Cyber Threat Intelligence Analyst

Amazon.Com, Inc. Herndon , VA 20171

Posted 2 weeks ago

The Amazon Web Services Threat Intel Group is responsible for developing actionable intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high grade actors and their tools, techniques, and procedures. We then leverage that understanding to proactively identify and mitigate malicious activity.

You will be required to analyze telemetry data to identify signals indicative of high grade adversaries. You will help enhance our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. A deep understanding of current APT actors and TTPs as well as experience performing question driven analysis is required. You should have a solid understanding of network and host based indicators and how to best leverage them. You should be able to script and help automate recurring tasks to improve the overall effectiveness of the team. An understanding of operating systems internals will be an asset.

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Key responsibilities include:

  • Perform deep dive analysis of potentially malicious artifacts.

  • Analyze large structured and unstructured data sets to identify trends and anomalies indicative of malicious activities.

  • Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale.

  • Pursue actionable intelligence on current threats as they relate to AWS.

  • Periodic on-call responsibilities.

  • Translate actor TTPs into actionable data points to be prosecuted on internal data sets

  • BS degree in Computer Science, MIS, Computer Engineering, or 5+ years equivalent technology experience.

  • 2 years experience with tracking APT groups and other high grade threats.

  • 2 years experience in system, network, and/or application security.

  • 2 years experience building automated tools in C, C++, Python, PowerShell, or Bash

  • 2 years experience in either incident response or active hunting of high grade adversaries

  • 1 year experience with SQL or other query languages.

  • MS degree in Computer Science, MIS, Computer Engineering, or 8+ years' equivalent technology experience.

  • 5+ years of experience in Threat Intelligence research and analysis, particularly nation states and APTs.

  • Strong understanding of Windows, Linux, and or OS X internals

  • Experience with malware analysis tools such as IDAPro, Ollydbg and Windbg.

  • Experience with AWS services.

  • Excellent written and oral communication skills.

  • Meets/exceeds Amazon's leadership principles requirements for this role

  • Meets/exceeds Amazon's functional/technical depth and complexity for this role

Amazon is committed to a diverse and inclusive workforce. Amazon is an equal opportunity employer and does not discriminate on the basis of race, ethnicity, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Watch Analyst IV


Posted 5 days ago

VIEW JOBS 10/16/2020 12:00:00 AM 2021-01-14T00:00 Business Group Highlights Intelligence The Intelligence group provides high-end systems engineering and integration products and services, data analytics and software development to national and military intelligence customers. Serving federal agencies and the Intelligence Community for more than 50 years, the Intelligence group helps our clients meet their mission needs by providing trusted advisors, leading-edge technologies, and innovative solutions. Responsibilities Conduct research and evaluate technical and all-source intelligence with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to networked weapons platforms and customer information networks. Analyzes network events to determine the impact on current operations and conduct all-source research to determine advisory capability and intent. Prepares assessments and cyber threat profiles of current events based on the sophisticated collection, research and analysis of classified and open source information. Correlates threat data from various sources. Develops and maintains analytical procedures to meet changing requirements and ensure maximum operations. Collects data using a combination of standard intelligence methods and business processes. Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and network operations officials. * 12-hour Day Shift schedule on the Computer Incident Response Team (CIRT) Watch Floor * 7 12-hour days over a two week period. * Collaborate between CIRT elements as necessary during incident detection and response stages * Respond promptly to all request for support whether telephonic, via e-mail or instant messenger * Create releasable finished intelligence products and reports for the IC as well as IC Senior Leadership * Maintain incident case management database for all reported incidents * Analyze incidents and events captured in Jira for trends, patterns, or actionable information * Review incidents and events captured in the Jira after closure for investigative sufficiency and timeliness * Leverage existing business processes and document new repeatable business processes and procedures where necessary * Research external information on events, incidents, outages, threats, and technical vulnerabilities * Coordinate and disseminate the best course of action for the IC enterprise during cybersecurity events, incidents, outages, threats and technical vulnerabilities with IC-IRC fusion analysis team * Assess incidents to identify type of attack, collect evidence, and assess impact Qualifications Required * Must have an active TS/SCI w/poly security clearance * 5 to 8 years with BS/BA or 3 to 5 years with MS/MA. * Prior Cyber Threat Analysis experience * Experience working within a Security or Network Operations Center * Experience working with Security incident and event management * Demonstrated proficiency in Windows and Linux environments * Demonstrated experience with drafting reports, documenting case details, and able to summarize findings and recommendations based on system analysis Desired * BS degree in Cybersecurity, Information Security, Information Technology, Computer Science/Engineering, Network Engineering, or Computer forensics * Demonstrated proficiency with at least one of the following tools/techniques: Splunk Enterprise, FireEye, SolarWinds, Remedy, and/or McAfee ePolicy * Relevant Certifications: Security +, CySA+, CASP+, CEH, CISSP, GCIA, Splunk Certified User About Perspecta What matters to our nation, is what matters to us. At Perspecta, everything we do, from conducting innovative research to cultivating strong relationships, supports one imperative: ensuring that your work succeeds. Our company was formed to bring a broad array of capabilities to all parts of the public sector-from investigative services and IT strategy to systems work and next-generation engineering. Our promise is simple: never stop solving our nation's most complex challenges. And with a workforce of approximately 14,000, more than 48 percent of which is cleared, we have been trusted to do just that, as a partner of choice across the entire sector. Perspecta is an AA/EEO Employer - Minorities/Women/Veterans/Disabled and other protected categories. As a government contractor, Perspecta abides by the following provision Pay Transparency Nondiscrimination Provision The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c). Perspecta Herndon VA

Cyber Threat Intelligence Analyst

Amazon.Com, Inc.