidents, client’s environment, size, and technologies in place. expertise, and sound analytical principles to drive forward client engagements. Appropriately manage expectations and communicate roadblocks to maintain stakeholder satisfaction throughout the intelligence process. May perform other duties as assigned by management. Skills And Knowledge Strong background and practical hands-on experience with Cyber Threat Intelligence concepts. Knowledge of ransomware groups with the ability to explain the current ransomware-as-a-service (RaaS) ecosystem, cybercriminal communications, IABs, and hypothesize on upcoming shifts within the threat landscape. Ability to work effectively in a fast-paced, dynamic environment and prioritize tasks to meet deadlines. Ability to correlate threat intelligence from the industry or region to observed activity impacting the customer. Knowledge of Cyber Threat Intelligence (CTI) frameworks like STIX, MITRE ATT&CK, the Lockheed Martin Cyber Kill Chain, or the Diamond Model. Previous experience with threat intelligence platforms such as ThreatConnect, MISP, or OpenCTI. Ability to work under a minimal supervision environment, maintaining high-quality analytical production and excellent relationships with stakeholders. Adaptable and willing to learn new technologies. Core Competencies: The Arete Threat Intelligence maps the core competencies required for the role to the U.S. National Initiative for Cybersecurity Careers and Studies (NICCS) Workforce Framework for Cybersecurity (NICE Framework) to aid in identifying applicable abilities, knowledge, skills, and appropriate supporting training. S0218: Skill in evaluating information for reliability, validity, and relevance. A0072: Ability to clearly articulate intelligence requirements into well-formulated research questions and data tracking variables for inquiry tracking purposes. T0290: Determine tactics, techniques, and procedures (TTPs) for intrusion sets. K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). K0362: Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). K0444: Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). K0516: Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. K0565: Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. S0194: Skill in conducting non-attributable research. S0196: Skill in conducting research using deep web. S0256: Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioural relationships. T0617: Conduct nodal analysis. T0708: Identify threat tactics, and methodologies. Job Requirements 2-5 years of proven experience in cyber threat intelligence analysis, incident response, or a related field. Strong written and verbal communication skills, with the ability to present technical information to both technical and non-technical stakeholders. Experience taking non-traditional and creative approaches to solving problems and having the ability to quickly adapt as needed. Experience in using threat intelligence platforms and tools such as MISP, OpenCTI, etc. DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required by personnel so classified. WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job. TERMS OF EMPLOYMENT Salary and benefits shall be paid consistent with Arete salary and benefit policy. Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry. When you join Arete… You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters. Equal Employment Opportunity We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better. Show more Show less
