|Job Type:||Full Time, Part Time|
About our team
The Deloitte Cyber Threat Intelligence (CTI) team is a multidisciplinary team comprised of engineers and analysts around the world who specialise in the tactics, tools and procedures used by cyber criminals. The team is responsible for tracking, investigating, reporting and advising clients on emerging cyber threats and exposures. CTI Specialists monitor a wide range of sources including technical threat research databases, OSINT, underground forums, and social media to identify and investigate threats and leverage a host of tools and platforms to support their research as appropriate. The findings of these investigations and other client-directed research requests are captured and disseminated in intelligence products.
About the role
As a member of the CTI team, the CTI Specialist will be responsible for collecting information used to analyze the political, economic, social, and behavioral aspects of malicious cyber activity and contributing to internal intelligence products for our clients.
This position is primarily focused on Chinese and East Asian-based APT actors. We're looking for an intel analyst with deep knowledge of APT groups based in the region including campaigns, TTPs and activities.
Roles and Responsibilities:
- Work with various intelligence collection and reporting tools and frameworks to produce reports.
- Collect, process, catalog, and document information using an ALL-SOURCE approach and various technical and human means on cyber-security topics as required based on defined intelligence requirements.
- Respond to requests for ad-hoc reporting and research topics from management and analysts as required.
- Identify gaps in available intelligence information and engages with leadership on strategies to meet intelligence requirements through Intelligence collection processes.
- Quickly understand and deliver on company and customer requirements.
- Deal professionally with offensive, profane, and obscene materials encountered during investigations and research.
- Aid in and participate in daily, weekly, quarterly, and yearly production reporting for clients, partners, and internal teams.
- Bachelor's degree in Computer Science/Engineering or a related field
- Demonstrated previous direct experience in a CTI-related role encompassing all phases of the intelligence lifecycle (direction, collection, processing, analysis and dissemination), CTI tools (e.g. intelligence sharing platforms such as MISP, visual investigation and analysis tools such as Maltego, secure operating systems such as Whonix and Qubes, malware sandboxes) and methods.
- Strong understanding of threat analysis and enterprise level, mitigation strategies.
- Working knowledge of how malicious code operates and how technical vulnerabilities are exploited.
- Knowledge of operating systems and networking technologies in general.
- Knowledge of databases, query design, and how to analyze data thus obtained.
- Hands-on experience with technical intelligence collection and analysis as well as development of intelligence reports is a must (including strategic (geopolitical knowledge) and tactical finished intel reports)
- Experience with deep, dark web and IRC channel collection activities and tradecraft
- TTP knowledge of major malware families such as infostealer, spambot, banking trojan, RAT
- TTP knowledge of major APT groups from Vietnam, CN, or NK
- Capable of hunting, tracking threat activity for these groups, map attacker infrastructure and being able to pivot to related/additional threat data
- Knowledge of one or more foreign languages used in cyber threat activity hotspots (Arabic, Farsi, Mandarin, Korean, or Russian)
- Team management, incident response and malware analysis experience
- Reverse Engineering skills is a plus
At Deloitte, we create positively differentiated work experiences that enable our people to feel valued and achieve their full potential. We value difference and embrace people with diverse backgrounds and thinking styles. Knowing that people work best in different ways, we are happy to discuss alternative arrangements if the working pattern you are looking for is not specifically indicated.
Sound like the sort of role for you? Apply now.
If you've got any questions or wish to have a confidential conversation about this role, contact Katya Nemirovich from the Talent Acquisition team. We'd love to hear from you!
By applying to this job, you will be assessed against the Deloitte Global Talent Standards. We've designed these standards to provide our clients with a consistent and exceptional Deloitte employee experience globally. The preferred candidate will be subject to background screening by Deloitte or by their external third-party provider.
Deloitte is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, or any other characteristic protected by law. If you need assistance or an accommodation during the application process because of a disability, it is available upon request.