Senior Threat Intelligence Engineer

Job Description

Threat intelligence positions at Infoblox have the unique opportunity to research threats, analyze malware behavior, threat actors, and campaigns, build their own detectors, and create labeled data sets to protect our customers. Our analysts and researchers enjoy the creative environment and ownership that comes with working projects, primarily from start to finish.

The position is part of our larger Global Threat Intelligence organization, where members are also integral parts of the creative and technical development of our proprietary intelligence processing tools and packages. The ideal candidate is an experienced intelligence and malware analyst who knows and understands DNS (protocols, datasets, tunneling). They are excited to understand the methods and motivations of cyber adversaries and are motivated to help protect others from cybercrime.

They know how to hunt for leads in open source and automated data processing to support their goal. Preferably, they are familiar with intelligence processes, requirements, collection, and reporting. Individuals with solid logic, correlation, analytical, pattern recognition, communication, and technical skills, as well as the motivation to continuously learn, will fit nicely on our team.

Candidates with reverse engineering, malware research experience, and an understanding of attacker methods and objectives will be given preference. You will report to the Manager, Threat Intelligence based in Bangalore, India.

Responsibilities:

• Collect, analyze and exploit data from various sources

• Develop actionable information in the form of technical indicators, reports, lists, rules, signatures, or indicators and warnings

• Perform analysis on new indicators to detect prior compromise

• Proficiency in operating on Unix/Linux systems

• Proficiency in building / architecting / processing data in AWS; comfort operating it via the command line

• Research and analyze malware, and develop detection algorithms

• Tracking and reporting on threat actor tactics, techniques, and procedures (TTP) and threat hunting in the local language of a geographic region outside the United States

• Develop and use predictive analytics to counter threats by tracking attack campaigns

• Triage and respond to incidents or requests for analysis

• Demonstrated ability to document technical process and articles on security trends

• Strong understanding and technical foundation related to APT and various other threat actors strategy and methodologies

Requirements:

• 7+ years in cybersecurity with demonstrable accomplishments in threat analysis, reverse engineering, and/or threat research

• 3-5 years of experience with Python and other scripting languages

• Commitment to self-study and maintaining proficiency in the technical cybersecurity

• Pivoting off data points to find additional information and other intelligence processes/cycles (PFM, F3EAD, etc.)

• Understanding of DNS, TCP/IP, standard networking ports, protocols, and traffic flow

• Experience using virtual environments for analysis of suspicious sites and files

• Experience creating or using honeynets to produce data sets for research and analysis

• Experience using reverse engineering tools such as IDA pro, OllyDbg, etc

• Development of new detection mechanisms for various families of malware, preferably in Python

• Experience performing threat hunting and pivoting using OSINT

• Experience using Mitre Attack framework for mapping threat intelligence to classify, categorize and enrich

• Experience performing email header analysis, embedded links, attachments to identify Spam and phishing emails

• Experience using SIEM tool for log analysis and analytics

Education:

• B.S. in CS, CE or EE or 4 years of relevant work experience

Keyskills :
ida proopen sourcelog analysismusic makingdata processingthreat analysistechnical skillstechnical processreverse engineeringpattern recognitionthreat intelligencepredictive analyticsawsdnsfitaptidaunix