Job Title: 

Threat Intelligence Specialist (Consulting Associate)

Job Description

The successful Intelligence specialist will have experience in delivery of high-impact reports and briefings to CRA clients in various industries. The specialist will utilize CRA’s sources, methods, and data to provide the client with tailormade context about the evolving threat landscape, industries or specific topics. The successful candidate can interpret and analyze large, sometimes ambiguous, data sets and has experience in delivery of briefings and production of intel products to current and future CRA clients in various industries. Intelligence Specialists are responsible for providing intelligence analysis in order to identify threats, quantify vulnerabilities, and reduce risk to the client. The Specialist will interface directly with clients to field technical and threat intelligence questions, providing timely, actionable, clear, and concise intelligence.
 
The ideal candidate will possess a background in Information Security and the intelligence process, ideally gained in a global corporation.  He/she will apply analytical rigor to all work while remain open to non-traditional information or conclusions.  The specialist will have excellent writing and presentation skills and be able to defend his/her analytical conclusions in logical and persuasive terms.  The specialist’s work will inform a range of tactical and strategic decisions and should equip audiences with actionable assessments.

 

Responsibilities:

  • Identify and hunt for threat actor TTPs across internal/external repositories
  • Correlate collected intelligence, to build upon a larger knowledge base of tracked threat activity
  • Present tactical and strategic intelligence about threat groups, the methodologies they use and the motivations behind their activity
  • Establish and maintain effective client communications
  • Write finished intelligence at the technical and strategic levels
  • Convey both verbally and in writing the importance of findings for a variety of audiences
  • Prepare and deliver briefings and reports to the client’s executives, security team or fellow analysts
  • Foster client trust and ongoing relationship building through proactive and continuous engagement
  • Prioritize and execute taskings with minimal direction or oversight
  • Provide cogent cyber threat intelligence analysis to clients and various internal teams in written and oral form
  • Create custom analytic products based on conclusions and judgments derived from open and closed Intelligence sources and independent research
  • Provide timely support for clients’ incident response, hunting, threat intelligence teams by collecting relevant intelligence and/or performing unique research and providing analysis
  • Perform technical analysis on malicious or suspicious artifacts (malicious executables and documents, packet captures, etc.)
  • Work closely with CRA’s Incident response teams to update and improve intelligence reporting and collection processes
  • Gain a deep understanding of each client’s specific concerns and alert them when relevant information surfaces, also initiating ideas for tailored products about these issues when relevant
  • Perform other duties as assigned

Required Qualifications

  • Knowledge of the cyber threat landscape—including actors, TTPs, target
  • An ability to engage others and convey technical topics in an understandable manner
  • A good team player supported by an inquisitive, analytical mind
  • Strong communication skills with a brisk writing style; able to build a compelling and effective narrative.
  • Ability to work in fast-paced environment, to triage and to work within a small, highly-technical group while providing explanations to non-technical people
  • Ability to work as part of a distributed virtual analysis team with limited supervision
  • 5 + years’ experience in Information Security, gained in a hands-on technical or intelligence role
  • Undergraduate degree in cyber security, computer science, intelligence studies, criminal justice, journalism, or equivalent experience
  • Practical experience as an intelligence analyst
  • History of participation in industry or technology information sharing groups, formal or informal
  • Ability to dynamically analyze malicious code and related threats
  • Experience with scripting or programming languages, notably VB, C++, Perl or Python
  • Understanding of how operating systems work and the ways malware interacts with them
  • Understanding of common network traffic protocols and familiarity with common network traffic analysis techniques
  • Strong working knowledge of Linux or Unix operating systems
  • Additional language fluency beyond English
  • 2+ years’ experience working with malware or exploits, or engaged in either threat research or incident handling
  • Experience with vulnerability management, penetration testing, scripting, programming, reverse engineering and similar job experience
  • Past exposure to a variety of malware families used by Espionage or Criminal campaigns, such as PlugX, Poison Ivy, etc.
  • Proficiency with Threat Intelligence Platforms and analyst software tools e.g. MISP, Maltego, etc.
  • Significant experience with the following concepts and related tool sets:
    • Network sniffers
    • Process analysis tools
    • Registry analysis tools
    • File analysis tools
    • Memory analysis tools

Desired qualifications

  • Experience working in a large enterprise environment
  • Ability to perform dynamic and static analysis
  • Experience with scripting or programming languages, notably VB, C++, Perl or Python
  • Preferred certifications: GIAC Certified Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware (GREM), GIAC Certified Incident Handler (GCIH) or GIAC Certified Forensics Analyst (GCFA)

We are an Equal Opportunity and Affirmative Action Employer (EEO/AAE): Minority/Female/Veteran/Disabled.

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Charles River Associates are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.