Cyber Threat Intelligence Analyst / Threat Hunter

Hybrid role

THE ROLE: Cyber Operations is the central nervous system for enterprise information security responsible for monitoring, detecting, categorizing, analyzing, and initiating response to security incidents. The Cyber Threat Intelligence (CTI) Analyst is the expert at acquiring and processing threat data, applying context, and producing actionable intelligence to aid in business decisions.

THE PERSON: As a Cyber Threat Intelligence Analyst / Threat Hunter, you are an expert at identifying cyber threats against AMD, equipping the SOC, CSIRT, and the business at large to respond to those threats. What's more, you will rapidly grow to understand AMD business priorities and how cyber threats affect those priorities. You are an expert at taking the firehose of threat data from a myriad sources, and producing actionable intelligence - delivering the right information, with the right recommendations, to the right stakeholders, at the point they need to act upon it.

• Keep a finger on the pulse of threat and actor trends; advise IT and business stakeholders when immediate action is justified; and advise the Security Operations Center (SOC) on detection engineering priorities based on the current threat landscape.
• Threat hunting and forensic analysis. Use sound DFIR methodology to creatively find new and unusual threats. Create hypotheses, device hunting criteria, investigate and validate findings, and recommend remedial actions.
• Escalation point for a global 24x7x365 SOC.
• Identify and digest threat data from various open and closed sources, correlating it against environmental context and ATT&CK matrix to produce threat intelligence. Validate for actionable items, and take appropriate actions to mitigate risk.
• Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations; support their business priorities by tailoring your threat research and hunting around what is most relevant to the business.
• Produce threat reports tailored to AMD business and distributed to the relevant stakeholders throughout the company; in varying forms from real-time immediate action to in-depth periodic assessments of trends and future expectations.
• Provide expert threat analysis support to CSIRT and Global SOC. Research actors and tactics, identify ways for SOC to detect and CSIRT to contain a threat in real-time. Research anomalies detected by SOC to assess whether threat or benign.
• When required, provide real-time and expert threat investigation support to the global Cyber Security Incident Response Team.

PREFERRED EXPERIENCE: The ideal candidate will possess:

• Industry security certifications such as CISSP and relevant GIAC certification. LOCATION: Austin, TX
• Broad experience managing complex projects, particularly projects requiring support and partnership outside your immediate team.
• Experience in working with a geographically diverse team in multiple time zones around the globe.
• Expert level understanding of common and emerging security threats and vulnerabilities
• Expert communication skills including technical writing (documenting processes and procedures); presenting to technical peers; and communicating to executive leadership.
• Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast moving industry.
• Deep understanding of the MITRE ATT&CK matrix, with demonstrated experience building use cases and SOPs around the TTPs most relevant to your business.
• Ability to solve problems and work through ambiguity and uncertainty;
• Combined minimum of 5 years' work experience in two or more of these security domains: Security and Risk Management, Digital Forensics, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and/or Security Operations, preferably in a large (>10,000 employee) enterprise environment.

Powered by JazzHR

zq1J9agnvg