Job Description

Worker Sub-Type: Regular
Job Description:
The focus of the CylanceGUARD Analyst Level 2 is to perform proactive threat hunting in an effort to identify system compromises. You will participate in several different areas within Security Operations and Incident Response process; these activities will primarily include endpoint digital forensics, threat hunting use case development, security control testing, product detection rule creation, hunt plan development, and product enhancement feedback or development. The Analyst will use data analysis, threat intelligence, and cutting-edge security technologies to perform their threat hunting activities.
Working within the CylanceGUARD team, the Analyst is responsible for reviewing Cylance product alerts to detect advanced threats that evade traditional security solutions as well as creating new detection capabilities to allow for proactive detection of system compromises. The Analyst will ensure that new environments are identified and understood to enable accurate and actionable reporting for other CylanceGUARD tiers. Analysts will also participate in developing processes, procedures, training, etc. for new technologies. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences

* Track threat actors, their tactics, techniques, and procedures (TTPs), and their associated Indicators of Compromise (IOCs)
* Keep up to date on the latest intelligence on threat actor TTPs/IOCs by reading blogs and performing research in a lab, while also coordinating with Threat Research Teams to develop countermeasures
* Conduct forensic analysis of primarily endpoints; as well as events from a variety of Cylance Endpoint products
* Perform Root Cause Analysis of security incidents to develop enhancements to existing alerting tools
* Compile detailed investigation and analysis reports for internal threat research consumption and delivery to customers
* Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
* Develop advanced queries and alerts to detect adversary actions
* 3+ years of experience in Information Security (Required)
* 2+ years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM, and malware triage (Required)
* Experience with packet analysis and usage of deep packet inspection toolsets.
* Deep understanding of the forensic artifacts within one of the following; Windows, Mac, and/or Linux (Required)
* Knowledge and experience working with the Cyber Kill Chain Model, Diamond Model or MITRE ATT&CK Matrix. (Required)
* Familiarity with Cylance Endpoint Protection Products (Desired)
* Prior experience working with in the following areas: (Desired)
* Computer Incident Response Team (CIRT)
* Computer Security Incident Response Center (CSIRC)
* Security Operations Center (SOC)
* Experience with APT/crimeware ecosystems (Desired)
* Programming/Scripting with Python, VB, Powershell, and/or Go (Desired)
* Familiar with ELK; building searches, dashboards, and log stash filters (Desired)
* Red/Pentesting Team experience (Desired)
* Bachelor's degree in Computer Science, Engineer or related field
* Certifications such as, OSCP, GPEN, GCFA, GCFE, GREM, GCNA, GCIH, or GCIA
* Current resume
* Cover letter/summary expressing:
* Why you are interested in working at Blackberry Cylance
* The skills, strengths and expertise you will contribute to our diverse team of extraordinary talent and humble hearts
Job Family Group Name: Sales
Scheduled Weekly Hours: 40
We are BlackBerry, a global mobile communications leader who revolutionized the industry with its introduction in 1999. Today, BlackBerry’s products and services, from messaging to enterprise mobility, are relied on by millions of individuals every day to securely and efficiently connect them to the content and people that matter most. At BlackBerry our instinct for innovation is relentless, so as we continue to push the boundaries of mobile experiences, we continue to drive the talent, passion and creativity of our employees.
©2016 BlackBerry. All right reserved. BlackBerry® and related trademarks, names, and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world.
It is the policy of BlackBerry to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, creed, r
Save Job