Norway Job Openings

Mnemonic

Technical Cyber Threat Intel (CTI) Analyst

Oslo

FULL TIME

August 11, 2024

As a Technical CTI Analyst in the Threat Intelligence Operations (TI-OPS) team, you will have a particular focus on the technical spectrum of Threat Intelligence
    Location
    Oslo & Utrecht
    Job type
    Full time
    Deadline
    Continuous submission
We are looking for motivated individuals to work in the field of Cyber Threat Intelligence (CTI). We encourage both experienced candidates, and candidates with strong commitment and relevant skills to apply.
As a Technical CTI Analyst you will be involved in discovering, researching and assessing threats and adversary tradecraft, practical application of intelligence in various operational functions and -initiatives, and performing continuous improvement activities of our processes, procedures, methods and tooling as needed. You will play an integral part in helping us analyse threats and data originating from thousands of incidents detected by mnemonic, third party telemetry, as well as novel sources and methods.
To be successful in this role, you must be self-driven, curious and technical savvy, and skilled in using data and information derived from multiple disciplines to solve analytical problems.
About mnemonic
mnemonic responds to the region’s most serious cyberattacks. We work side by side with Europe’s most important organisations and critical infrastructure to protect them from the cyberattacks they see today, and what they can expect to see tomorrow.
At more than 350 employees, we are amongst the largest pure play security companies in Europe, and continue to grow rapidly in Norway and internationally. In addition, we are continually ranked by Great Place to Work as one of Norway’s and Europe’s top workplaces.

You will be working with
We approch our work by striving to make our intelligence insights both actionable and impactful, as we continue to push ourselves in close collaboration with Security Operations, Detection Engineering, and Digital Forensics and Incident Response (DFIR). We perform threat research using a variety of open- and closed sources and partnerships, and use this insight to continuously mature our market-leading MDR service and to drive projects, services and external engagements on CTI subject matters. We believe that today's threats must be combated by detection- and mitigation strategies that are intelligence-driven and continuously adapted to an ever-changing threat landscape.
This approach is also reflected in the variety of tasks this position covers, including:
  • Actively contribute in the development of tools, frameworks, services and guidelines to analyse and respond to threats, and in supporting operational functions on CTI-matters as needed (DFIR, Security Operations, Malware Analysis etc).
  • Periodically assess and evaluate emerging CTI-related products- and platforms, and be a knowledge expert on the quality of- and how such technologies can be used.
  • Take technology lead (ownership) on CTI-related products- and platforms as needed to fulfill the TI-OPS mission, and in supporting our DFIR-framework.
  • Conduct threat research using open- and closed sources, and maintain Intelligence KBs to effectively track known TTPs, detection coverage, and response/mitigation recommendations associated with specific threats and adversary tradecraft.
  • Provide curated intelligence to support operational functions, such as incl. Threat Hunting for executing threat hunting missions and Detection Engineering for the development of use cases of new emerging adversary behavior.
  • Consume and analyse technical-oriented Threat Intelligence from a variety of sources (e.g. social media, blog posts, intelligence reports, sandbox output, partner sharing, internal detections etc) to track and report on the evolving threat landscape, e.g. TTPs.
  • Researching and analysing malware, attack campaigns, threat groups and their tactics, techniques and procedures (TTP) as observed in the threat landscape.
  • Support the build out of a Threat Intelligence program and contribute to a coherent and targeted tactical and operational intelligence production to our customers, incl. the application of Threat Intelligence frameworks and -models.
  • Actively participate in projects such as incl. implementation- and integration initiatives as a Subject Matter Expert (SME) on CTI, both as a member and manager as needed.
  • Participate in the processes for collecting, enriching, assessing and distributing Threat Intelligence data and reporting; incl. the use and evaluation of supporting technologies, such as incl. Threat Intelligence Platforms (TIP).
  • Assist incident responders, threat hunters and intrusion analysts in pivoting network -, log- and endpoint-data in the investigation of targeted attacks and serious profiteering campaigns against mnemonic’s customers.
  • Perform in-depth forensics, memory analysis and artifact analysis on confirmed or suspected compromised machines as part of incident response engagements and in supporting our customers.
  • Participate in shift rotation either as part the threat hunting function for performing in-depth threat hunting or SDG-Yara for analysing malware and writing Yara-rules.
You will be working closely with our Tactical CTI Analyst and Threat Hunter.
Your future team
The Threat Intelligence Operations (TI-OPS) team focuses on the technical- and tactical spectrum of Threat Intelligence, incl. Threat Hunting. This enables our customers to detect emerging threats, performing targeted intrusion analysis and response activities, and in making well-informed decisions.
Our mission is to have a leading understanding of threats and adversary tradecraft, and in the practical application of intelligence through operational functions and supporting technologies.
What you will bring
Hard skills
  • The ideal candidate has a background in one of the following disciplines: Threat Intelligence, Incident Response, Threat Hunting, Threat Assessments, Digital Forensics, Security Analytics, Security Operations, Infrastructure Analysis, Malware Analysis.
  • Familiar with at least two of the following areas (and a willingness to learn the rest):
    • Graph theory and clustering analysis.
    • Open- and closed source intelligence.
    • Intelligence methods, frameworks and standards.
    • CTI-focused products, platforms and technologies.
    • Disk and memory forensics.
    • Forensic methods, frameworks and standards.
    • Static and dynamic binary analysis.
    • Network traffic and/or Log analysis.
    • Technical analysis methods, processes and tooling.
    • Windows and/or Linux internals.
  • Experience with at least three of the following areas (and a willingness to work with others):
    • Tracking threat actors and researching their TTPs.
    • Supporting intelligence led assessments, such as incl. CBEST or TIBER.
    • Using commercial and open source platforms, such as incl. Shodan, Censys, or similar.
    • Malware sandboxes and using the output to pivot and find additional activity.
    • Performing threat hunting, and researching and refining supporting hypothesis.
    • Creating network-, endpoint-, malware- detection signatures on such as incl. Yara, Snort, Kusto or similar.
    • Infrastructure analysis, such as incl. Passive DNS, WHOIS data, SSL certificates or similar.
    • OSINT of variety of data sources incl. social media, blog posts, news outlets/vendors, malware sandboxes or similar.
    • Platforms and -solutions for storing, structuring and managing CTI.
    • The production of actionable intelligence reports and insights (incl. RFI-processes).
    • Practical knowledge of researching, collection skills and analytical methods.
    • Practical application of industry-wide frameworks, such as incl. MITRE ATT&CK, CKC, Pyramid of Pain, the Diamond Model, ACH or similar.
    • Encoding and decoding of obfuscation techniques within network traffic and endpoint artifacts.
    • Threat landscape- and adversary tradecraft analysis.
    • Practical application of CTI-, OSINT- and DFIR-workflows (incl. supporting tooling).
    • Visualisation- and graphing tools, such as incl. Maltego, IBM i2, Spiderfoot or similar.
    • Cloud environments and telemetry capabilities, in particular Azure and AWS.
    • Practical scripting and programming, such as incl. Python, Perl, Ruby, Go, Bash, Power Shell or similar.
    • ... or any other working experience that directly relates to the provided job description ('what you will do')
  • The following knowledge are considered a plus, but not a requirement (necessary training and on-boarding program will be offered):
    • Industry certifications such as from incl. GIAC/SANS, CREST, EC-Council, Offensive security, e Learn Security or similar.
    • Products and technologies certifications such as incl. EDR, SIEM, Malware sandboxes, TIPs, Anomalies/Heuristics solutions, Cloud concepts incl. Azure/AWS or similar.
    • Standards and frameworks such as incl. CBEST, TIBER, ISO 27000-series, IRAM2 or similar.
    • Technical training related to Threat Detection, Threat Intelligence, Incident Response, Detection Engineering, Security Analytics, Digital Forensics, Threat Hunting or similar.
Soft skills
  • Have strong analytical skills and the ability to synthesise complex and contradictory information.
  • Is creative, solution oriented and able to find new solutions to complex problems.
  • Is curious and likes to emerge deep into details to better understand the problem at hand.
  • Is self-driven, independent and has the ability to successfully prioritise important tasks with minimal oversight.
  • Has the ability to clearly communicate complex technical information, verbally and in writing with minimal review before broad dissemination.
  • Is well-organised and has the ability to structure and organise information that facilitates efficient knowledge sharing among team members.
  • Is a team player that understands the importance knowledge sharing among peers.
We also appreciate open applications if your profile is not a 100% match!
What we can offer
  • An informal and pleasant working environment that provides opportunities for growth, influence and variations in tasks
  • Competitive salary, share program and bonus scheme that promotes a long-term employment outlook, including attractive pension and insurance coverage
  • Opportunities for relevant professional training (courses) and conferences
  • We place a strong emphasis on workplace well-being and teambuilding through social activities, events and trips with colleagues. In addition, we have an inclusive environment that promotes work-life balance and accommodates to families. Both in Utrecht and Oslo our offices are centrally located. In Oslo, you'll find us at Solli plass.
  • A workplace that has been ranked as one of the best in Europe for a number of years. In Norway we have been amongst the top 10 workplaces for 10 years in a row. This year, we even won our category!
How do I apply?
Email us at rekruttering-web@mnemonic.io and write "MSS-TI-Technical-CTI" in the subject field. Add a text about why you are right for the job, and your CV. Send us a code project you have been working on, that illustrates exactly how you work with code.
If you have publications or projects you have worked on that you think represent your technical skills or ability to communicate, please attach or refer to these.
Background check
We use Semac AS for background checks in our recruitment process. Security clearance is a requirement.
Do you have questions about a career in mnemonic?

New Job Alerts
Sobi

Associate Director Patient Access Nordic Baltics

Oslo

FULL TIME

November 20, 2024

View Job Description
Wolt

Account Manager

Oslo

FULL TIME

November 19, 2024

View Job Description
BW

Junior Marine Superintendent BW LNG - Temporary position

Oslo

FULL TIME

November 19, 2024

View Job Description
Baker Hughes

Payroll Specialist

Tananger

FULL TIME

November 19, 2024

View Job Description
Schibsted

Group Financial Controller

Oslo

FULL TIME

November 19, 2024

View Job Description
Coor

Servicemedarbeider Operation Center

Hammerfest

FULL TIME

November 19, 2024

View Job Description
Euronext

VIE Diversity and Inclusion project officer

Oslo

FULL TIME

November 19, 2024

View Job Description
TSC Subsea

Commercial Manager

Bergen

November 19, 2024

View Job Description
Svenska Handelsbanken AB

Studentmedarbeider Økonomiavdelingen

Oslo

November 19, 2024

View Job Description
Looking for similar job?
BW

Technical Summer Intern BW LNG

Oslo

FULL TIME

August 19, 2024

View Job Description
VARD

Technical Coordinator

Ålesund

FULL TIME

August 7, 2024

View Job Description
TietoEVRY

Technical expert

Fornebu

FULL TIME

August 19, 2024

View Job Description
Mastercard

Senior Customer Technical Services Analyst-1

Oslo

FULL TIME

August 6, 2024

View Job Description
Thermo Fisher Scientific

Process Scientist, Technical Operations (12 months)

Lillestrøm

FULL TIME

August 21, 2024

View Job Description
BW

Technical Trainee BW LNG

Oslo

FULL TIME

August 19, 2024

View Job Description
See What’s New: Mnemonic Job Opportunities
Mnemonic

Senior Infrastructure Security Consultant

Oslo

FULL TIME

November 18, 2024

View Job Description
Mnemonic

Java Developer - Threat Intel

Oslo

FULL TIME

October 18, 2024

View Job Description
Mnemonic

Customer Success Engineer

Oslo

FULL TIME

August 27, 2024

View Job Description
Mnemonic

SOC Trainee Program: Security Analyst

Oslo

FULL TIME

August 26, 2024

View Job Description
Mnemonic

Security Consultant – CISO for hire

Oslo

FULL TIME

August 23, 2024

View Job Description
View More Jobs by Mnemonic
New Job Alerts
Sobi

Associate Director Patient Access Nordic Baltics

Oslo

FULL TIME

November 20, 2024

View Job Description
Wolt

Account Manager

Oslo

FULL TIME

November 19, 2024

View Job Description
BW

Junior Marine Superintendent BW LNG - Temporary position

Oslo

FULL TIME

November 19, 2024

View Job Description
Baker Hughes

Payroll Specialist

Tananger

FULL TIME

November 19, 2024

View Job Description
Schibsted

Group Financial Controller

Oslo

FULL TIME

November 19, 2024

View Job Description
Coor

Servicemedarbeider Operation Center

Hammerfest

FULL TIME

November 19, 2024

View Job Description
Euronext

VIE Diversity and Inclusion project officer

Oslo

FULL TIME

November 19, 2024

View Job Description
TSC Subsea

Commercial Manager

Bergen

November 19, 2024

View Job Description
Svenska Handelsbanken AB

Studentmedarbeider Økonomiavdelingen

Oslo

November 19, 2024

View Job Description