1. Supports the ATP/SOC Section Chief in enhancing, sustaining and demonstrating value of the IMF’s threat intelligence program.

2. Identifies, analyzes, prioritizes and disseminates cyber threat intelligence using open and closed source research into suspicious activity to investigate adversary behavior in partnership with other teams in the SOC, engineering, and business stakeholders.

3. Creates and delivers timely actionable written and verbal intelligence products targeted toward tactical, operational, and strategic audiences enabling business stakeholders, management, and security analysts to make risk-based decisions.

4. Maintains awareness of trends and risks that can affect the IMF as it relates to the intersection between geopolitics, third-party risk, vulnerabilities, IMF operations, and the cyber threat landscape. Takes a proactive approach to learning about the latest threats, threat actors, tactics, techniques and procedures, and malware.

5. Monitors threat actor TTPs and perform link analysis on indicators of attack (IOAs), indicators of compromise (IOCs), and TTPs, whilst enriching other information security functions (risk management, vulnerability management, security monitoring and incident response, etc.) with relevant threat information.

6. Builds and enhances the Fund’s network of threat intelligence sources through collaboration and sharing intelligence with intelligence communities across industry groups such as FSISAC, Central Banks, UN system, and National CERTs.

7. Ensures security operations analysts are equipped with the latest security intelligence from subscribed feeds and through partnerships with other International Organizations, service providers, intelligence communities, and external law enforcement agencies.

8. Contributes to the IMF’s security culture, training and awareness program by sharing the latest cyber threats and prevention strategies.

9. Carries out other duties as assigned.

Requirements:

Advanced degree in cybersecurity, computer science, engineering, mathematics, or related field of study plus a minimum of 4 years of progressive information security work experience OR Bachelor’s degree in cybersecurity, computer science, engineering, mathematics, or related field of study and minimum 10 years of progressive cybersecurity work experience in regulated industries.

• Candidates should possess one or more of the following certifications: CISSP, CISM, CISA, GIAC certifications (GCIH, GCTI, GCFE, GSOC, GDAT etc.) or equivalent.

Technical Requirements

• Experience in operating threat intelligence programs in organizations facing complex and sophisticated threats (external and internal). Experience partnering and working with cyber threat intelligence communities and information security focused ISACs.
• Experience conducting and correlating threat research using OSINT, incident response data, and security tools, performing threat modeling, graphical link analysis, and producing threat assessments.
• Experience with structured analysis techniques (Diamond Model, Cyber Kill Chain) as well as a proven understanding of the MITRE ATT&CK framework.
• Understanding in at least one of the following: Cloud intrusion analysis in adversary operations; analyzing sophisticated malware samples used in targeted attacks against large corporate or government entities; analyzing forensic and log data associated with advanced targeted adversaries.
• Experience with security tools such as SIEM, threat intelligence platforms, and malware analysis tools. Knowledge of programming languages (e.g., Python, PowerShell) and operating systems.
• Active security clearance at level (Secret, Top Secret) in any government is a plus.

Work Management Skills

• Ability to deliver high-quality written technical assessments of threats.
• Enhanced professional, operational, and interpersonal skills to function effectively in collaborative stakes and high-stress situations.
• Ability to navigate through obstacles and challenges effectively and demonstrate commitment to deliver successful results.
• Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
• Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
• Pragmatic security expert with an inherent ability to balance security demands with business reality.
• Work independently with little to no guidance and/or direction to develop and maintain overall analytical production.