- City of London
The Treat Intelligence Developer will be working across these teams while they identify and investigate intrusions, evolve collection strategies, implement new red-team TTPs and much more. You will get the first shot at coming up with innovative techniques to solve a wide range of needs – from urgent scripts needed on an incident response case, to longer-term development and maintenance of our threat intelligence platforms, to methods to automate the creation of online personas and associated infrastructure to be used in red team engagements.
- Owning the coordination and implementation of technical development requirements from red and blue teams (e.g. working with a reverse engineer to implement a configuration decoder for a malware family, integrating a new data source to a TI platform, automating the provision of VMs and domains etc. for an adversary simulation engagement).
- Ownership of the end-to-end integration for our threat intelligence stack (ad-hoc collection scripts, malware sandboxes, Yara/OpenIOC distribution, sinkholes etc.);
- Any UI/UX experience would also be a huge plus.
- Maintaining a general understanding of open source and commercial red and blue team tooling.
- Eagerness to get stuck in and help out with analysis on threat intel and incident response engagements in order to inform future technology requirements;
- Experience of analytical tools and capabilities used in a Cyber Intelligence functions such as Maltego or MISP.
- Understanding of open source and commercial information sources such as VirusTotal, Hybrid Analysis and OTX.
- Deep understanding of the Cyber Kill Chain and the Diamond model and how they apply to threat intelligence.
- Basic knowledge of security network architectures (e.g. Firewalls, DMZ, proxies, DNS, web and mail servers) and the principles of network security.
- Experience of malware analysis and being able to interpret their findings as well as from vendor reporting.
- Ability to normalise and analyse large datasets, often in unstructured formats.