We are seeking a Senior Cyber Threat Intelligence Analyst (SCTIA) to join the Security Intelligence Center Division (SICD) of Information Technology.
The Security Intelligence Center Division is responsible for providing security operations, including 24/7 Security Operations Center (SOC), cyber intelligence, forensic services, network and endpoint protections, Security Information and Event Management (SIEM) system, Log Management System (LMS) and Cyber Intelligence Management System (CIMS).
The Cyber Threat Intelligence Senior Analyst's primary role is to conduct threat intelligence ingestion, threat hunting, and integration of security reports within Saudi Aramco cybersecurity systems. This includes working closely with security groups to capture high-fidelity Indicators of Compromise (IOCs) for detecting malicious activity that enhances cyber security operations as well as profiling and tracking of cyber threats.
As a successful candidate, you will hold a Bachelor's degree in Computer Science or a related degree, from a recognized and approved program. An advanced degree is preferred.
You will have nine (9) years of experience in Information Security, including at least four (4) years in Cyber Threat Intelligence
You will have working user level knowledge of a Security Information and Event Management (SIEM), a Log Management System, an Incident Response Platform (IRP) and a Threat Intelligence Platform (TIP).
You must have the ability to identify indicators of compromise (IOCs), evaluate existing defenses against identified attacks to determine weaknesses, correlate intelligence in order to identify campaigns, profile threat actors, and track such activities.
You must have knowledge in regular expressions, YARA and SIGMA rules to design, test, document and deploy in a production environment.
You must to have experience in cloud cybersecurity technologies & services.
You must have experience in practical Forensic Analysis.
You must be able to demonstrate a working understanding of OODA, ICD 203 & 208, Diamond, LM CKC models and MITRE ATT&CK Framework.
You must be able to document your findings and communicate it clearly.
You must have working knowledge of network protocols including, TCP/IP, DNS, ICMP, FTP/SFTP, HTTP/SMTP headers and traffic.
You must have the ability to understand network threats in complex LAN/WAN enterprise environments.
You have working-use knowledge of Intrusion Protection Systems, Web Gateways, email security appliances, Log management, threat intelligence platform, and Linux.
You understand how Intelligence-Driven Defense is used to protect a large enterprise.
Hold cybersecurity related certifications.
Duties & Responsibilities
You will be required to perform the following:
Manage and orient internal and external sources of intelligence, review threat reports/feeds, and digest threat information into cyber threat intelligence.
Manage a threat intelligence platform, optimize its integration with other cyber security systems, optimize cyber threat intelligence models, and develop/maintain strategic cyber intelligence-related partnerships.
Aid and/or guide cyber security analysts in threat hunting, as well as cyber threat mitigations.
Guide and/or mentor junior cyber threat intelligence analysts.
How to apply
If you believe you meet the requirements for this role, please contact us with your CV and state AAS - “Job Title” in the subject.