|Preferred GIAC Certifications||GCTI|
2 February 2019
CLS helps clients navigate the changing FX marketplace – reducing risk and creating efficiencies. Our extensive network and deep market intelligence enable CLS specialists to lead the development of standardized solutions to real market problems. Our innovative, forward-looking products make the trading process faster, easier, safer and more cost-effective – empowering our clients’ success.
Functional title Cyber Threat Intelligence Specialist Location New York
Corporate title Level 2 Report to Manager of Information Security
Department Information Security No. of direct reports 0
The Cyber Threat Intelligence Specialist will act as primary liaison to threat sharing forums, government agencies and industry partners to collect, share, analyze, and interpret security threats to determine the relevance and potential impact to CLS. Using the threat insight gained through these channels and other sources, the Cyber Threat Intelligence Specialist will provide technical security advice and guidance to improve our preventive and detective controls, most specifically in support of our security monitoring and vulnerability management programs.
In addition, the Cyber Threat Intelligence Specialist will manage the integration of indicators of compromise (IOCs) with our monitoring platform to enhance our detection and response efforts. This will require continuous improvement to refine threat intel sources and integration points to improve the effectiveness of our threat detect capability based on a dynamic threat landscape.
As a member of the security operations team, the Cyber Threat Intelligence Specialist will also actively participate in vulnerability management, monitoring & response, security engineering and operations activities.
The role will require an understanding of relevant security threats, assessing effectiveness of current controls, identifying opportunities for improvement and delivering new and enhanced security controls. Security solutions will consider people, process and technology to deliver fully operationalized solutions with well-defined metrics that measure and ensure effectiveness on an ongoing basis.
Essential Function / major duties and responsibilities of the job
• Keep informed of new and emerging security threats & assess effectiveness of current controls to identify opportunities for program improvements
• Contribute to the overall information security strategy in its annual iterations.
• Foster relationships with key functional teams such as IT, Operations, Finance, HR, Internal Audit, and Enterprise Risk to support current and future initiatives.
• Maintain timely understanding of CLS Settlement, Processing and Data business products as the business adapts to new opportunities
• Keep informed of new and updated industry frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook
• Research new security related products and services to ensure that CLS is equipped with appropriate industry best tools and solutions
• Serve as an all source Cyber Threat Intelligence Specialist
• Investigate threat information, fuse with other relevant information, and analyze data for patterns and actionable information
• Collect, analyze, catalog, and assist in the deployment of indicators of compromise (IOCs) in partnership with the Cybersecurity Incident Response Team (CSIRT) to understand incidents and help refine detection and response efforts
• Develop and maintain expertise in a wide variety of technology platforms, threat vectors, and threat actors in order to track cyber campaigns using internal and external data
• Perform analytic support focused on cyber doctrine, policies, strategies, capabilities, and intent to conduct cyberspace operations and cyber-oriented groups, individuals, organizations, tools, tactics, and procedures
• Assist with drafting, editing, critiquing, and proofreading threat intelligence assessments and briefs
• Work closely with functional senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks
• Operate and maintain IT Security controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc.
• Conduct IT Security risk assessments for all high impact projects, defining security mitigating controls that impact the technology architectures of CLS, service providers, and business partners
• Support 24 x 7 Security Monitoring and Response on a 1/8 rotation
• Review and update IT Security procedures to reflect best practice and mitigate current and emerging threats
• Maintain relationships with all third-party IT security vendors and strategic partners
Work as a team member and individual contributor
Execute IT Security Monitoring and Response team’s vision and mission in alignment with the overall IT Security vision and mission, as well as with CLS’s strategic direction
Through example and behavior, strive to provide peer leadership to other team members with the goal of being excellent service providers and enablers to other constituencies (both internal and external)
Actively mentor other team members both technically and professionally
Experience / essential and desired for successful job performance
• A minimum of 8 years of information security experience with at least 5 years of experience with all-source cyber intelligence and analysis
• Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources
• Experience with cyber intelligence, computer network operations, information operations, information warfare, or cyber security topics
• Ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) for a senior-level audience
• Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
• Familiarity with link-analysis methods and software (e.g. Maltego, Analyst Notebook)
• Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats
• Can apply a variety of cyber-related analytic models to identify, track and support analysis of cyber threat actors and events. Examples of these techniques include, but are not limited to Use of the Diamond Model, Kill Chain Methodology, F3EAD, MITRE ATT&CK Framework
• Considerable working knowledge in one or more of the following topics APT, Cybercriminals, Financially motivated cyber groups, Hacktivism, DDoS attack methods, malware variants, Mobile and Emerging Threats, Social Engineering, Insider Threats
• Monitor, tune and develop technical IT Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats
• Broad network and technology awareness, with the ability to convey complex or technical topics in a clear and concise manner
• Understanding of foundational principles of intelligence and incident response
• Work with members of the IT Security team to help design, implement and maintain security
• Ability to collaborate effectively with others to drive forward key security objectives
• Strong documentation and report writing skills (to both technical and business audiences)
• Excellent time management and organizational skills combined with technical IT Security acumen
• Knowledge of firewalls, TCP/IP, IPS, DLP, proxies, SIEM, & endpoint protection software
• Financial and/or Banking industry experience preferred
Qualifications / certifications
• Active Secret or higher security clearance preferred
• Knowledge of the intelligence community, US Government, and federal cyber centers.
• B.S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent)
• Industry recognized security qualification in cybersecurity (e.g. GCTI, GCFE, GCHI or equivalent)
• Industry recognized security qualification as a general security practitioner (e.g. CISSP, GSEC, GCED or equivalent)
• Knowledge of incident handling life cycle based on an established framework: ISO 27035, SANS, NIST SP 800-61, CERT, ENISA
• A relevant advanced degree would enhance the candidate’s credentials
Success factors / ‘How’. Personal characteristics contributing to an individual’s ability to excel in the position
• Possess a strong service-oriented mind set to consistently deliver balanced security solutions that include people, process and technology
• Possess strong technical, analytical and problem solving skills
• Self-motivated to exceed management expectations and objectives
• Ability to effectively communicate complex technical issues to both business and technical staff at all levels
• Strong collaboration skills to tackle complex security challenges that may span across multiple internal and external departments and groups
• Able to effectively cope with change and comfortably handle risk and ambiguity, not upset when things are up in the air
• Tenacious resolve and positive attitude in challenging situations