The Cyber Threat Intelligence analyst, reporting to the Head of Cyber
Defense, participates as the main cyber threat intel analyst in the distributed
threat intelligence capability at BNP Paribas.
•Proactively monitors threats arrayed against the bank and develop
appropriate detective controls.
•Develops highly technical options for mitigating existing and emerging
threat actor tactics, techniques, and procedures (TTPs) across the full suite
of preventive and detective controls, including but not limited to architecture
& engineering changes, new or updated sensor signatures, as well as auditing
& logging changes.
•Oversees the development of use cases for integration into our Security
Incident and Event Management platform.
•Integrates an in-depth understanding of threat actor motivations and
capabilities into existing risk management processes.
•Performs threat assessments across the technology environment to
identify high value targets and to help prioritize additional
•Develop and maintain interconnections with peers in other regions for an
efficient and optimized response to security events and incidents.
•Produce Key Performance and Risk Indicators.
•Develop and lead the intelligence planning portion of incident response
•Contribute to a management awareness program.
•Other activities as they relate to improving the firm’s posture towards
cyber security incident response and threat intelligence.
Minimum Required Qualifications:
- Minimum 3 years professional work
experience, including a minimum of 2 years in an Information Technology or
Information Security role.
- Bachelor degree from an accredited
college or university, or equivalent work experience.
- Either 2+ years prior experience as a
penetration tester or 5+ years prior experience working in a military or
national intelligence (all source or SIGINT) role along with a minimum of
6 months of all source or SIGINT training.
- Understanding of operational planning and
risk management methodologies used in military and intelligence
environments, especially as it relates to integrating collections management
with operational planning and as documented in US Army ADP 2-0, ADP 5-0,
ADRP 5-0, ATP 2-01, and ATP 2-01.3.
Understanding of how these planning approaches related to cyber
threat intelligence supporting cybersecurity planning, operations, and incident
response. Understanding of how to
relate IOCs to PIRs and decision points during monitoring and incident
- Strong ability to analyze threat actor
TTPs at a highly detailed and technical level.
- Strong ability to develop control options
for existing and emerging threat actor TTPs and to communicate to both a
highly technical audience and to a non-technical audience how those
options counter such TTPs. Specific focus on controls as they relate to
networking (routing, switching, firewalls, security sensors) and operating
systems (*Nix, Windows).
- Strong critical thinking and analysis
skills as well as the written/verbal communication skills necessary to
organize and concisely convey complex technical, tactical, operational,
and strategic topics.
- Either a) a strong ability to develop
both sensing and SIEM correlation logic against indicators of compromise
that the candidate has developed, or b) strong programming skills which
demonstrate an ability to quickly learn the skills in a).
- Ability to adapt to changing priorities,
handle multiple assignments, and adhere to deadlines.
- Ability to coordinate actions from
several different teams.
- Bachelor degree from an accredited
college or university in Computer Science, Computer Engineering or
- Have held one or more of the following
certifications (does not need to be current as long as the candidate can
fully leverage these skills): CISSP, GCED, OSCP, LPT, ECSA, RHCE, CCNP, or
MCSA Win Server 2012/2016.
- Knowledge of how to deploy, operate, and
integrate modern threat intelligence platforms and threat intelligence
feed services with existing cyber and risk management processes.
- Understanding of the concepts in book
‘Windows Internals’, 7th edition.
- Ability to design and operate a use case life cycle process to feed
into the sensing and correlation platforms (e.g., Security Incident and
Event Management [SIEM] platforms, security analytics platforms).
FINRA Registrations Required:
Primary Location: US-NJ-Jersey CityJob Type: Standard / PermanentJob: MISCELLANEOUSEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 3 yearsSchedule: Full-time
Behavioural competency: Attention to detail / rigorTransversal competency: Analytical Ability