Sr Manager, Cyber Threat Intelligence

The Senior Manager, Cyber Threat Intelligence will play a key role in advancing our Cyber Threat Intelligence (CTI) program.  This information security leader will be responsible for cultivating a culture that empowers operational decision makers to make the best call they can. They will produce non-biased effective and efficient analysis of available cyber threat intelligence in a timely, accurate, cogent, and succinct manner, identifying and presenting likely cyber threats to support informed decision making and strengthen defensive focus.

The ideal candidate is an experienced enterprise-level CTI leader with a proven blend of technical and leadership skills, with a proven track record of designing and delivering successful CTI programs. Applicants should be able to demonstrate proficiency in tactical, operational, and strategic cyber threat intelligence and tradecraft required to build a robust CTI function. This function will improve threat visibility, enable timely threat predictions, sharpen defensive focus, and improve the accuracy of threat hunting and strengthen incident response capabilities.  The ideal candidate will also possess a deep understanding of the evolving threat landscape and have a demonstrable passion for threat intelligence and data analysis. They will additionally participate in industry information sharing and collaboration initiatives to stay ahead of emerging threats. 

    
ESSENTIAL JOB DUTIES & RESPONSIBILITIES
•    Leverage open-source, proprietary information, and purpose-built tools to create written intelligence products for key collaborators to proactively address threats.
•    Interact with internal teams to produce concise, written analysis and/or visual presentation of findings to help proactively identify threats and reduce risk to Firm data, systems, network, operations.
•    Identify domain-based threats, including trojans, ransomware, physical, BEC, as well as geographic-based threats.
•    Proactively identify threats to Firm supply chain, third parties, and external partnerships.
•    Coordinate close access operations as needed, leveraging tools and intelligence partnerships when appropriate.
•    Write high-quality tactical and strategic assessments to inform the risk intelligence decision-making process. 
•    Confidently present findings in a clear and persuasive manner to influence strategic direction, resource prioritization, and policy development.
•    Prepare and deliver intelligence briefs to senior leadership on threats, alerts, and incidents.
•    Synthesize raw data to identify the credibility of information and deduce relevance to the client base.
•    Create keywords/patterns to highlight high signal data within Firm intelligence tools.
•    Safely navigate virtual environments for supporting assigned tasks, as applicable.
•    Nominate new collection sources in support of Firm cyber intelligence program. 
•    Quickly understand and deliver evolving Firm intelligence requirements.
•    Support cyber incident investigations, response, and recovery.
•    Assist other security teams with integration of IOCs into detective and defensive tools.
•    Research and analyze up to date information on security vulnerabilities, cyber threats, exploits, and risk trends.
•    Interact rapidly at all levels of the organization and across regions to provide domain expertise on cyber threats.
•    Recommend investments in new intelligence sources, tools, and services
•    Review and add context to vulnerability assessments and penetration tests.
•    You monitor current events and news to identify emergence cyber risks and threats.
•    Build and maintain partnerships with key teams within the Firm, including physical security, business continuity, privacy, information governance, general counsel, communications, and other IT teams and internal business stakeholders.
•    Track and analyze the impact of implemented policies, demonstrating tangible results, and contributing to continuous improvement.
•    Provides insight on issues and serves as a mentor and coach to peers and team members.

EDUCATION 
REQUIRED
•    Bachelor’s degree in cyber security, related discipline, or equivalent experience
PREFERRED
•    Professional certifications such as Treadstone, CTIA, CISSP, CISM, or similar

SKILLS AND EXPERIENCE
•    10 years of experience in information security, cybersecurity
•    5+ years of experience as an analyst in a cyber threat intelligence unit (military, government or law enforcement preferred).
•    5+ years of experience as a team lead or manager.
•    Knowledge of common cyber threat groups, including criminal organizations & nation state actors, and operational tactics used by different groups.
•    In-depth understanding of social and political movements worldwide and their impact on cybercrime, hacktivism, and other cyber related threats.
•    A strong understanding and knowledge of online TTPs, underground slang, and criminal cyber operations.
•    Experience with data visualization and using structured analytic techniques to generate and test hypotheses, assess cause and effect, challenge analysis, and support decision making.
•    Advanced level of understanding of investigative techniques and threat-based intelligence analysis to detect and resolve threats, vulnerabilities, and online criminal activity.
•    Ability to review information to determine its significance, validate its accuracy and assess its reliability and applicability to Firm systems and network.
•    Strong interpersonal skills, including ability to maintain collaborative working relationships and drive coordination and results across teams.
•    Experience with intelligence tools, such as FireEye, CrowdStrike, Flashpoint, Intel 471, Recorded Future, Domain Tools, etc. 
•    Effective time management skills with ability to prioritize based on changing environment.
•    Must have initiative and able to work both collaboratively and independently when needed.
•    Strong verbal and written communication skills, analytic writing, interpersonal collaborative skills, and effective communication.
•    Working knowledge of a foreign language is a plus.
•    Experience with threat intelligence, technical analytic tradecraft, security-focused data analysis, criminal justice, and/or network traffic analysis.
•    Advanced level of Information Security acumen in security operations, risk management, industry practices, and emerging trends.
•    Knowledge of attacker tools/tactics/procedures and applying them to access management, governance, threat hunting, investigations, and incident response.
•    Knowledge of defense-in-depth principles and security architecture
•    Strong understanding of the intelligence lifecycle, analytic tradecraft, and attack methodologies such as MITRE ATT&CK.
•    Demonstrated experience utilizing open source and commercial products to track threat actors.
•    Experience using OSINT, threat feeds, and examining the dark web to better understand threat actors’ motives, targets, and attack behaviors.
•    Experience with triaging malware and conducting analysis.
•    Experience leveraging vendor and open-source security research tools' APIs.
•    Experience in conducting incident response and analysis.
•    Must have a continuous learning mindset and a demonstrated aptitude for understanding new vulnerabilities, threats, and attack vectors.
•    Must be able to maintain a high level of confidentiality and document incident details accordingly.
•    Must be able to build collaborative relationships and is comfortable interacting frequently with leadership and internal/external stakeholders.
•    Some off-hours (nights and weekend) work may occasionally be necessary.

Salary Information

Privacy Notice

For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.

Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, protected veteran’s status or any other legally protected status. “Gender” includes actual or perceived sex, a person’s gender identity, self-image, appearance, behavior or expression, whether or not that gender identity, self-image, appearance, behavior or expression is different from that traditionally associated with the legal sex assigned to that person at birth. This Policy pertains to every aspect of an individual’s relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.