Cyber Threat Intelligence Analyst

**Looking for a chance to create a positive impact on our society?**

Siemens Cybersecurity Defense is a global organization within Siemens consisting of regionally aligned teams across Germany, Portugal, Spain, United States, Mexico, and China. The mission of the organization is to proactively identify anomalies, respond and remediate Cybersecurity issues related to IT infrastructure, Operational Technology (OT), and products of Siemens.

**As Senior Cyber Threat Intelligence Expert (f/m/d) you will**:

- Provide intelligence to support decision making process concerning emergent and current threats targeting Siemens by developing processes and procedures to gather, identify, analyze, and distribute tailored intelligence products.
- Collaborate with Incident Response team, translating raw sensor data, reports, and other intelligence feeds into actionable intelligence to drive proactive measures and appropriately prioritize response activities.
- IT security incidents in a geographically distributed environment, orchestrating the interaction among all relevant technical and non-technical stakeholders during all phases of the incident.
- Help improving Siemens CERT internal playbooks and toolset by contributing with improvement ideas about processes, functionalities, and new features.
- Collect, organize, analyze, and refine information about known and emerging cyber security threats, including novel tactics, techniques, and procedures (TTPs) used by attackers to potentially target Siemens’ business or customers.
- Support the awareness activities by monitoring for and reporting relevant news in the cyber security space in the form of news articles on the Siemens CERT News Portal, for which you will also provide a Siemens-tailored risk assessment.
- Research on the latest trends in malware and advanced attacks.
- Leverage internal and external resources to enrich relevant information to deliver contextualized intel to acting teams in a timely manner.
- Contribute to every step of the IoC lifecycle within the Siemens CERT Threat Intelligence Platform (e.g. organizing input sources and feeds, manually crafting new indicators, tuning the strategies in place to label and organize relevant intel, etc.)
- Monitor Siemens’ public exposure to detect signs of sensitive disclosure, exposed credentials, and targeted hacker groups activities
- Provide tailored intelligence briefings to Cybersecurity colleagues and to other Security and IT areas.

**To make a difference, you must have**:

- Significant technical system expertise (e.g. gathered from being an IT Administrator) with relevant exposure and expertise in IT Security, in several of the following technologies: Linux and Windows operating systems, web-technologies (encryption, HTTP, REST), networking, cloud environments
- Expert knowledge of fundamental Threat Intelligence concepts (terminology, tools, processes, etc.). Experience with formal aspects of Threat Intelligence (e.g. ACH, analytical biases, etc.) is a plus.
- Experience with common threat intelligence models, tools, sources, and feeds.
- Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.
- Significant experience conducting intelligence analysis, including social network analysis, targeting, technical analysis, attribution etc.
- Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic.
- Understanding of technical and human aspects of cyber threats and security.
- Deep and current knowledge of most common OSINT tools and techniques, including social network monitoring and dark web networks (TOR, I2P, etc.).
- Experience tracking threat actors or comparable types of cyber investigations.
- Basic knowledge of relevant laws, regulations, policies, and ethics related to cybersecurity and privacy topics. Advanced knowledge of regional (e.g. GDPR) or sector-specific (e.g. HIPAA) laws and regulations is a plus.
- Models to describe and document cyber-attacks (e.g., reconnaissance, scanning, enumeration, persistency, lateral movement, exfiltration) such as Cyber Kill Chain, Diamond model or MITRE ATT&CK.
- Familiarity with Incident Handling-related topics.
- Application Security Risks (e.g., OWASP Top 10 list).
- Experience with Malware analysis, sandboxes, and reverse engineering tools.
- Experience with scripting languages (e.g., Python, Bash or PowerShell) and using REST API, as well as data processing, regular expressions, and console-based text processing tools (e.g., sed, awk, jq).
- Bachelor degree in STEM studies (required). A Master degree (or higher academic title) in computer science or cyber security topics is highly desirable but might be traded-off for relevant experience.
- At least 5 years of relevant work experience in at least one of