Crescens
Cyber Security Threat Modeling Integration Engineer
Crescens, New York, New York, us, 10261
Job Title: Cyber Security Threat Modeling Integration EngineerLocation: New York (Remote)Duration: 8 Months contract
Description:The resource will directly contribute to the Client, including enhancing prevention, detection, response and recovery efforts through various technical and operational methods; to reduce the mean time to detection and response of cybersecurity events experienced in municipal networks while improving process efficiencies. The resource will work with cyber professionals and information sharing partners to build tools and integrations that enable threat analysts and incident responders to more efficiently respond to various cyber security events.
Without this resource, CTI will be unable to onboard any additional intelligence sources into ODIN and, should existing connectors require updates, will be unable to continue using these parsers / connectors. As a result, CTI will be unable to meet certain BAU requirements and OOMs.
SCOPE OF SERVICESCTI currently leverages a contract engineer to develop and update custom parsers / connectors for the Operational Defense Intelligence Network (ODIN), CTI's primary internal workbench. These parsers / connectors are used to automate the importation of data and reports into ODIN from our internal and external intelligence and data sources, which are critical to core CTI functions and workflows, including disseminating intelligence to the Threat Observables and Reports (ThOR) platform. CTI requires development of several additional parsers / connectors to meet organizational requirements (including importing internal data sources) as well as support periodic updates and tuning of existing parsers / connectors. Access to shared threat Client and models provide a wider view into the network threat spectrum as provided by multiple threat models, vendors, and industry partners.
Design and implement solutions that enhance the security posture of tools across multiple platforms.Develop security content for tools and technologies that the Threat Management team relies on to ensure business as usual functioning.Integrate innovative and custom technology to improve accuracy of alerts and notifications received by teams within Threat Management.Create well documented and clearly articulated code, process and services documentation.Understanding REST and SOAP API usage and implementing solutions utilizing APIs from Cyber Command utilized solutions, that enhance detection and response capabilities of the OTI Threat Management.Work closely with Cyber Command Security Sciences team to ensure continuous improvement of the security posture of key tools and technologies that protect the City of New York.Handle special projects and initiatives as assigned.
MANDATORY SKILLS/EXPERIENCENote: Candidates who do not have the mandatory skills will not be considered
At least 4 years of experience in Cyber Threat Intelligence initiatives, including enhancing prevention, detection, response and recovery efforts through various technical and operational methods.Proficient in Python.Ability to leverage REST API's to build tool and platform integration.Proficient in git version control and git life-cycle development.Excellent verbal and written communication skills are required.Basic understanding of Agile development model.Desired Skills:
Experience working with OpenCTI.Experience developing parsers for text-based resources.Understanding of public cloud platforms and experience with utilizing platforms such as Azure, AWS or Google Cloud.Experience working in a security environment and/or supporting security teams from a technical standpoint.Familiarity with using version control source-code repositories.
Description:The resource will directly contribute to the Client, including enhancing prevention, detection, response and recovery efforts through various technical and operational methods; to reduce the mean time to detection and response of cybersecurity events experienced in municipal networks while improving process efficiencies. The resource will work with cyber professionals and information sharing partners to build tools and integrations that enable threat analysts and incident responders to more efficiently respond to various cyber security events.
Without this resource, CTI will be unable to onboard any additional intelligence sources into ODIN and, should existing connectors require updates, will be unable to continue using these parsers / connectors. As a result, CTI will be unable to meet certain BAU requirements and OOMs.
SCOPE OF SERVICESCTI currently leverages a contract engineer to develop and update custom parsers / connectors for the Operational Defense Intelligence Network (ODIN), CTI's primary internal workbench. These parsers / connectors are used to automate the importation of data and reports into ODIN from our internal and external intelligence and data sources, which are critical to core CTI functions and workflows, including disseminating intelligence to the Threat Observables and Reports (ThOR) platform. CTI requires development of several additional parsers / connectors to meet organizational requirements (including importing internal data sources) as well as support periodic updates and tuning of existing parsers / connectors. Access to shared threat Client and models provide a wider view into the network threat spectrum as provided by multiple threat models, vendors, and industry partners.
Design and implement solutions that enhance the security posture of tools across multiple platforms.Develop security content for tools and technologies that the Threat Management team relies on to ensure business as usual functioning.Integrate innovative and custom technology to improve accuracy of alerts and notifications received by teams within Threat Management.Create well documented and clearly articulated code, process and services documentation.Understanding REST and SOAP API usage and implementing solutions utilizing APIs from Cyber Command utilized solutions, that enhance detection and response capabilities of the OTI Threat Management.Work closely with Cyber Command Security Sciences team to ensure continuous improvement of the security posture of key tools and technologies that protect the City of New York.Handle special projects and initiatives as assigned.
MANDATORY SKILLS/EXPERIENCENote: Candidates who do not have the mandatory skills will not be considered
At least 4 years of experience in Cyber Threat Intelligence initiatives, including enhancing prevention, detection, response and recovery efforts through various technical and operational methods.Proficient in Python.Ability to leverage REST API's to build tool and platform integration.Proficient in git version control and git life-cycle development.Excellent verbal and written communication skills are required.Basic understanding of Agile development model.Desired Skills:
Experience working with OpenCTI.Experience developing parsers for text-based resources.Understanding of public cloud platforms and experience with utilizing platforms such as Azure, AWS or Google Cloud.Experience working in a security environment and/or supporting security teams from a technical standpoint.Familiarity with using version control source-code repositories.