Threat Intel Analyst (Associate)
Posted on Dec 17, 2018 by Morgan Stanley USA
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses €"and to our own.
The team is currently seeking a Senior Technical Threat Intelligence Analyst to join the Technical Analysis Hub (TAH) in Baltimore which is responsible for providing technical assessments of threats facing the Firm. The TAH validates, tasks and monitors relevant selectors, proactively cross-referencing internal logs with existing intelligence, and building out adversary infrastructure in an effort to enhance the Firm's security posture.
The Senior Technical Analyst is responsible for performing day-to-day intelligence collection, analysis and dissemination. The analyst will cultivate and maintain sources and methods necessary to efficiently perform their function. On a daily basis, the analyst will research vulnerabilities, threats, tactics, techniques and procedures (TTPs) related to threats to the financial sector.
They will identify threat indicators, perform OSINT research, analyze Splunk logs, triage indicators of compromise (IOCs) of phishing campaigns and other malicious activity as collected from external sources, perform analysis of malicious code and support the Global Head of TI and local TI Team Leader as required.
The Technical Analyst will possess a solid understanding and knowledge of malware families/capabilities, exploitation techniques and adversarial TTPs to assist other security teams with analysis and interpretation of indicators/artifacts during security events.
- Monitor intelligence sources for actionable indicators/information, including:
- Vendors and Private Sources
- Open Sources
- Internal Sources (Situational Awareness/Identifying Patterns/Trends/Holistic Approach)
- Government Partners
- Perform analysis/assessment of actionable indicators
- Analyze malicious code to obtain additional actionable indicators and gain deeper understanding of specific threats
- Collect, assess, and catalogue threat indicators and add context to convey urgency, severity, and credibility
- Maintain and curate Threat Register entries in line with defined Areas of Responsibility (AORs)
- Maintain and curate high-quality/high-fidelity IOCs for ingestion into Threat Intelligence Platform
- Engage Strategic Intelligence Analysts for collaborative threat assessments
- Author technical deep-dive reports and other malware analysis
Experience & Skills Required (essential)
3+ years of professional analytical experience, preferably within an intelligence function in the financial sector
Attested domain expertise on cyber threat landscape with a particular focus on tactics, techniques and procedures (TTPs) used by advanced persistent threats (APTs) and financially motivated threat actors
Experience with a wide range of analytical tools and techniques including basic Splunk queries, malware analysis via sandboxing, static/dynamic analysis and familiarity with a broad range of programming languages (preferably Python)
Malware analysis experience in professional or personal capacity
Experience working with the Kill Chain, Diamond Model of Intrusion and similar frameworks and concepts
Experience with conducting intelligence investigations and proficiency with investigative tools, including Maltego, DomainTools, and VirusTotal
Experience implementing or practicing Intelligence and Threat-driven defence frameworks
Experience using Threat Intelligence Platforms (TIPs)
Excellent writing, presentation and communications skills, preferably used in communicating complex findings and recommendations to technical and non-technical stakeholders
Bachelor Degree in Information Technology, Computer Science, or Intelligence fields or equivalent professional qualification.
Experience & Skills Preferred
International experience or experience working for a globally distributed organization
Understanding of key intelligence analysis concepts, including the intelligence cycle
Script experience using Python
Familiarity with Threat Rating Methodology
Active memberships with associations across the security and intelligence community Threat Intel Analyst (Associate)