The Cyber Threat Intelligence Analyst is member of the CGI Security Operations Centre (GSOC). GSOC directs CGI’s SOC activities with a worldwide virtual team of qualified and highly skilled analysts.
As part of that team, the Threat Intelligence Analyst is in charge of the threat intelligence lifecycle which includes creation and collection, correlation and categorization, detection and mitigation recommendations, integration, sharing and reporting.
Your future duties and responsibilities:
The Threat Intelligence Analyst is responsible for the following activities related to advanced threat and intelligence operations:
Threat Intelligence Creation and Collection
•Produce intelligence reports/products at a tactical, operational, and strategic level to provide a current and accurate threat landscape picture
•Collect from multiple sources of threat information (public, government, commercial) and transform data into actionable intelligence reports/products
•Use multiple intelligence platforms to collect and process proprietary as well as open-source data to produce actionable intelligence
•Leverage different threat intelligence standards to conduct investigations.
•Leverage security incident artifacts and malware samples to extract Indicators of Compromise (IOCs) to generate actionable intelligence
•Ensure intelligence gathered as a result of CGI security incidents is integrated to the overall central knowledge base
Threat Intelligence Correlation and Categorization
•Correlate gathered threat information with existing CGI intelligence from past security incidents into the correct databases such as a Threat Intelligence Platform (TIP)
•Enrich information with contextualization, internal knowledge and profiles for threat actors focusing on as many known characteristics as possible to generate knowledge on Tactics, Techniques, and Procedures (TTPs)
•Ability to categorize threat intelligence into knowledge bases such as MITRE ATT&CK to use for adversary emulation, behavioral analytics development, defensive gap assessments, and intelligence enrichment
Threat Detection and Mitigation Recommendations
•Produce reports/products with details on threats including recommendations for detection and mitigation for use by SOC and BUs to develop use cases for tool integration or environmental mitigations
•Defining of “hunting” requirements for indicators of compromise, using various toolsets and driven by verified intelligence
Threat Intelligence Integration
•Integrate intelligence to existing tools such as SIEMs or any other relevant security solutions
•Develop use cases or rules to help better detect or prevent threats
•Contribute to the integration of actionable intelligence data with existing security controls and procedures
Threat Intelligence Sharing and Reporting
•Contribute in the definition, establishment and implementation of cyber threat intelligence and information sharing framework with SOCs, intelligence vendors, and the intelligence community
•Provide actionable intelligence to stakeholders with detailed reports, briefings and data feeds
•Participate in innovation projects including the building, deployment and evaluation of new technologies
•Participate in the definition of advanced threat process and best practices
•Provide advanced threat awareness and education to members of the team
Required qualifications to be successful in this role:
The candidate should be able to demonstrate a thorough understanding of Cyber security. Specifically, the candidate must possess an in-depth knowledge of modern threats and vulnerabilities, attack methodologies, threat actors, intelligence methodologies and tools. This position will require that the successful candidate be able to communicate, in both verbal and written forms, extremely technical information to operations personnel. The successful candidate must also be able to provide coherent advisory to high-level strategic leadership as well.
Education and Experience
•Expertise and strong experience (5+ years) in at least two of the following areas:
‒Intelligence Analysis and Reporting
‒Cyber Research and Threat Intelligence
•Degree in IT Security, Engineering or Technology related fields a major plus
•Strong understanding of the intelligence production cycle (collection, analysis, reporting, and dissemination)
•Strong understanding of intelligence methodologies and tools
•Strong knowledge of current threats, vulnerabilities, TTPs, and threat actors
•Strong understanding of the roles and functions of a Cyber Security Operations Centre (SOC) and Managed Security Services Provider (MSSP)
•Possess a high level of English-language writing capabilities
•Ability to deliver high quality reporting on complex issues identified in a very dynamic environment
•Experience as an analyst within the Intelligence Community conducting deliverable intelligence research reports/products
•Experience with Threat Intelligence Platforms and/or intelligence vendor products
•Excellent customer facing skills in both verbal and written communications
•Knowledge of intelligence platforms and how different tools enable the intelligence cycle
•Suitable to obtain TOP SECRET clearance
What you can expect from us:
Insights you can act on
While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.
When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees "members" because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.