Reporting to the Manager, Threat Analysts, the Senior Threat Analyst is responsible for the analysis and processing of phishing threats reported by our customers and providing details and guidance to help customers mitigate identified threats.
Knowledge, Skills, and Abilities Required
- Ability to apply critical thinking to threat investigations
- Ability to recognize the need for prompt escalation of malware review
- Working knowledge of networking, operating systems, email Infrastructures, anti-virus programs, and advanced threat detection systems
- Skilled with common end-user applications, web browsers, and productivity applications such as MS Word, Excel, and PowerPoint that are commonly targeted by malware
- Flexibility to work evening hour shifts as the job necessitates.
- Demonstrate the ability to apply critical thinking to threat investigations
- Strong verbal and written communication and organizational skills.
- Strong critical thinking and judgment skills.
- Ability to work in a fast-paced, team-oriented environment.
- Good understanding of email protocols, headers, and formats.
- Proficiency in TCP/IP packet capture and investigation software, e.g., Wireshark, HTTP debuggers, DNS query interception utilities.
- Understanding of various common programming and or scripting languages, e.g., Python, .Net, Visual Basic.
- Familiar with Linux and Unix operating systems.
- Ability to use and modify command-line script applications and utilities.
- Advanced understanding of the nature of malicious software and applications.
- Ability to learn new techniques to conduct malware analysis.
- Ability to learn and quickly implement tradecraft standards.
- Knowledge of sandbox technology.
- Strong analytical skills with good attention to detail and accuracy in a high paced environment.
- Ability to exercise independent judgment and creative problem-solving techniques.
- Regex and YARA rule creation essential
Essential Duties/Responsibilities
- Monitor systems for customer reported emails
- Analyze phishing campaigns and related threats to identify patterns
- Gather intelligence information from analyzed malware for dissemination to customers.
- Assess reported emails to determine if an email poses a threat or is benign
- Identify malicious nature of threats and provide details and guidance to the customer on how to mitigate the threat
- Initiate threat analysis tickets for email threats
- Maintain ownership of tickets opened for customers including updating, communicating and documenting resolutions for customers
- Write rules, signatures, and descriptors for data sharing and automation technologies
- Leverage malware analysis platforms and technologies to identify malware infrastructure and tactics as needed.
- Assist in production of monthly customer reports
- Identify process improvements to add efficiency and effectiveness to our services
- Assist with creation, monitoring, and maintenance of PDC systems including updates and upgrades, backups, and troubleshooting
- Serve as subject matter expert for malware analysis
- Perform a rapid analysis of malicious software applications collected from phishing email campaigns as they emerge with minimal supervision.
- Assist and mentor other Threat Analysts during investigations and serve as escalation point for in-depth analysis of reported phishing threats
- Build and maintain malware analysis labs
- Proactively identify and build solutions to improve services
- Write analysis reports on phishing campaigns that leverage simple and publicly available malware.
- Collaborate with other Cofense teams for analysis reporting on more sophisticated malware
- Other duties as assigned
Education and/or Experience:
- 4+ years of IT security experience or security education
- Degree in Computer Science, Information Systems, Cybersecurity, or equivalent experience
- Demonstrated experience to perform phishing and malware analysis
- Certification in at least two major technology providers or certifications in Malware Analysis and Incident Response preferred
- CEH, GCIA, Security+, MCSA/MCSE, VCP, CCNA/CCNE, Network+, A+, CCSP, AWS Architect, etc.
- Experience reverse engineering malware to identify malicious nature and intent preferred
