Cybersecurity Operations - Threat Intelligence Specialist

Job description, responsibilities and duties

The Threat Intelligence Specialist has technical and coordination responsibilities for cyber intelligence management at Siemens Healthineers. In this function you will provide intelligence to assist in decision making and actively thwart emergent and current threats targeting Healthineers by developing processes and procedures on the identification, analysis, processing, and distribution of finished intelligence.

You will collaborate with Incident Response specialists, translating intelligence data into actionable intelligence to appropriately prioritize response activities.

Tasks and Responsibilities:

The position will bring a mix of the following tasks and responsibilities:
• Organize, analyze, and refine information about the emerging cyber security threats. From state-sponsored cyber criminals to organized hackers to other cyber espionage actors
• Threat Intelligence feeds analysis. Helping in the proactive identification of entity threats or risk vectors.
• Conduct analysis of known and emerging cybersecurity threats
• Performing detailed analysis to identify novel tactics, techniques, and procedures (TTPs) being used by attackers that potentially target our business or customers
• Research on the latest trends in malware and advanced attacks. Identify new ways that cloud apps are being abused by attackers
• Determine the significance and reliability of incoming information and recognize effective threats by performing relevant research and data analysis using both internal and external tools and resources
• Establish and maintain systematic, cross-referenced intelligence records
• Ensure relevant information and events are being generated, captured, and delivered to acting teams in a timely manner
• Produce and manage IoCs and feed them to remediation teams for action
• Create Threat Intelligence reporting procedures
• Monitor Healthineers’ public exposure to detect signs of sensitive disclosure, exposed credentials, and hacker group activity targeted against Healthineers
• Provide intelligence briefings to Cybersecurity colleagues and to other Security and IT areas

Qualifications:

Knowledge of relevant technological aspects for this position. The ideal candidate should bring a mix of expertise in (a subset of) the following areas:
• Understanding of technical and human aspects of cyber threats and security
• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
• Significant experience conducting intelligence analysis, including social network analysis, targeting, technical analysis, attribution etc.
• Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic
• Deep and current knowledge of social network monitoring (SOCMINT) and Dark Web Networks (TOR, I2P, etc.) (DARKMINT)
• Experience with common threat intelligence tools, sources, and feeds
• Experience tracking threat actors or similar types of cyber investigations
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Cybersecurity and how it impacts privacy principles
• Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain, Diamond model or MITRE ATT&CK
• Incident Response and handling methodologies
• Application Security Risks (e.g., Open Web Application Security Project Top 10 list)
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code and command injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Experience with Malware analysis, sandboxes, and reverse engineering tools
• Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq)

Additionally:
• STEM studies are highly desirable but might be traded-off for relevant experience
• 5+ years of relevant work experience in Cybersecurity Operations of mid-size to large high-tech and healthcare organizations as well as working in geographically distributed teams is highly valuabl
• Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+ CISSP, CISA, CISM are desirable

Personality Traits:
• Negotiation skills and ability to set and track priorities and deadlines
• Able to work on a very tight schedule, while keeping track of tasks progress and deadlines
• Able to structure complex problems and find practicable solutions to those
• Team player but also able to work on an individual basis
• Self-learning and curiosity to keep pace with ever-evolving cybersecurity developments are highly appreciated
• Advanced English and Communication skills: clear and concise communication; able to address stakeholders of different backgrounds and technical expertise

Soft Skills Requirements:
• Intercultural Sensitivity
• Team Development
• Collaboration & Customer Orientation
• Strategic Innovative Orientation
• Leadership
• Ability to multi-task and handle multiple assignments simultaneously, while focusing on delivery quality
• Ability to use initiative when needed (self-motivation and proactive attitude)
• Quick learner and aptitude to get into new technologies and architectures

Required education, skills and personality requirements

Required education
University education (Bachelor's degree)
University education (Master's degree)
Postgraduate (Doctorate)

Language skills

We offer

• Adjustable standing desk as a standard
• MSDN license for each developer with prepaid access to AZURE
• Free access to PLURALSIGHT – the WBT platform
• Team building program - 2 days adventure offsite meeting for all employees every year, Christmas party, extra budget for team building events
• Participation on world famous IT conferences like Microsoft IGNITE for best employees
• Wide project portfolio in healthcare domain and job rotation within company (Cybersecurity, Artificial Intelligence, Healthcare IT services, …)
• Training and development program (business and product trainings, e-learning, language courses, soft skills trainings,…)
• Health program (contracted wellness providers, sport centers, salary reimbursement in case of illness)
• Retention program (work anniversary, life anniversary, additional pension plan, employee loans)
• Family care program (subsidy for newborns, maternity leave, kindergardens, summer camps)