Cyber Threat Intelligence (CTI) Engineer

Position Summary

The CTI Engineer will focus on cyber security threat intelligence collection, analysis, threat hunting, and facilitating an intel-driven incident response. He/she will also leverage his/her security knowledge and experience in using a broad array of tools and techniques to identify, detect and respond to malicious activities.

The incumbent must be familiar with the Cyber Security Act 2018, Cybersecurity Code of Practice (CCoP), MAS Cyber Hygiene and Technology Risk Management Guidelines (TRMG).

Key Responsibilities

• Develop strategies through research, evaluating intelligence, studying patterns and trends.
• Develop, maintain, and enhance threat intelligence processes, procedures, frameworks, libraries, and services.
• Conduct collection & analysis of data, evaluating intelligence to identify patterns and trends with relation to our operating environments and technology stacks.
• Manage and finetune the threat intelligence sources with relation to our operating environments and technology stacks.
• Provide actionable intelligence to detection operations that proactively monitor systems for potential threats.
• Provide actionable intelligence to investigate security incidents and conduct data analysis based on findings.
• Proactive threat hunting and enacting identification, containment, and eradication measures while supporting recovery efforts.
• Conduct research and stay up to date on latest methods, tools, and trends in threat intelligence analysis.
• Apprise internal stakeholders of potential cyber threats by analyzing internal and external intelligence feeds.
• Prepare and present regular reports.
• Conduct threat modelling and threat hunting activities

Requirements

• Degree inComputer Science, Computer Engineering or Information Security related fields.
• At least 5 years working experience with at least 2-years in threat intelligence and threat hunting roles and the remaining in incident response, security operations and security engineering roles.
• Familiar with MAS Technology Risk Management Guidelines, MAS Cyber Hygiene Notice and Cybersecurity Code of Practice.
• In-depth knowledge of current operating environments (Microsoft, UNIX & Linux).
• Deep understanding and knowledge of networking, including TCP/IP, DNS, HTTP, SMTP.
• Knowledge of cyber threat intelligence processes and tradecraft.
• Knowledge of Advanced Persistent Threat (APT) actors and their Tactics, Techniques and Procedures (TTPs).
• Advanced understanding in the Lockheed Martin Cyber Kill Chain, STRIDE and MITRE ATT&CK framework.
• Working experience in using commercial and open-source research tools to support research and analysis.
• Experience with programming languages such as Python & PowerShell.
• Cloud experience/knowledge highly advantageous.
• A positive and growth mindset.
• Prepare and present regular reports.
• Exceptional written, verbal communication and presentation skills; must be comfortable with public speaking and presenting findings to others, including senior leadership.
• Certifications such as OSCP, GCTI, GCIA, GCIH are advantageous.