Zscaler is looking to solve the problem of cyberattacks and data loss by securely connecting users, devices, and applications in any location, and the Intelligence Team conducts in-depth analysis to provide context and help prioritize where to focus detection and response efforts.
Requirements
- Strong analytical and problem-solving skills, including the ability to synthesize complex and contradictory information, specifically through utilizing graph databases, or with query languages and data platforms such as SQL, Splunk, Elasticsearch, or Synapse Storm
- Knowledge of cyber threat intelligence concepts including attribution, group naming, making assessments, and pivoting
- Familiarity with the mechanics of attack behaviors and MITRE ATT&CK ®
- Experience tracking adversaries, including threat groups, activity groups, or malware families, and ability to differentiate unique and shared characteristics of clusters
- Experience with software development in C, Python, Ruby, or similar languages
- Experience in Intelligence, Security Operations Center (SOC), Digital Forensics and Incident Response (DFIR), or other security-focused roles
- Experience in capabilities development, threat hunting, endpoint telemetry analysis, and/or Detections Development
Responsibilities
- Utilizing Synapse and Storm Query Language for data modeling and analytic workflows while identifying opportunities for additional analytic solutions and contributing to automation and tool building in Synapse
- Investigating telemetry to identify new activity clusters based on analysis of malicious and suspicious behaviors and activity observed across our customer base
- Conducting open and closed source research to analyze threat patterns and trends and write actionable intelligence products to customers and the community to communicate TTPs, detection coverage, and remediation strategies
- Actively engaging with internal teams, external partners, customers, and the infosec community to share knowledge and enhance collaboration
- Validating Red Canary’s endpoint, cloud, and identity detection coverage against the continuously evolving threat landscape and identify unique or emerging threats to build detection coverage for
- Recommending solutions to visibility gaps in telemetry and data sources
- Modeling and analyzing in the Synapse graph database
Other
- Outstanding communication skills, both written and verbal, including the ability to communicate technical concepts in a clear, succinct fashion to subject matter and non-subject matter experts alike
- Proven leadership mentoring team members and contributing to the development of intelligence analysis expertise
- Bachelor's degree or equivalent experience
- Ability to work in a remote environment
- Commitment to providing equal employment opportunities to all individuals
