Threat Analyst - L2

Job Responsibilities:

1. Continuously monitor security patterns to proactively identify, isolate, and detect

threats before they can be exploited by attackers.

2. Threat Analysis & Incident Response: Analyze and detect cyber threats impacting

business operations by leveraging threat intelligence. Monitor Indicators of

Compromise (IOCs) and support remediation efforts.

3. Advanced Threat Hunting: Act as a trusted advisor in daily operations, leading

advanced threat hunting activities across the environment.

4. Anomaly Detection & Threat Actor Profiling: Utilize advanced threat hunting tools and

techniques to detect and analyze anomalous activities. Identify threat actor groups,

characterize suspicious behaviors, and develop network and host-based IOCs/IOAs

(Indicators of Attack).

5. Investigative Analysis: Identify evidence of threats or suspicious activity, and use

security data to strengthen defenses and improve controls. This requires a strong

combination of investigative, analytical, and technical skills.

6. Post-Incident Review & Process Improvement: Review outcomes from incident

response, lessons learned, root cause analyses, and compliance audits to ensure

processes are repeatable, sustainable, and continually improved.

7. Assess and recommend security tools and technologies to support threat analysis.

Determine the potential impact, scope, and recovery strategies for identified threats.

8. Analyze threats in depth and develop detailed kill chains and hunting campaigns to

enhance detection and response strategies.

9. Develop and maintain YARA and Sigma rules to enhance threat detection

capabilities across systems and applications.

10. Perform in-depth analysis of malware samples to extract behavioral patterns, identify

IOCs, and create detection signatures. Apply appropriate methodologies to

understand malware functionality, delivery mechanisms, and command-and-control

(C2) communications.

11. Continuously monitor Advanced Persistent Threat (APT) groups to track their tactics,

techniques, procedures (TTPs), and evolving behaviors. Profile their attack patterns,

methodology, toolsets, and identify any changes, variants, or new campaigns.

Skills Required:

A. Essential

1. Demonstrated experience as a key member of a security operations team (SOC,

Incident Response, Threat Intel, Malware Analysis, IDS/IPS Analysis, etc.)

2. Capacity to effectively communicate technical threat findings to both technical teams

and executive leadership.

3. Medium-level understanding of Operating Systems: Windows, Unix/Linux, and OSX

Operating Systems in support of identifying security incidents.

4. Proficient knowledge of the cyber threat landscape including types of adversaries,

campaigns, and the motivations that drive them.

5. Experience working with analysis techniques, identifying indicators of compromise,

threat hunting, and identification of intrusions and potential incidents.

6. Fundamental understanding of tactics, technologies, and procedures related to

Cyber Crime, Malware, Botnets, Hacktivism, Social Engineering, APT or Insider

Threat

7. Knowledgeable with Regular Expressions, YARA and SIGMA rules, and at least

one common scripting language (Bash, Python, Powershell)

8. Knowledge on query structures like Strong understanding of cyber based adversarial

frameworks including MITRE ATT&CK and Lockheed Martins Cyber Kill Chain.

9. Static/ dynamic malware analysis using tools and find the patter, signatures.

10. Certifications like: CTIA, CEH, OSCC, OSCP, Network+, Security+,

B. Desired

1. Comprehensive knowledge utilizing system, cloud, application and network logs.

2. Proven ability to interpret intricate datasets, identify correlations, and produce valuable intelligence.