Senior Security Research Analyst - Internal Data
Senior Security Research Analyst - Internal Data Location: Remote in the United States The Senior Security Research Analyst - Internal Data is responsible for conducting in-depth analysis and enrichment of internally sourced security data to identify, assess, and investigate potential security threats and patterns within the SOC’s infrastructure purview. Works within the Threat Fusion Cell to provide comprehensive threat intelligence insights through internally derived data correlation and analysis. Responsibilities
Analyze EDR/SIEM tool data sources and SOAR tooling to contribute to automated collection of essential elements of information extraction in an effort to identify attack trends and campaigns from client alerting
Explore alerting data to filter for novel security incidents by creating and implementing periodic queries to identify previously undocumented malware and new attack TTPs
Facilitate Threat Fusion Cell automation efforts to maximize operational efficiency and effectiveness for delivery of threat intelligence
Collect and maintain client firmographic information and historical security touchpoints (malware, adversaries, tools noted in environment) to support threat detection and SOC operations
Conduct analysis on report items from collected data to provide quality intelligence to Advanced Threat Detection, SOC analyst teams, and Cyber Defense Platform users
Analysis should focus on corroborating findings, ascertaining attribution, highlighting infrastructure, identifying targets and cataloging all in a digestible format for report review and publishing
Follow process to identify recently processed high-profile SIR or MSS cases for which greater threat intelligence context exists and provide to SOC analyst teams in timely manner
Understand data structure for indicators derived from SOC client alerting and Open-Source intelligence feeds to provide succinct, enriched context to downstream analysts
Qualifications
Strong analytical and problem-solving skills with attention to detail; experience with VirusTotal, Joe Sandbox and other open-source intelligence tools
Experience with log analysis and forensic investigation techniques
Practical knowledge of Linux, macOS and Windows operating systems
Understanding of TCP/IP networking and the OSI model
Experience with SIEM platforms and log analysis tools
Familiarity with IDS/IPS systems
Knowledge of common programming or scripting languages
Strong written and verbal communication skills
Experience with packet analysis tools (e.g., Wireshark)
Ability to deconstruct complex problems and identify patterns
Preferred Qualifications:
Experience with malware analysis
Knowledge of threat hunting methodologies
Relevant security certifications (GCIA, GCIH, etc.)
Experience with automation and scripting for data analysis
Education/Experience:
Bachelor's degree in Computer Science, Information Security, or related field
1+ years of experience in security research or threat analysis
Experience with data analysis and enrichment techniques
Knowledge of security tools and technologies
About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability! Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America. All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. Furthermore, individuals may be subject to additional background checks and fingerprinting.
BlueVoyant Candidate Privacy Notice
To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice
About the job
Apply for this position
Senior Security Research Analyst - Internal Data
Senior Security Research Analyst - Internal Data Location: Remote in the United States The Senior Security Research Analyst - Internal Data is responsible for conducting in-depth analysis and enrichment of internally sourced security data to identify, assess, and investigate potential security threats and patterns within the SOC’s infrastructure purview. Works within the Threat Fusion Cell to provide comprehensive threat intelligence insights through internally derived data correlation and analysis. Responsibilities
Analyze EDR/SIEM tool data sources and SOAR tooling to contribute to automated collection of essential elements of information extraction in an effort to identify attack trends and campaigns from client alerting
Explore alerting data to filter for novel security incidents by creating and implementing periodic queries to identify previously undocumented malware and new attack TTPs
Facilitate Threat Fusion Cell automation efforts to maximize operational efficiency and effectiveness for delivery of threat intelligence
Collect and maintain client firmographic information and historical security touchpoints (malware, adversaries, tools noted in environment) to support threat detection and SOC operations
Conduct analysis on report items from collected data to provide quality intelligence to Advanced Threat Detection, SOC analyst teams, and Cyber Defense Platform users
Analysis should focus on corroborating findings, ascertaining attribution, highlighting infrastructure, identifying targets and cataloging all in a digestible format for report review and publishing
Follow process to identify recently processed high-profile SIR or MSS cases for which greater threat intelligence context exists and provide to SOC analyst teams in timely manner
Understand data structure for indicators derived from SOC client alerting and Open-Source intelligence feeds to provide succinct, enriched context to downstream analysts
Qualifications
Strong analytical and problem-solving skills with attention to detail; experience with VirusTotal, Joe Sandbox and other open-source intelligence tools
Experience with log analysis and forensic investigation techniques
Practical knowledge of Linux, macOS and Windows operating systems
Understanding of TCP/IP networking and the OSI model
Experience with SIEM platforms and log analysis tools
Familiarity with IDS/IPS systems
Knowledge of common programming or scripting languages
Strong written and verbal communication skills
Experience with packet analysis tools (e.g., Wireshark)
Ability to deconstruct complex problems and identify patterns
Preferred Qualifications:
Experience with malware analysis
Knowledge of threat hunting methodologies
Relevant security certifications (GCIA, GCIH, etc.)
Experience with automation and scripting for data analysis
Education/Experience:
Bachelor's degree in Computer Science, Information Security, or related field
1+ years of experience in security research or threat analysis
Experience with data analysis and enrichment techniques
Knowledge of security tools and technologies
About BlueVoyant At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability! Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America. All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. Furthermore, individuals may be subject to additional background checks and fingerprinting.
BlueVoyant Candidate Privacy Notice
To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice