Job Responsibilities include but may not be limited to:

• The Cyber Threat Intel Analyst is responsible for the delivery of curated Threat Intelligence reports to the organization to drive decision making and decisive actions.
• Analyze and research cyber threats to provide actionable threat intelligence, including adversary indicators of compromise, technique, tactics and procedures, behaviors, exploited vulnerabilities, and trends.
• Maintain tools and best-practices in advanced persistent threats, Tools, Techniques, and Procedures (TTPs) of attackers, and forensics and incident response.
• Act as a liaison to the Information Security organization with an extensive network of cyber security, threat intelligence, and security operations professionals.
• Identify and hunt for related TTPs across all internal/external repositories.
• Identify and mitigate the most harmful threats targeting Rubrik resources and partners.
• Understand and develop threat actor profiles, along with the typical indicators associated with those profiles, and synthesize the data to develop innovative detection methods.
• Collaborate with product managers, program managers, operations, policy, and communications teams to find gaps in current threat response processes such as detection and mitigation.
• Actively strengthen intelligence gathering, and investigation SOPs.
• Work across time zones with global team members and stakeholders.
• Play a collaborative role in the build out and maturity of the Threat Intelligence Program

Qualifications:

• Minimum of 5 years of experience working in Information Security performing incident response,threat intelligence, forensics, or offensive security.
• Competency in the practical application of the Threat Intelligence Lifecycle Process to drive CTI program initiatives.
• Strong ability to articulate Tactical, Operational, and Strategic threat intelligence to internal stakeholders.
• Experience in conducting investigations into advanced persistent threats.
• Strong knowledge of enterprise detection technologies and processes (Advanced Threat Detection Tools, IDS/IPS, Network Packet Analysis, Endpoint Protection).
• Strong understanding of security operations - perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
• Strong understanding of attack lifecycle of different types of cyber attacks (APT, cybercrime etc.), infrastructure lifecycle, and anonymization techniques.
• Proficiency in at least one of the following scripting languages - Python, Ruby, Powershell, Go, etc.
• Experience working with Threat Intelligence subscriptions and threat feeds.
• Experience contributing to Threat Intelligence or other SOC related program development.