Cyber Threat Intelligence Analyst

RiskIQ is the leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization's digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ's platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

We are looking for a Senior Cyber Intelligence Analyst to join our i3 team. This position can be based at our office in Lenexa, KS or remotely.

The Role
The Incident Investigations and Intelligence (i3) Program within RiskIQ is built to oversee managed services of the External Threats Product workspaces for clients and the Executive Guardian product workspaces for clients. Executive Guardian is designed to protect C-Suite and high net worth individuals from physical threats, exposures of Personally Identifiable Information (PII), and instances of social media account impersonation thereby safeguarding the individual, their reputation, family, and by extension, the company. External Threats protects clients from phishing attacks, domain infringement, mobile app impersonation, social & brand impersonation, and data leakage. The i3 Cyber Intelligence Analyst (SCIA) The i3 Cyber Threat Intelligence Analyst is a mid-level analytic role that will capitalize on an existing technical skillset to build and maintain complex technical logic to identify online threats to customers, manage client threat events, and take the appropriate action to suppress harmful content on the internet in order to protect our customers, their people, and their assets. i3 Cyber Threat Intelligence Analysts will also perform threat attribution research for the purposes of providing customers with finished and actionable intelligence products relevant to the safety and security of their assets and operations. The i3 Cyber Threat Intelligence Analyst is technically proficient, proactive, and is business-minded using both available open source and proprietary data sets to confidently support attribution of virtual threat actors with their actions.

Responsibilities

• Configuration of technical details in the RiskIQ platform to identify sensitive data on the web for customers, including proprietary data and Personally Identifiable Information (PII)
• Manage client workspaces to identify and mitigate threats such as phishing, domain infringement, brand infringement, social media impersonations, and mobile app fraudulent activity
• Effectively conduct cyber investigations around events surfaced in the RiskIQ platform looking for relevant threat actor infrastructure, IOCs, and TTPS
• Work with i3 colleagues and leadership to design solutions to improve collection within the External Threats and Executive Guardian platforms to improve the client experience
• Respond to requests for customer support and escalate to Engineering as appropriate
• Review and appropriately escalate detections based on the urgency of the discovered data/threat
• Stand up Proofs-of-Concept (POC) workspaces and orchestrate effective and value-driven POCs for customers and prospective customers in support of sales opportunities
• Monitor the RiskIQ platform and alert/support senior staff to conduct security/threat investigations into threat actors and their activities world-wide, using industry tools and proprietary information
• Assist in the production of threat analysis for dissemination to consumers on the safety and security of customers, assets and operations, including impact assessment and mitigation recommendations
• Identify opportunities to predict and prevent future security issues and/or incidents
• Collaborate with client security teams digitally, via phone, or at times, in person to constantly improve analytic standards, workflows, and success metrics and develop/improve analytic products as appropriate
• Collaborate with RiskIQ Legal and Engineering teams to ensure appropriate mitigation of identified risks
• Work with sensitive and confidential information and maintain highest standards of data protection to ensure client confidentiality
• Support the production of finished threat analysis for dissemination to consumers on the safety and security of customers, assets and operations, including impact assessment and mitigation recommendations
• Effectively engage consultatively with customers to design workflows, provide training, and update and brief teams on performance, metrics, and workspace events/intelligence
• Collaborate with senior i3 team members to constantly improve analytic standards,
• workflows, and success metrics and develop/improve analytic products as appropriate

Requirements

• Bachelor's degree required
• Experience researching and collecting intelligence from within social media, deep web forums, and the dark web
• Technical proficiency with open source intelligence (OSINT) research tools; familiarity with Regex, JavaScript, SQL, and Python a strong plus
• Familiarity with Threat Models such as MITRE ATT&CK® , Diamond Model and Cyber Kill Chain®; Incident Response Investigations experience highly desired
• Technical skill familiarization in network communications (TCP/IP, OSI Model), malware analysis(communication/installation/behavior) and computer network defense operations
• Previous experience with anti-phishing and online fraud identification and remediation
• Strong written and verbal communication skills
• Ability to effectively interface with and lead communication with customers; previous cybersecurity consulting experience a strong plus
• Experience managing multiple projects, and the ability to flex quickly as required evolving corporate priorities
• Ability to work independently and with minimal supervision
• Basic understanding of investigative analysis, and communicating findings to consumers
• Approximately 10-25% global travel required
• Ability to obtain a US Top Secret security clearance

Why work at RiskIQ?

• Fascinating work - Welcome to the dark underbelly of the Internet. RiskIQ's ability to help organizations map and monitor their attack surface, detect internet-scale threats, and investigate adversaries led to skyrocketing adoption by security teams around the world. It is the golden age of internet crime, and we are at the forefront of defensive efforts to stem the tide. Internet security is a global growth industry, and the knowledge you acquire here will be a marketable skill for decades to come.
• We're a company on the forefront of a burgeoning industry - RiskIQ experienced explosive growth in 2018, including a 362.5 percent increase in net new product sales due to the steady adoption of attack surface management across the world. We also experienced a 365 percent increase in registration for RiskIQ community, our freemium entry-level product, showing the increasing role of security outside the firewall to the growth of businesses.
• Top Leadership - Our CEO is a renowned cybersecurity veteran known for his expertise. Our leadership group is poised and experienced with a track record in technology and cybersecurity.
• Unbounded opportunity - We're growing! At RiskIQ, you'll be provided with as much responsibility as you can handle—new career development opportunities constantly arise given our rate of growth.
• Flexibility - You'll have a large workload, but also the freedom to accomplish it on your own terms.