Ernst & Young - Boston, MA
posted about 2 months ago
Full-time - Mid Level
Boston, MA
Professional, Scientific, and Technical Services
About the position
As a Senior Cybersecurity Response & Investigations Specialist at EY, you will be integral in addressing advanced threats and vulnerabilities in a rapidly changing cybersecurity landscape. Your role will involve both proactive and reactive strategies to combat cyber incidents, conducting thorough root cause analyses, and managing forensic artifacts for compliance and law enforcement. You will leverage your expertise in digital forensics and threat intelligence to provide actionable insights and support decision-making across various security domains.
Responsibilities
- Integrate an intelligence-led perspective across all domains of security.
- Conduct detailed analysis of threats using intelligence frameworks like MITRE ATT&CK.
- Collaborate with tactical security teams to provide intelligence support during cyber incidents.
- Engage in malware or infrastructure analysis, threat actor profiling, and threat attribution.
- Craft and deliver clear, concise, and actionable intelligence reports for technical and executive audiences.
- Mentor junior analysts and contribute to the development of the cyber threat intelligence team's capabilities.
- Stay updated on the latest cyber threat trends and technologies, participating in industry groups and forums.
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, or related field.
- 2-4 years of relevant experience in cyber threat intelligence or a related field.
- Strong critical thinking skills and ability to analyze multiple sources and reports.
- Experience with standards such as STIX/TAXII, ICD203 & ICD206, and understanding of the intelligence lifecycle.
- Ability to conduct research and Open-Source Intelligence (OSINT).
- Understanding of Threat Intelligence Platforms (TIPs) and common CTI tools.
- Deep understanding of IOCs, MITRE ATT&CK TTPs, and behavioral patterns of threat actors.
- Knowledge of motivations and goals of APT actors, cybercriminals, and hacktivist groups.
- Relevant industry certifications such as GIAC Cyber Threat Intelligence (GCTI) or equivalent.
Nice-to-haves
- Effective verbal communication skills for workshops and interviews.
- Exemplary writing skills for communicating complex information to non-technical audiences.
- Ability to translate high-level concepts into digestible visuals and presentations.
- Proficiency with consulting engagement methodologies.
- Familiarity with current events, threat actors, and security trends.
Benefits
- Comprehensive compensation and benefits package based on performance.
- Medical and dental coverage.
- Pension and 401(k) plans.
- Flexible vacation policy allowing personal circumstances to dictate time off.
- Paid time off for designated holidays, winter/summer breaks, and personal/family care.
