- Daily M-F global threatscape monitoring and internal reporting of what matters to Qualys to prioritize risk. This is the majority of block and tackle work for day in and day out work for this role.Collect, process, and analyze data from internal and external sources to produce actionable intelligence products based on intelligence requirement.Create impactful threat intelligence products that aid prioritization of preventative controls and mitigations to improve Qualys's internal security posture and within our product.
- Support response to internal incidents by managing intelligence collected during investigations and building a common understanding of threat activities and actor attribution.
- Strategic support with key leaders on roadmaps, countering specific actor groups and TTPs that threaten high value assets. Develop partnerships with security teams across Qualys.
- Product Threat Modeling and support of product DevSecOps security to qualify and quantify risk and reduce risk in Qualys operations and product.
- Purple Team Operations, as we bolster operations, audit, and verify and trust but verify that we are hardened against attacks and TTPs of concern.
- Innovation and growth of team operations and outcomes.
- Required to be a team player who communicates well, values loyalty and team outcomes above self, and exhibits humility in colleague interactions and decisions made in the workplace.
- Required one or more-years direct experience as a cyber threat analyst working with indicators of compromise (IOCs) and the MITRE ATT&CK framework and TTPs within an intelligence lifecycle.
- Required understanding of threat and vulnerability management (TVM) core competencies and business lifecycle, CVSS severity versus cyber risk, common types of vulnerabilities, and management of the Common Vulnerabilities and Exposure (CVE) ecosystem.
- 3 or more-years' experience direct experience within the cyber threat intelligence (CTI) field preferred.
- Strong critical thinking skills, out of box thinking, persevering attitude (not giving up), with an attitude for problem solving and taking on challenges, especially intellectual ones, coupled with creativity. Mathematical intelligence strength preferred.
- Strongly Preferred applicants have a good working knowledge of Python or similar scripting language and Microsoft Excel and similar productivity tools, able to easily manage and manipulate large amounts of data quickly that may require de-obfuscation, normalization, and handling into various forms and input and tooling.
- Preferred applicants have a working knowledge of common CTI cybersecurity frameworks, kill chain/web, and tooling.
- Preferred applicants have a working knowledge within a virtual lab environment to perform threat research and response.
- Existing knowledge of common cyber actor groups, TTPs, and attack trends is highly preferred.
- Experience as with deep networking concepts (intrusion detection/forensics), malware analysis and/or attack simulation and emulation is a plus.
Threat Engineer - Pune, India - Qualys
Description
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world
Cyber Threat Analyst
Qualys Cyber Threat has a mission to move Qualys to the "left of boom" by implementing cyber threat intelligence (CTI) lifecycle operations into business operations (tactical, strategic, and operational). Our team regularly works with stakeholders at all levels to delivery intelligence, perform advisory functions, and prioritize threats, countermeasures, and recommendations to lower risk for both Qualys and our product, lowering risk for our clients.
As a Cyber Threat Analyst your role focuses on support of core team functions, largely tactical, such as daily open-source intelligence (OSINT) alert management, reviews, updates, tracking, and prioritization, coupled with a daily internal proprietary report on what matters most on the threatscape to our company and clients. You'll also regularly collaborate with other business units to update indicators of compromise (IOCs), indicator of attribution (IOAs), attack patterns, techniques, tactics, and procedures (TTPs), and other intelligence data necessary to map and counter threats within business operations.
Responsibilities
Cyber Threat performs the following primary functions, which this role supports daily:
Qualifications
Former security clearance or working within an environment using traffic light protocol is a plus
#LI-Remote, #LI-Hybrid, #LI-Onsite