Lead Threat Intelligence Analyst

Lead Threat Intelligence Analyst Global Cybersecurity Services (GCS) Global Security Organization MISSION At ADP we are driven by your success. We engage your unique talents and perspectives. We welcome your ideas on how to do things differently and better. In your efforts to achieve, learn and grow, we support you all the way. If success motivates you, you belong at ADP. Technology at ADP. It’s the foundation of the products and services that have made us a world-wide leader in workforce solutions. With us, you can combine technical skills and business acumen, to effectively consult as well as solve technical challenges. You have the opportunity to train on leading-edge technologies that continually redefine what’s possible in our industry. The Threat Intelligence Team within ADP’s Global Security Organization (GSO) is responsible for Collection, Correlation, Automation and Reporting of various Cyber Threat and Fraud Data.  In this role, the Lead Threat Intelligence Analyst will be responsible for the tactical, and operational analysis of cyber, threats that may impact ADP. The Cyber Threat Intelligence Analyst will demonstrate technical expertise and leadership in the areas of threat intelligence, brand protection, and data analysis. You will work alongside a team of intelligence analysts, threat hunters, and security operations team to help improved and action Intelligence. Assist in producing a comprehensive operating picture and cyber security situational awareness. You will work with various intelligence collection and reporting tools and frameworks to produce reports and/or products. Collect, process, catalog, and document information as required based on defined intelligence requirements To thrive in this threat position, you’ll need to be an expert in building and enhancing intelligence products and services. You’ll also need experience working with structured and unstructured data and are great at maintaining situation awareness. You know how to work with Security Operations team to create the most value and identify gaps in available intelligence information and engage with leadership on strategies to meet intelligence requirements through Intelligence collection processes Hours of operation to be approximately from 3:00PM to Midnight (Mid-shift) Manila time. ROLES AND RESPONSIBILITIES

• Collect, analyze, investigate, store, and disseminate threat intelligence (actors, campaigns, TTPs, IOAs, IOCs).
• Collect and analyze artifacts including malicious executables, scripts, documents, and packet captures.
• Conduct detailed technical analysis supported by industry accepted threat intelligence analytical frameworks, tools, and standards.
• Collaborate with technical and threat intelligence analysts to provide indications and warnings and contribute to predictive analysis of malicious activity.
• Develop and refine cyber-threat intelligence collection and analysis processes.
• Apply knowledge of current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks.
• Generate tailored and actionable products based on analyzed threat campaigns, external and internal events and incidents.
• Develop analytical hypotheses, prove (or disprove) those hypotheses through research; communicate that information to stakeholders both verbally and in writing.
• Produce quality intelligence products at the Operational, and Tactical level for audiences with diverse technological backgrounds.
• Review and process and analyze external/brand abuse and digital risk data.
• Develop automation processes and dashboards to measure trends.
• Ability to work in a fast-paced environment with minimal supervision.
• Review and analyze internal, open source, and dark web datasets to find threat information and use it to provide value to ADP.
• Provide accurate and priority driven analysis on cyber activity/threats, and present complex operational/technical topics to senior managers and stakeholders.
• Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the organization, as well as different business segments.
• Create and evaluate trend/correlation analysis for scenario forecasting at both the tactical and operational level.
• Provide expertise and recommend relevant remediation and countermeasures during incident response efforts.
• Provide security risk mitigation methods and compensating controls to help drive remediation efforts for the business.
• Generate presentations that illustrate research through visualizations, charts, graphs, infographics, and evidence capture for senior leadership.
• Provide input for the development of objectives, key results, and program metrics.
• Exhibit strong critical thinking and problem-solving skills with sound judgement.
• Maintain or develop professional contacts in the various communities in support of operations.
• Support the Critical Incident Response Center (CIRC)/SOC with intelligence collection, analysis and/or dissemination as it relates to on-going investigations.

BASIC REQUIREMENTS/TECHNICAL SKILLS REQUIRED

• 5+ years of cybersecurity, threat intelligence or IT experience; 2+ years of experience in operational or tactical cyber threat analysis; experience can include one or more of the following cyber-security functions: Cyber Threat Intelligence, Threat Hunting, System Administration, Intrusion Detection/Prevention, Monitoring, Incident Response, Digital Forensics, Vulnerability Management
• Ability to write scripts for automation process development using Python and other languages.
• Ability to work with API and implement integrations between tools/solutions.
• Ability to work in a fast-paced environment with minimal supervision.
• Ability to introduce and provide improvements to the current processes for more efficiency and actionability.
• Prior experience working with Threat Intelligence tools such as: Recorded Future, Titan, ThreatQ, Virus Total, ThreatConnect, Spycloud, etc.
• Prior experience as a technical cyber threat intelligence (or related) subject matter expert that has worked across organizational boundaries to analyze cyber threats to their organization’s infrastructure and services.
• Candidates must be able work independently with minimal supervision.
• Excellent English verbal and written communication skills are required.

EDUCATION: 

• A Computer Science College degree is a plus, but not required. What’s more important is having the skills and experience to do the job.
• Holds certifications such as SANS FOR578, GIAC OSI, Security+, CISSP, GCTI, GREM, OSCP or similar training and certification.

OTHER COMPETENCIES

• Knowledge of advanced cyber threats, threat vectors, attacker methodology to include, tools, tactics, and procedures and how they tie into the Cyber Kill Chain or ATT&CK framework, Diamond Model etc.
• Experience in malware detection and analysis using static and dynamic malware analysis methods.
• Knowledge of cloud services and their attack surface.
• Knowledge of how malicious code operates and how technical vulnerabilities are exploited.
• Experience with premium threat intelligence tooling and/or open-source intelligence techniques.
• Experienced in developing network and host-based signatures to identify specific malware.
• Experience with disseminating information in accordance with TLP classification and handling protocols, to the sector through the appropriate mechanisms.
• Experience with various link analysis and intelligence software applications.
• Organizational and self-directing skills — ability to initiate, coordinate and prioritize responsibilities and follow through on tasks to completion
• Programming / Scripting experience to automate tasks is a plus (python, Perl, .net, etc.)
• Understanding the following foreign languages is a plus (Mandarin, Farsi, Korean, Arabic)
• Experience with developing tools to enhance cyber-threat intelligence capabilities.
• Banking or Financial industry experience

About ADP : We power organizations with insightful solutions that drive business success.  Consistently named one of the “Most Admired Companies” by FORTUNE® Magazine, and recognized by Forbes® as one of “The World’s Most Innovative Companies,” ADP has over a half-million clients around the globe and 60+ years of experience as a world-wide leader of business outsourcing solutions.