Willis Towers Watson Cyber Threat Intelligence - Principal Specialist in Boston, Massachusetts
The Cyber Threat Intelligence Principal Specialist will be responsible for tracking the tactics, techniques, and procedures (TTPs) used by threat actors in their malicious campaigns and distribution of malware. The individual will provide intelligence analysis in the form of timely alerts, briefings, and analytical assessments. Focusing on threats related to information technology environments, the Principal Specialist will produce actionable intelligence in a clear and concise manner. The individual will report on top security threats by providing situational awareness, alerts, indicators of compromise, technical information, and operational readiness briefings.
We are looking for a collaborative team player, with strong coordination and communication skills who enjoys working in a fast-paced environment. The successful candidate will be able to support the Information Cyber Security Threat Intelligence team in a global company and will also have the opportunity for exposure to wider security disciplines, including close collaboration with Security Operations and Major Incident Response teams.
The Cyber Threat Intelligence Principal Specialist will contribute to, and work as part of, a multi-disciplined security community with clear vision and direction, as well as top down support across the business. They will help the wider community in fostering a culture which is both security aware and a great place to come to work.
Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.
Provide support to Information Cyber Security from across the business by undertaking activities which include:
Collect, analyze, and interpret qualitative and quantitative, technical and non-technical data in all-source intelligence analysis.
Conduct security research – identify and navigate relevant online sources, including cyber security websites, forums, social media, and traditional sources to support research processes.
Perform open source intelligence (OSINT) collection and analysis, identifying the most relevant and immediate cyber threats, malicious code, suspicious domains, and security vulnerabilities.
Conduct Threat Intelligence activities, including the use of advanced analytical techniques in supporting incident response at Willis Towers Watson.
Provide timely, comprehensive, and accurate deliverables to key stakeholders in both written and verbal communications.
Identify credible, new intelligence, and subject matter resources relative to current and emerging threats.
Produce assessments on cyber threats, attacks, and external incidents of interest to Willis Towers Watson.
Create written and verbal intelligence products for internal stakeholders to assist in proactively addressing cyber threats and mitigating risk.
Provide subject matter expertise on cyber threats to support current analytical operations and initiatives.
Work with third parties developing shared intelligence including government, law enforcement agencies, and peer institutions operating in industry sectors relevant to Willis Towers Watson.
Ensure timely response to any cyber incident to minimise risk exposure and production down time by collaborating closely with incident response colleagues.
Add threat intelligence enrichment and support to the investigation of suspected security incidents, including operating with malware and indicators of compromise (IoCs).
Analyze and correlate incident data to develop a preliminary root cause and corresponding remediation strategy.
Minimum 5 years’ experience in cyber security.
Must have strong verbal and written communication skills, interpersonal collaborative skills, and the ability to communicate security and risk-related concepts to both highly technical and non-technical audiences.
Experience in developing and maintaining Threat Intelligence, ability to review information to determine its significance, validate its accuracy, and assess its reliability.
Ability to compile data from both open and closed sources, drawing analytical conclusions to shape recommendations for key internal decision-makers.
Excellent knowledge of common security controls, detection capabilities, and other practices and solutions for securing digital environments, preferably including an understanding of packet flows, TCP and UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection and prevention systems, Endpoint Detection and Response (EDR), as well as other host-based monitoring, email monitoring, and anti-spam technologies.
Knowledge of Cloud security and incident response activities in a Cloud environment.
Excellent understanding of Lockheed Martin’s Cyber Kill Chain, the Diamond Model of Intrusion Analysis, and the MITRE Att&ck framework. Ability to implement threat modelling in support of Threat Intelligence activities.
Understanding of assets and data of value to threat actors and how organizations are compromised.
Experience working in one or more of Threat Intelligence, Cyber Security Operations, or Digital Forensics.
Experienced in analyzing malware, hacking tools, and threat actor tactics, techniques and procedures (TTPs) to characterise threat actors’ technical methods for accomplishing their goals.
Experience of tracking threat actors and building up a repository of threat knowledge.
Strong working knowledge of security relevant data, including network protocols, ports and common services, and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, etc.).
Knowledge of privilege escalation, persistence, and lateral movement techniques deployed by threat actors.
Experience of working and communicating within a global team environment.
EEO, including disability/vets (https://cdn-static.findly.com/wp-content/uploads/sites/1240/2021/06/14082050/EEO-Policies-for-WTW-Careers-site-2021.pdf)
Willis Towers Watson
- Willis Towers Watson Jobs