About the role
As a member of the CTI team, the CTI Lead will be responsible for collecting information used to analyze the political, economic, social, and behavioral aspects of malicious cyber activity and contributing to internal intelligence products for our clients.
This position is primarily focused on Chinese and East Asian-based APT actors. We’re looking for an intel analyst with deep knowledge of APT groups based in the region including campaigns, TTPs and activities.
Roles and Responsibilities :
Work with various intelligence collection and reporting tools and frameworks to produce reports.
Collect, process, catalog, and document information using an ALL-SOURCE approach and various technical and human means on cyber-security topics as required based on defined intelligence requirements.
Respond to requests for ad-hoc reporting and research topics from management and analysts as required.
Identify gaps in available intelligence information and engages with leadership on strategies to meet intelligence requirements through Intelligence collection processes.
Quickly understand and deliver on company and customer requirements.
Deal professionally with offensive, profane, and obscene materials encountered during investigations and research.
Aid in and participate in daily, weekly, quarterly, and yearly production reporting for clients, partners, and internal teams.
Bachelor’s degree in Computer Science / Engineering or a related field
Demonstrated previous direct experience in a CTI-related role encompassing all phases of the intelligence lifecycle (direction, collection, processing, analysis and dissemination), CTI tools (e.
g. intelligence sharing platforms such as MISP, visual investigation and analysis tools such as Maltego, secure operating systems such as Whonix and Qubes, malware sandboxes) and methods.
Strong understanding of threat analysis and enterprise level, mitigation strategies.
Working knowledge of how malicious code operates and how technical vulnerabilities are exploited.
Knowledge of operating systems and networking technologies in general.
Knowledge of databases, query design, and how to analyze data thus obtained.
Hands-on experience with technical intelligence collection and analysis as well as development of intelligence reports is a must (including strategic (geopolitical knowledge) and tactical finished intel reports)
Experience with deep, dark web and IRC channel collection activities and tradecraft
TTP knowledge of major malware families such as infostealer, spambot, banking trojan, RAT
TTP knowledge of major APT groups from Vietnam, CN, or NK
Capable of hunting, tracking threat activity for these groups, map attacker infrastructure and being able to pivot to related / additional threat data
Knowledge of one or more foreign languages used in cyber threat activity hotspots (Arabic, Farsi, Mandarin, Korean, or Russian)
Team management, incident response and malware analysis experience
Reverse Engineering skills is a plus
At Deloitte, we create positively differentiated work experiences that enable our people to feel valued and achieve their full potential.
We value difference and embrace people with diverse backgrounds and thinking styles. Knowing that people work best in different ways, we are happy to discuss alternative arrangements if the working pattern you are looking for is not specifically indicated.