Threat Intelligence Analyst - Emirati Talent

The primary function of this role is to monitor the ENOC environment on a 24/7 basis and conduct intelligence gathering to identify, monitor, assess, and counter the threat posed by cyber threat actors against ENOC IT/OT assets. In addition to performing advanced threat modeling of the cybersecurity incidents and escalating to the Cyber Intelligence Center Manager as per approved policies, processes, and procedures.

Principal Accountabilities

Operational

1. Follow response procedures and other CIC related SOPs based on the incident impact analysis & predetermined response actions procedures. Manage the communication of policies & guidelines and monitor the compliance of CIC operations to the cybersecurity policies & guidelines.
2. Identify cyber threats, trends, and new developments on various cybersecurity topics by analyzing raw intelligence and data.
3. Track developments and changes in the technology field and cyber threat environments to ensure that they're adequately addressed in cybersecurity strategy plans and architecture artifacts.
4. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
5. Monitor security vulnerability information from vendors and third parties.
6. Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security units, including the security operations center (CIC).
7. Perform analysis of data and information pertaining to ENOC line of business as well as critical infrastructure current cybersecurity posture, specifically as it pertains to indicators of compromise (e.g., implants, backdoors, and other malware which indicate the presence of a persistent adversary).
8. Produce quality intelligence reports for management and other teams.
9. Apply understood analytic tradecraft to gathered intelligence in a consistent manner. Investigate, document, and report on information cybersecurity issues and emerging trends.
10. Identify and monitor the Tactics, Techniques, and Procedures (TTPs) used by cyber threat actors by analyzing raw intelligence and data.
11. Identify intelligence gaps and submit requests for information to fill gaps.
12. Provide actionable strategic, technical, and tactical cyber information and intelligence through reports, briefings, and presentations.
13. Make analytical predictions about cyber threat actors and their future activities based on what is already known about them.
14. Effectively recognize threats by performing relevant research and data analysis using both internal and external tools and resources.
15. Work closely with security analysts and senior analysts to get direct feedback about new, unknown suspicious behavior.
16. Provide functional support and content development and improvements for the SIEM and other security technologies used by CIC.
17. Participate in the development and implementation of new correlation rules and use-cases in SIEM and enhance the monitoring and detection capabilities of the CIC to integrate SIEM with other monitoring tools with appropriate scripting knowledge skills.
18. Should be on-call 24 hours per day to respond to cybersecurity emergencies.

Education

• Degree: Bachelor’s degree in Computer Science, Engineering, or Business field.
• Required professional certifications: CISSP, GCTI, GCFA, GNFA.

Experience

• 7+ years of Information security or technology experience.
• 4+ years in relevant experience.
• Working experience in multiple industries (e.g., Energy, Utilities, Retail, Government…) is preferable.
• Working experience in cybersecurity threats monitoring and handling.
• Exposure to OT security operation center experience will be a plus.