Cyber Intelligence and Incident Response Analyst Cubic Corporation
San Diego, CA

Job Description

Business Unit:

Cubic Corporation

Company Details:

Cubic offers an opportunity to provide innovative technology for government and commercial customers around the globe, helping to solve their future problems today. We're the leading integrator of payment and information technology and services for intelligent travel solutions worldwide, and the leading provider of realistic combat training systems, secure communications and networking and highly specialized support services for military and security forces of the U.S. and allied nations. If you have an entrepreneurial spirit and thrive in an innovative environment, we want to talk to you about your next role at Cubic! We are seeking employees inspired by technology, and motivated by the rewards of hard work, commitment, teamwork, quality, integrity, and respect. We invite you to explore opportunities with Cubic.

Job Details:

Job Summary: Serves as key member of the Cubic Cyber Fusion Center (CCFC) responsible for leading threat actor based investigations, directing new detection methodology and providing expert support to incident response and monitoring functions. Responsible for all investigative aspects in information security to include but not limited to external attacks by Advanced Persistent Threats (APTs) conducted by foreign intelligence agencies; criminal computer intrusions and attacks by social hacker groups; and insider threats. Works the intelligence collection and incident response activities of the Computer Incident Response Team (CIRT), will detect, disrupt and eradicate threat actors from enterprise networks. Uses data analysis, threat intelligence, and cutting-edge security technologies. This position typically works under limited supervision and direction. Incumbents will regularly exercise discretionary and substantial decision-making authority.

Essential Job Duties and Responsibilities:

* Hunts for and identify threat actor groups and their techniques, tools and processes
* Develops intelligence on, characterizes and tracks adversary activities, ranging from tactical level capabilities to global operations
* Provides expert analytic investigative support of large scale and complex security incidents.
* Maintains current knowledge of tools and best-practices in advanced persistent threats; Tactics, Techniques and Procedures (TTPs) of attackers
* Correlates collected intelligence to build upon a larger knowledge-base of activity
* Indicators of Compromise (IOC) collection and management
* Identifies and hunts for related TTPs and IOCs across all internal and external repositories
* Performs & directs analysis of security incidents for further enhancement of alert catalog/mitigation
* Continuously improves processes for use across multiple detection sets for more efficient CCFC operations.
* Identification of and correlation with other data sources to enhance security event detection, monitoring and response capabilities.
* Collects, analyzes and interprets all-source threat intelligence to form a conclusive threat picture of Cubic adversaries
* Keep abreast of industry security trends and applicable government regulations and reporting requirements.
* Builds an effective global intelligence network through strategic internal and external partnerships, and enabling information sharing among Intel group of companies and with trusted external partners

Minimum Job Requirements:

Four -year college degree in information technology or related technical field or equivalent, plus a minimum of two years of information security experience and system or network management. SANS GIAC certification Required such as GCIH, GCFA , GCTI or SANS DoD 8570 equivalent. Must have a thorough knowledge of computer operating system capabilities, network protocols. Proficient in the use of personal computers and network systems. Advanced knowledge of Unix and Windows operating systems. Ability to analyze and solve complex technical problems. Must be able to complete multiple tasks under scheduled deadlines. Must be willing to participate in on-call rotation and work after hours if needed. Must possess an understanding of all aspects of computer and network security, digital forensics, evidence handling procedures, conducting and managing cyber investigations and case management. Must possess strong oral and written communication, analytical, and problem-solving capabilities as well as excellent judgment and self-motivation. Ability to multitask and work well under pressure with minimum direction and supervision, and possess excellent interpersonal and leadership abilities. Recent practical hands-on security experience (SOC, Incident Response, Malware Analysis, IDS/IPS Analysis, etc.) A passion for research, and uncovering the unknown about cyber security threats and threat actors. Experience working and sharing within high-trust communities internally and externally and maintaining TLP Levels. An understanding of and ability to foster and maintain relationships in the DOD / Law Enforcement / Intelligence communities . Intimate knowledge of the Cyber Kill Chain, Diamond Model of Intrusion Analysis, MITRE ATT&CK or other relevant network defense and intelligence frameworks. Expertise with external intelligence enrichment sources (VirusTotal, PassiveTotal, DT, etc) and leveraging Yara signatures to hunt for adversaries. Expertise with common network defense languages/tools (Yara, Snort/Suricata, Bro, etc). Proven record working in an effective information security team, experience working for a global, multinational company, have demonstrated experience contributing to a team to deliver timely and actionable threat intelligence, and ability to influence decision makers with data and objective analysis.

Worker Type:

Employee