Careers

Basic purpose of the role: 

This role will serve as the lead for TAQA’s Cyber Threat Intelligence Team and will be responsible for analysing threat actor campaigns and incident response cases relevant to the industry.  This role supports overall defence activities, provides in-depth analysis of suspected malicious code, develops recommendations on how to counter the threat, and publishes findings for an internal and external audience.  The Threat Intelligence Lead will be responsible for mentoring and guiding junior analysts and continuing to mature the capabilities of TAQA Cyber Threat Intelligence Team.

As a part of this challenging role, you will specifically be responsible for:

• Contribute to the tuning and development of SIEM use cases and other security control configurations to enhance threat detection capabilities.
• Hands-on, collaborative cybersecurity testing of critical SOC environments, applications, systems, etc.
• Discover and analyze vulnerabilities and threats.
• Continuously improve processes for use across multiple detection sets for more efficient operations.
• Perform in-depth investigation of events of interest identified during threat hunt activities or security alerts received from various security technologies.
• Liaise with appropriate internal stakeholders during the investigation process to determine whether a security incident has occurred, identify the root cause and provide appropriate recommendations for remediation.
• Identify and perform escalations to the Security Incident Response team.
• Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in Cybersecurity operations.
• Perform risk analysis, attack simulation, application-level automated & manual Ethical Hacking and develop proof-of-concept exploits.
• Present threat landscape briefings and finished intelligence products utilizing widely accepted community standards and methodologies approved by management.
• An understanding of common analysis techniques and frameworks used in CTI, such as threat modelling techniques like the Diamond model, Kill Chain, and F3EAD
• Identify, analyze, correlate, mitigate, track, and develop content for tools & processes related to indicators of comprise.
• Develop network and host-based signatures to identify specific malware. Recommend heuristic or anomaly-based detection methods.
• Researching and developing new tools and scripts to continually update or improve the threat intelligence automation processes, collection methods and analytical capability.
• Supports the ingestion and validation of IOCs and observables in various security platforms.
• Provide subject matter expertise in the detection, analysis and mitigation of malware, trends in malware development and capabilities, and proficiency with malware analysis capabilities.
• Support business as usual operations such as monitoring open source for new information and responding to ad-hoc stakeholder RFIs.

The successful candidate will possess:

• Bachelor's degree in engineering, computer science, or another quantitative field.
• EC-Council Certified Ethical Hacker (CEH) or ISC² Certified Information Systems Security Professional (CISSP), SAN/GIAC (GSEC)
• Minimum 8-10 years’ experience in Security operations, Splunk and Threat intelligence centre.
• Background from defence, critical infrastructure and cyber security industries.
• Ability to create relationships and engage with other business groups and business regions collaboratively, to ensure continuous improvement.
• Strong experience in generating threat intelligence report.
• Strong analytical, technical, written, and verbal communication skills.
• Ability to multi-task in a fast paced and demanding work environment.
• Strong Leadership, relationship building and coaching skills.

Job Grade

Additional Documentation