Cyber Threat Intelligence Senior Specialist
USA - New Jersey - Rahway
Full Time Senior-level / Expert USD 111K - 175K
MSD
At MSD, we're following the science to tackle some of the world's greatest health threats. Get a glimpse of how we work to improve lives.Job Description
As a part of our Company's Cyber Fusion Center (CFC), the Cyber Threat Intelligence (CTI) team collaborates with external and internal stakeholders across international technical centers to maintain our Company’s proactive cybersecurity posture. The CTI team enables our Cyber Fusion Center to maintain an intelligence and threat informed approach to cybersecurity. The team liaises with our Company business partners in order to propose ideas and innovative solutions that reduce risk and enable new organizational capabilities.
The CTI Senior Specialist is responsible for the daily prioritization and actioning of Cyber Threat Intelligence (CTI), to include intelligence collection, curation, management, analysis standards, quality control, and dissemination of finished products to a wide range of technical and non-technical internal customers to maintain our Company’s proactive cyber security posture. The CTI Senior Specialist works closely with security operations teams, information technology teams, enterprise risk management teams, executive decision-makers, industry peers, and private/public sector intel sharing groups.
Key Responsibilities:
Evaluate tools, methodologies, and best practices to effectively understand the tactics, techniques, and procedures (TTPs) utilized by cyber threat actors.
Perform continuous research and collection of information based on our Company’s Intelligence Requirement Framework from open source, vendor collection, and internal tooling to identify threat intel and cyber risks.
Monitor and action open source and vendor data for potential domain abuse, third party cyber incidents, credential/data leakage, dark web and social media malicious indicators, and executive impersonation.
Conduct basic threat hunting within Security Information and Event Management (SIEM) systems and within specific tools for malicious indicators and threat actor TTPs.
Create detection logic within a (SIEM) solution and within specific tools to identify potential malicious activity.
Have an understanding of Security Operation Center (SOC) activity and be able to respond to cyber security incidents.
Build threat actor profiles to enhance threat prioritization.
Conduct basic malware analysis to extract potential malicious IOCs and behavioral analysis.
Share Indicators of Compromise (IOCs), vulnerabilities, and emerging threat intel with relevant stakeholders
Independently produce finished CTI products for both technical, operational, and strategic audiences.
Expertly communicate priority cyber threat intelligence verbally and in a written format.
Respond to routine requests for information (RFIs) from stakeholders.
Drive innovation and new approaches for detecting and tracking threats, adversaries, techniques, tools, and infrastructure.
Frequently participate and deliver intel at daily syncs and team specific calls.
Identify potential process and product improvements and drive follow-on activities.
Mentor and train junior analysts in core cyber threat intel tradecraft, analysis, and production
Responsible for Quality Assurance and Quality Control (QA/QC) of CTI deliverables.
Subject Matter Expert for CTI workflows and ensures workflows are accurately documented
Facilitate external and internal threat intelligence partnerships on behalf of the CTI Team. This includes optimizing and managing data sources of threat intelligence information from vendors.
Responsible for the prioritization of cyber threat intelligence for all team members
Position Qualifications:
Education Minimum Requirement:
BA/BS or MA/MS in either Computer Science, Information Security, Information Systems of Cyber Security or other related field.
Certifications: (not required, but preferred) GCTI, CTIA, CCTIA, CISSP, CISA, Security+, OSCP.
Required Experience and Skills:
5+ years of experience in one or more of the following areas:
Cyber Threat Intelligence
Cyber Incident Response
Penetration Testing
Excellent verbal and written communications skills.
Experience using open-source intelligence (OSINT) and internal data to track threat actor tactics, techniques, and procedures that span on-premises and cloud-based compromises.
Experience working with detection methodologies across multiple platforms.
Experience working with extremely large data sets, using tools and scripting languages within Excel, Python, Splunk, Microsoft Sentinel, and Power BI.
Functional understanding of common threat analysis models such as the Diamond Model, Cyber Kill Chain, and MITRE ATT&CK.
Demonstrated ability to work independently and as part of global teams in a fast-paced global environment.
Preferred Experience:
Reverse malware engineering experience.
Current Employees apply HERE
Current Contingent Workers apply HERE
US and Puerto Rico Residents Only:
Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.
We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
Pay Transparency Nondiscrimination
We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.
Learn more about your rights, including under California, Colorado and other US State Acts
U.S. Hybrid Work Model
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.
The Company is required to provide a reasonable estimate of the salary range for this job in certain states and cities within the United States. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.
Expected US salary range:
$111,400.00 - $175,300.00Available benefits include bonus eligibility, long term incentive if applicable, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. A summary of benefits is listed here.
San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
RegularRelocation:
DomesticVISA Sponsorship:
NoTravel Requirements:
10%Flexible Work Arrangements:
HybridShift:
1st - DayValid Driving License:
NoHazardous Material(s):
n/aJob Posting End Date:
11/23/2024*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.
Tags: Business Intelligence CISA CISSP Cloud Compliance Computer Science Cyber Kill Chain GCTI Incident response Malware MITRE ATT&CK Open Source OSCP OSINT Pentesting Python Risk management Scripting Sentinel SIEM SOC Splunk Threat intelligence TTPs Vulnerabilities Vulnerability management
Perks/benefits: Flex hours Flex vacation Health care Insurance Relocation support Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.