Threat Intelligence Analyst - JB-523

PwC Israel’s threat Intelligence team is seeking a technical intelligence analyst with a passion and aptitude for hunting malicious cyber activity. Our team focuses on the identification of novel intrusion techniques and tracking of varied threat actors, ranging from organized crime groups to state affiliated espionage actors.

The Threat Intelligence team is responsible for the development and delivery of technical and strategic threat research and intelligence services:

• Subscription and bespoke research services to public and private sector clients;
• Intelligence support to, and collection from incident response and managed threat hunting teams; and,
• Provide intelligence research to support all services provided by our wider cyber security practice.

As a technical analyst within PwC Israel’s Threat Intelligence team you’ll dive into threat actor campaigns and incident response cases relevant to our vast client base. You’ll develop a deep understanding of the tools and techniques used by threat actors, help our clients understand the threats they face, and enable them to better defend their networks. You could be involved in monitoring C2 infrastructure for an actor, targeted attack activity in a specific region, the evolution of specific malware families, and everything in between.

Responsibilities:

We expect you will already be able to demonstrate experience in one or more of the following areas:

• Developing collection and tracking techniques to identify new threat actors and campaigns, monitor the activity of known actors, and methodically attribute new activity from both open and closed data sources using a variety of bespoke, commercial and open source tools and systems.
• Participating in analysis to renew and further develop knowledge on new and existing threat actors.
• Applying a robust analytical methodology to support conclusions in relation to specific threat actors, and an ability to rationalize and articulate your conclusions.
• Understanding of network protocols, attack lifecycles and actor tradecraft.
• Supporting the generation of analytic content, detection concepts, and network and host based detection methods;
• Static and dynamic reverse engineering in order to identify and classify new samples, understand C2 protocols and functional capability.
• Researching and developing new tools and scripts to continually update or improve our threat intelligence automation processes, collection methods and analytical capability.
• Support business as usual operations such as monitoring open source for new information and responding to ad-hoc client RFIs.
• Delivering reports and presentations based on research into emerging threats, sharing your findings with clients, with the public or security community.

Desirable skills:

• Strong analytical and quantitative reasoning foundation with the ability to understand and research the operations of different types of organizations, ranging from criminal groups to financial enterprises.
• An understanding of common analysis techniques and frameworks used in CTI, such as threat modeling techniques like the Diamond model, Cyber Kill Chain, and F3EAD.
• Knowledge of open source and commercial platforms, tools and frameworks used within threat intelligence teams, such as threat intelligence platforms, malware sandboxes and reverse engineering tools, such as Ghidra or IDA Pro.
• Experience writing and maintaining detection rules (e.g Yara, and Snort signatures).
• Experience with Maltego, including custom transforms, and its use in mapping out intrusion sets.
• Baseline knowledge of threat actors, attribution concepts, and high profile cyber incidents;
• Expertise in Python; and,
• Strong Competency in exploiting common intelligence datasets, including commercial repositories of information relating to malware and internet data (domain, IP, netflow, certificate tracking etc.), and closed sources including incident response and other collection sources.
• Advantage: Language skills - in particular Mandarin, Cantonese, or Persian/Farsi.
• Minimum of 3 years of related experience in Information Security or an equivalent combination of training and experience (Threat Tracking, Network Analysis, OSINT, Threat Hunting)