girl looking into her desktop
Back to search results

CTI Attribution Analyst

Denver, Colorado;

Job Description:

Cyber Threat Intelligence (CTI) works with partners, both internal and external, to reduce risk to the firm and to the financial sector at large. Stakeholders include cyber-security response teams, internal lines of business, senior leadership and external organizations such as law enforcement, industry peers, key suppliers, customers and intelligence sharing partners.  The CTI Tactical team is a sub-team responsible for the identification and analysis of advanced threats against the firm, its clients and where applicable, the Financial Industry.  Team focuses on- providing technical intelligence and support to both CSD response teams and LOB’s in order to mitigate risk associated with malicious online activity.

The scope of the Cyber Threat Intelligence Attribution Analyst will primarily include processes by which evidence (i.e., associating software, computer, or networking artifacts) of a malicious cyber activity is collected, analyzed and enriched to produce assessments pertaining to: point of origin, identification of specific digital device, infrastructure or online persona and/or the individual or organization that directed the activity.  Attribution is an emergent skillset therefore a successful analyst will have to demonstrate the ability to leverage their technical acumen, apply all-source intelligence, knowledge of previous events, tools and methods in order to trace operations back to their sources. As an iterative process, the analyst will compare new information to existing knowledge, identify intelligence gaps, consider competing hypotheses/ambiguities and weigh the evidence to determine a confidence level.  Additionally, the attribution analyst will have to develop and standardize communication of data enrichment that will facilitate the timely sharing of data and analytic collaboration.

Role responsibilities:

•             Work in a tactical/technical role reviewing and cultivating intelligence sources, analyzing information and creating actionable intelligence.

•             Contribute to intelligence briefings for senior bank leadership.

•             Analyze information security events for tradecraft, infrastructure, malware and intent that may indicate a particular threat actor or threat actor group.

•             Operate as part of a team of analysts responsible for collecting, assessing, and prioritizing threats, and then communicating that assessment in a manner that accurately conveys urgency, severity, and credibility.

•             Identify, escalate and debate recommended actions that strengthen controls.

•             Continually and consistently review attribution processes to identify reforms that could add to increased speed, efficiency and accuracy in reporting.

•             Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results.

•             Participate in technical bridge lines to facilitate the identification, mitigation and containment of cyber-security incidents.

Qualifications:

•             Proven experience in a cyber, counter-terrorism, or related targeting role in the intelligence community, military, government or related contracting firm.

•             Technical or information security certifications are a strong plus.

•             5 years+ in a related role or discipline.

•             2 years+ working in a 24x7 operational environment.

•             Experience working in a Security Operations, Incident Management or Fusion Center operation.

Skills:

•             Excellent leadership, organizational and analytical skills.

•             Ability to communicate (verbal and written) with stakeholders in non-technical terms.

•             Excellent written and verbal communication and presentation skills.

•             Ability to handle multiple work efforts in a fast-paced environment and to be able to quickly change direction as needed.

•             Ability to prioritize conflicting tasks.

•             Subject matter expertise in cyber threat intelligence related activities, open source and closed source Intelligence tradecraft, social media and social network analysis and related disciplines.

•             Familiarity with cyber threat landscape, geopolitical issues that could have cyber impacts, security vulnerabilities, exploits, malware, digital forensics, network security vulnerabilities, exploits and attacks.

•             Ability to work in a strong team-oriented environment with a sense of urgency and resilience while being a self-starter and able to work independently.

•             Ability to work effectively with technical and non-technical business owners.

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

Cyber Threat Intelligence (CTI) works with partners, both internal and external, to reduce risk to the firm and to the financial sector at large. Stakeholders include cyber-security response teams, internal lines of business, senior leadership and external organizations such as law enforcement, industry peers, key suppliers, customers and intelligence sharing partners.  The CTI Tactical team is a sub-team responsible for the identification and analysis of advanced threats against the firm, its clients and where applicable, the Financial Industry.  Team focuses on- providing technical intelligence and support to both CSD response teams and LOB’s in order to mitigate risk associated with malicious online activity.

The scope of the Cyber Threat Intelligence Attribution Analyst will primarily include processes by which evidence (i.e., associating software, computer, or networking artifacts) of a malicious cyber activity is collected, analyzed and enriched to produce assessments pertaining to: point of origin, identification of specific digital device, infrastructure or online persona and/or the individual or organization that directed the activity.  Attribution is an emergent skillset therefore a successful analyst will have to demonstrate the ability to leverage their technical acumen, apply all-source intelligence, knowledge of previous events, tools and methods in order to trace operations back to their sources. As an iterative process, the analyst will compare new information to existing knowledge, identify intelligence gaps, consider competing hypotheses/ambiguities and weigh the evidence to determine a confidence level.  Additionally, the attribution analyst will have to develop and standardize communication of data enrichment that will facilitate the timely sharing of data and analytic collaboration.

Role responsibilities:

•             Work in a tactical/technical role reviewing and cultivating intelligence sources, analyzing information and creating actionable intelligence.

•             Contribute to intelligence briefings for senior bank leadership.

•             Analyze information security events for tradecraft, infrastructure, malware and intent that may indicate a particular threat actor or threat actor group.

•             Operate as part of a team of analysts responsible for collecting, assessing, and prioritizing threats, and then communicating that assessment in a manner that accurately conveys urgency, severity, and credibility.

•             Identify, escalate and debate recommended actions that strengthen controls.

•             Continually and consistently review attribution processes to identify reforms that could add to increased speed, efficiency and accuracy in reporting.

•             Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results.

•             Participate in technical bridge lines to facilitate the identification, mitigation and containment of cyber-security incidents.

Qualifications:

•             Proven experience in a cyber, counter-terrorism, or related targeting role in the intelligence community, military, government or related contracting firm.

•             Technical or information security certifications are a strong plus.

•             5 years+ in a related role or discipline.

•             2 years+ working in a 24x7 operational environment.

•             Experience working in a Security Operations, Incident Management or Fusion Center operation.

Skills:

•             Excellent leadership, organizational and analytical skills.

•             Ability to communicate (verbal and written) with stakeholders in non-technical terms.

•             Excellent written and verbal communication and presentation skills.

•             Ability to handle multiple work efforts in a fast-paced environment and to be able to quickly change direction as needed.

•             Ability to prioritize conflicting tasks.

•             Subject matter expertise in cyber threat intelligence related activities, open source and closed source Intelligence tradecraft, social media and social network analysis and related disciplines.

•             Familiarity with cyber threat landscape, geopolitical issues that could have cyber impacts, security vulnerabilities, exploits, malware, digital forensics, network security vulnerabilities, exploits and attacks.

•             Ability to work in a strong team-oriented environment with a sense of urgency and resilience while being a self-starter and able to work independently.

•             Ability to work effectively with technical and non-technical business owners.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21034310

Band: H5

Manages People: No

Travel: No

Manager:

Talent Acquisition Contact:

Kathleen Jones-Griffith

Referral Bonus:

0

Colorado job seekers

Colorado pay range:

$90,000 - $136,500 annualized salary, offers to be negotiated based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the Corporate Performance Incentive Plan. Qualified employees are eligible for an annual discretionary award based on their overall individual results and behaviors performance at year-end (limited roles may also qualify for incentives during performance year).

Benefits

This role is eligible for all usual company benefits. At Bank of America, our employees are the foundation of our success. That’s why we’re committed to offering a variety of competitive programs and benefits that support your physical, emotional and financial wellness both at work and at home.