- Manage the procedural and technical aspects of a client’s threat intelligence program.
- Understand each customer’s unique threat intelligence goals and field TI process requirements using procedural and technical solutions that incorporate Anomali solutions.
- Provide analyst support for quick hit product requests as well as formal research reports and customer briefings on threat topics.
- Develop and deliver product configurations that fulfil intelligence requirements according to customer workflows.
- Manage activities across multiple clients both onsite and offsite including:
assisting/supporting pre-sales in fielding services questions, delivery of professional services, support for other Anomali CSO operations staffs, assist in product configuration or custom integrations, help train the client in using Anomali’s products and TI processes, and analyst support to ensure customer success.
- Drive user adoption of Anomali solutions as well as communicate customer requirements and product successes/failures across the organization.
- Acquire complete command of Anomali products (ThreatStream, Anomali Enterprise, Anomali Link, Universal Link, etc)
- Occasionally support large and strategic customer pre-sales activities
- Serve as a coach and trusted advisor to large and strategic Anomali customers
- Derive and disseminate threat intelligence best practices to help drive customer adoption of Anomali products and services
- Provide feedback to product management based on field experiences
- Work closely with our exceptional security engineers and data scientists in Anomali Labs to drive technical requirements for new prototype and tool development.
- Enhance security tradecraft to identify threats before the adversaries have a strong foothold in organizations.
- BA/BS or equivalent combination of education and experience
- 3-5+ years of experience as an Intelligence, Information Security Analyst, or SOC Analyst.
- Experience working and communicating directly with clients
- Strong troubleshooting, presentation, and consultative skills
- Comfortable speaking technically with analysts and strategically with senior executives
- Strong project management skills
- Strong verbal and written communication skills
- Strong technical background and ability to speak to engineers, developers and end users
- Knowledge of enterprise level security operations, business requirements, and inner IT workings
- Understanding of terminology and tactics employed by threat actors
- Experience scripting in Python or other scripting languages to enable threat research, malware analysis, or other security-related tasks.
- Knowledge of how malware is developed, functions, and is employed
- Ability to extract technical indicators from malware and/or pcap via tools
- Has presented at a security or hacking conference.
- Has an active threat intelligence related blog
- Has contributed to or released a security tool as open source software
- Enjoys collaborating and sharing information with the broader security community
- Experience writing YARA/Snort signatures
- Prior experience working in startups
- Experience with ELK, ArcSight, Splunk, IBM QRadar, McAfee Nitro, and/or Hadoop
Anomali delivers earlier detection and identification of adversaries in your organization’s network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali’s approach enables detection at every point along the kill chain, making it possible to mitigate threats before any material damage to your organization has occurred.