Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.
Responsibilities
1. Leverage internal, commercial, and open-source tools and data sources to analyze, enrich and synthesize indicators of compromise and/or other intelligence artifacts to provide meaningful and actionable intelligence
2. Analyze raw data sets and extract relevant insight to form high quality TI responses
3. Perform proactive all-source research to identify and characterize new threats to the customer base and draft related TI products, where appropriate
4. Maintain a broad understanding and knowledge of the latest offensive and defensive Tactics, Techniques and Procedures (TTPs) as well as overall Threat Landscape trends
5. Collaborate internally and externally, and develop, enhance and produce Secureworks TI products
6. Own and execute ongoing projects such as customer threat landscape presentations
7. Identify intelligence collection gaps and communicate findings and collection
8. requirements
9. Initiate, propose, and update processes and standard TI operating procedures for efficient and effective response to TI and IR RFIs
10. Take ownership of, triage, and update tracking systems for TI requests
11. Gather contextual information from multiple sources to establish a TI request course of action or respond to a standard request for information related to the TI-Support service line
12. Meet service level agreements regarding initial response time and customer notification as necessary
13. Provide internal stakeholders the necessary information for decision support and situational awareness on service request intake activities
14. Route RFIs to the proper service delivery team with the appropriate level of urgency and communication channel in a professional and courteous manner with an emphasis on customer satisfaction; assess and escalate to the next level as needed
Knowledge, Skills and Abilities
- Understanding and experience with the intelligence analysis lifecycle, including but not limited to:
15. Conducting all-source intelligence research
16. Mining internal and external databases/repositories
17. Pivoting research focus on TI indicators of interest
18. Developing assessments with evidential basis
19. Translating findings into client responses and/or threat intelligence reports
- Fundamental knowledge in most of the following areas:
20. Familiarity with advanced search engine functionality and search query customization.
21. Unix, Linux, Windows, and OSX operating systems
22. Exploits, vulnerabilities, intrusion vectors, and malware
23. Host forensics, network forensics, and malware analysis techniques
24. Network traffic analysis, endpoint activity analysis, and log analysis techniques
25. Understanding of enterprise cyber incident management and response processes
26. Understanding of enterprise cybersecurity controls and failure modes
- Excellent technical communication skills (oral and written) including experience briefing executive management
- Excellent organization and resource management skills
- Excellent capability to prioritize multiple and concurrent urgent tasks
- Excellent customer service skills and ability to quickly establish technical credibility and rapport with customers
- Team player with the ability to work autonomously in a fast-paced, dynamic environment
- Passionate about information security and service excellence
Desired Experience/Training:
27. Professional degree relevant to cybersecurity or intelligence analysis or equivalent work experience within a technical information security-related role such as Security Operations, Incident Response, or Threat Intelligence analysis
28. Relevant governmental, military, commercial training and experience in cybersecurity and other industry standard certifications are a plus
29. Professional certifications such as GCTI, GCIA, GCIH, GREM, CISSP, CISM, or similar cybersecurity technical certifications are a plus
30. DevOps methods and ITIL framework knowledge are a plus
Secureworks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.