Senior Analyst, Cyber Threat Intelligence

Role Purpose

The role of the Senior Cyber Threat Intelligence Analyst is to collect, collate, and analyze cyber threat information from multiple sources to identify, evaluate, and report developing cyber threats to IHG information systems to enable proactive mitigation strategies. This role will specifically be accountable for tactical and operational relationships, analysis, and reporting. The ideal candidate will have a strong technical background and direct experience with threat intelligence and/or other security operations-related functions.

Key Accountabilities

• Monitor the cyber threat environment by means of systematic horizon scanning through intelligence processes and tools, leveraging both internal and external sources.
• Conduct a range of cyber threat-related research and analysis, ranging from open-source intelligence to digital forensics and intrusion analysis.
• Capture stakeholder needs in the form of intelligence requirements and prioritize data sets and tooling against them in a collection management framework.
• Engage in campaign monitoring and actor profiling of threat actors or groups with a direct or indirect impact to the IHG brand and/or broader hospitality industry.
• Present analytic conclusions and research to both technical and non-technical audience through a variety of mediums, including finished intelligence products, briefings, emails, etc.
• Contribute to risk assessments and subsequent mitigation strategies for identified threats.
• Work with vendors to ensure quality and effectiveness of collection tools and data sources.
• Support Security Operations, Incident Response, Threat Hunt, Vulnerability Management, and other stakeholders with relevant intelligence reporting and assessment needs.
• Liaise with governmental and commercial cyber threat stakeholders, including information sharing communities (e.g., RH-ISAC) and peer organizations.
• Assist in the implementation and management of a Threat Intelligence Platform.

Key Skills & Experiences

Education

• Bachelor's or Master's Degree in a relevant field of work or an equivalent combination of education and work related experience.
• GCTI, C|TIA, GSEC, ATT&CK for CTI, Security+, or CEH are a plus.

Experience

• Typically, a minimum of 5+ years of progressive work related experience with demonstrated proficiency in multiple disciplines, technologies, or processes related to the position.

Technical Skills and Knowledge

• Deep understanding of the discipline of threat intelligence and its application in a large complex organizational setting, including core relationships and intelligence requirements.
• Knowledge of the intelligence cycle and cyber threat intelligence-relevant frameworks (e.g. cyber kill chain, diamond model, pyramid of pain, MITRE ATT&CK, etc.).
• Understanding of the tactics, techniques, and procedures (TTPs) employed by relevant cyber threat groups, which are tracked by various vendors.
• Ability to mine, interpret, extract, store, and pivot on relevant content found in internal, commercial, and open-source data sets to enrich existing intelligence collection and understanding of cyber threat groups.
• Experience using various security monitoring and digital investigation tools (e.g. SIEM, EDR, VirusTotal, DomainTools, etc.).
• Understanding of basic malware analysis fundamentals and use of YARA framework.
• Results oriented with an ability to self-start, work independently, and address multiple competing priorities.
• Strong analytic and problem-solving skills with the ability to interpret large volumes of data.
• Strong writing and briefing skills.
• Experience implementing and managing a Threat Intelligence Platform is preferred, but not required.
• Knowledge of the hospitality, restaurant, or travel industries and/or hotel operations and systems specifically is preferred, but not required.