What language do you want to use Torre in?
The Splunk Senior Intel Analyst works with the Sr. Manager of Threat Hunting and Intelligence in our fast-growing Splunk Global Security organization. This role may be located in either in San Jose or Washington DC. Self-starters will love this job, as you will play an important role in the build-out of the cyber threat intelligence service. You will assist in the collection, analysis, and dissemination of intelligence to support both tactical and strategic internal customers. In addition, you will contribute to the research and publication of various types of scheduled and ad-hoc work products. The nature of the work may occasionally include after hours intel support during major incidents. A successful analyst will always be excited to learn about new tactics, techniques, and procedures and how threat groups are applying them. Are you self-motivated and passionate about tracking threat actors, including a desire to automate and improve the ingestion of threat data? Do you have previous experience working for the US Intelligence Community or a private-sector threat intelligence organization? Critical thinking and limited bias are necessary for this role, as you will need to advise decision-makers on the best course of action based on often incomplete and subjective information. The Threat Hunting & Intelligence (THI) team is passionate, has fun every day, enjoys a good laugh, but above all else loves to identify and hunt threat actors.
• Tactical intel support for SOC and CIRT missions • Analysis and processing of intelligence alerting • Actively tracking threat actor groups • Research and implement new intelligence sources including open source • Conduct research supporting RFIs and scheduled work products • Demonstrate expertise by uncovering adversary activity not detected by our current detection rules • Apply Diamond model analysis against observed threat actor activity • Perform both static and dynamic malware analysis as needed • Actively researching new TTPs from public and internal reporting • Create compelling internal presentations from the results of your work • Creation of detailed process documentation
• Proven experience performing searching and reporting with Splunk • Experience with both EDR and NSM technologies • Familiar with Threat Intel Platforms (TIPs) • Understanding of how DNS, DHCP, Email, and other common services work • Ability to reduce large datasets into meaningful information • Ability to tackle problems with no obvious solutions • Tenacious attention to detail • Efficient presentation skills for varied audiences including both management and technical • Eligible to work in the United States without company sponsorship
Experience in more than one of the following areas is required: • Directed research and report authoring • Signature or Indicator development and management • Incidents involving nation-state and eCrime threat actors • General log analysis (firewall, proxy, DNS, email, DHCP, VPN, etc) • Malware analysis • Geopolitical analysis
• Bachelor’s degree in computer science, information security, or related discipline or equivalent practical work experience. • 8+ years professional IT or IT Security experience; or 6 years and a Master’s degree • 2 years experience as a full-time incident responder, intel analyst or similar role
•Splunk Inc. (NASDAQ: SPLK) helps organizations ask questions, get answers, take actions, and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate, and act on all forms of business, IT, security, and Internet of Things data. • Splunk is the world’s first Data-to-Everything Platform. Now organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT, and business operations can now get a complete view of their business in real-time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
• Location: US Remote Available
What are signals?
Signals are a way of compiling a list of people you’ll consider working with. Others can signal you as well.
By signaling a person or organization you notify them that you’ll consider working with them. Thus:
55% of jobs are filled via referrals 1 . With Signals, Torre makes it easy for you.