Advance Auto Parts (AAP) is seeking a Cyber Threat Intelligence (CTI) analyst. We are building a team of people who are technical, operational, and visionary at the same time : a team that has strong executive support from a company with a strategic commitment to transformation.
As we build that team, we are looking for people who understand information security, and are always looking for how we can improve, someone who is excited to challenge how we do it today’ and help build for tomorrow.
This position tackles a broad swath of adversarial behaviors, to include dangerous organizations and individuals, at-risk countries and emerging harms, influence operations, non-state violent organizations, and other cyber-supported abuses.
You will work in a fast-paced environment, planning, coordinating, and executing intelligence collection and analysis to provide operationally actionable intelligence in support of AAP mission needs.
You will drive cyber operations, anticipating how the threat landscape will evolve, and recommending innovative mitigations against a broad range of 21st century threats.
If you are looking for a growth opportunity in an environment that challenges you, working with people who respect and value you, then this is the position for you.
The Cyber Intelligence Analyst serves on the front line of the Information Security Program at AAP. Under direct supervision, the Intelligence Analyst performs tasks and follows procedures necessary to ensure the security of information systems assets and protects systems from intentional or inadvertent access or destruction.
The Intelligence Analyst will compile cyber threat data gathered through independent research and analysis along with Security Operations Center activity, and look at emerging technology, techniques and adversarial capabilities and tactics.
They will perform source monitoring activities, develop cyber threat analysis and mitigation courses of action, and provide actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending and situational awareness of customer leadership.
On a near real-time basis, they will analyze all latest and ongoing cyber threat Indications & Warning and fuse unclassified / open-source cyber threat information correlating internal activity to external indicators across numerous boundaries to provide insight into every stage of a potential intruder's cyber kill chain as well as other activities in the wild.
The Intelligence Analyst participates as a member of the Cybersecurity Incident Response Team (CIRT), using security tools and techniques to plan for, monitor for, and respond to observed threats
The Cyber Intelligence Analyst will be able to enhance knowledge of Threat Intel operations and collaborate with internal AAP team members and platform teams to apply industry best practices to AAP applications and architecture.
The role will be analyzing organization infrastructure from a security Intelligence perspective; and identify requirements and solutions to address them.
Responsibilities include :
Connect with different stakeholders to identify PIRs and create achievable project charters to enhance the Intel maturity score each quarter.
In-house development, maintenance, operations of tools, managing integrations & analytics use cases on SIEM platforms for Cyber Threat Intelligence (CTI)
Develop cyber threat analysis and mitigation courses of action, and provide actionable intelligence used in organizational IT Asset protection, strategic cyber threat trending and situational awareness to customer leadership.
Participate as a member of the Cybersecurity Incident Response Team (CIRT). Accurately and rapidly respond to security incidents as assigned by the Incident Handler and provide Intelligence enrichments.
Perform ad-hoc analysis and investigation for latest Threats, collect IOCs and IOAs in a timely fashion. Share them with internal and external teams for validation and collaboration.
Utilize threat intelligence for Threat Hunting.
Building use cases to support different business areas using threat Intel for e.g., Risk management, Physical Security etc.
Ensure compliances to Cyber Kill chain and MITRE ATT&CK Frameworks.
Publish Strategic, Technical and Tactical Threat Intelligence reports.
Enhancing security programs and tools while delivering required security metrics.
Ability to script or program repeatable security monitoring and analysis tasks and automate Threat intel inputs.
Advise and consult with internal security engineers, and outside AAP team members on risk assessment, threat modeling, and vulnerability management.
Maintain up-to-date knowledge of the IT security industry, including awareness of emerging technology, techniques and adversarial capabilities and tactics, and new attacks and threat vectors.
We are seeking the following qualifications :
Bachelor's degree in Computer Science / Engineering or equivalent experience
5+ years’ experience in Information security with proven expertise in Security operations, Incident Response and Threat Intelligence.
Retail Industry experience preferred.
Solid knowledge and experience working with Information Security applications such as FireEye, Splunk, Palo Alto, Proofpoint, Crowdstrike, Threatstream, Flashpoint, MISP etc.
3+years of experience related to threat management, intelligence analysis, and statistical analysis in Intelligence, financial, Retail or technology service companies and at least one (1) year of hands-on experience analyzing with Splunk
Proficient with security automation using Python, Perl, BASH, PowerShell, or other scripting languages for Windows, LINUX, UNIX.
Knowledge of tools and technologies used in Threat Intelligence operations.
Ability to maintain efficiency and positive attitude in the face of challenging and competing deadlines
Ability to operate in an Agile based environment where Daily Standups, Sprint Planning, Sprint Review, backlog grooming, and Sprint Retrospective are held
Strong communication and collaboration skills and experience interacting at all levels throughout IT / business teams and working within large, matrixed organizations
Expertise to manage SOPs and process adherence by teams, eye for continuous improvement
Able to work independently with strong critical thinking, decision making, troubleshooting and problem-solving skills and also a team-player.
Strong work ethic and internal drive for results. Strong planning, execution and multitasking skills and demonstrated ability to nimbly reprioritize and meet deadlines reliably.
Solid familiarity of prevalent security threats and how they apply to the business
Familiarity with Cyber Kill chain and MITRE ATT&CK framework
On a near real-time basis, analyze cyber threat Indications & Warning and fuse unclassified / open-source cyber threat information correlating internal activity to external indicators across numerous boundaries.
The correlation provides insight into every stage of a potential intruder's cyber kill chain as well as other activities in the wild.
Strong experience analyzing and synthesizing actionable threat intelligence via open-source tools
Strong experience in collecting intelligence from the surface web, deep web & darknet
Preferred Certifications : CEH, CTIA, Splunk Admin