Cyber Threat Intelligence Collection Manager
Overview of the job
As part of the global Centralized Cybersecurity Threat Intel team, the Collection Manager reports to the Threat Intelligence Operation Lead. Leading the collection, ingestion, analysis and documentation of intelligence sources. Your primary role will be to lead a small team of collection analysts to make sure the intel that we collect helps us answer the issues our decision makers care about.
As a Collection Manager, you will lead the collection and ingestion of intelligence data and internal telemetry, lead the processing of said data to become information that intelligence analysts can work with, evaluation of the sources, follow and lead the external threat monitoring and darkweb investigations’ capability, drive the team’s intelligence collection management plan, vendor and sources management evaluation and procurement internal process.
The right candidate is a motivated individual with excellent managerial skills to organize and motivate an international team of collections analysts to identify new data sources, process existing data to be able to analyze in new and innovative ways, and create analytics, rules, and logic to detect badness in our environment. Additionally, the Collection Manager will regularly interface with Global security teams and vendors to ensure our intelligence collection needs are met.
Other responsibilities include to:
· Identify and curate intelligence relevant to Deloitte’s Priority Intelligence Requirements (PIRs).
· Create and maintain analytics that can run on security devices and SIEM.
· Collaborate with internal stakeholders and work actively with vendors.
· Gain and maintain access for the TI team to Deloitte internal data and telemetry at the Global and MF level from sources to include but not limited to email, FWs, WAFs, IDPS, etc.
· Manage relationships with vendors and their procurement process.
· Create, maintain and update the high-level collection management plan. Processing and documenting intelligence from various data sources.
· Manage the conference attendance plan for the entire intelligence team.
· Support the intel sharing effort.
· Organize and maintain our database of technical indicators, intelligence reports, and briefings.
· Develop workflows for intelligence collection ranging from open source, vendor feeds, internal telemetry, etc.
· Lead a small, diverse team of regionally dispersed collections and malware analysts.
· Review, edit, and revise Malware and Threat Actor behavior report writings.
· Coordinate intelligence support to internal threat hunting efforts.
· Coordinate with Production Manager to ensure the right data is available to satisfy consumer requirements.
· Oversee collection metrics, seize all opportunities to improve quality and efficiency.
· Organize and provide training and staff professional development to the collection team to maintain expertise.
Qualifications
Education:
Bachelor’s degree - a technology-related field, or equivalent education-related experience.
Required Technical Experience:
- 10-13 years of experience in security operations or threat intelligence with a minimum of 2 years of experience in a management role or 8 years work experience with demonstrated leadership potential during that time.
- Experience working and managing large data sets and data feeds, especially from commercial threat intelligence vendors.
- Understanding of host and network forensic artifacts and indicators of compromise.
- Experience and knowledge of major cyber threat actors and their malware families activity and main behavior.
- Experience working in information technology / cyber security for a large, complex enterprise and collaborating across teams.
- Demonstrated ability to solve complex technical problems and adapt to changing technologies.
- Demonstrate excellent mastery of English, with strong written, verbal, and interpersonal communication skills.
Desirable Skills and Experience
- Understanding and knowledge about the latest cyber threat trends.
- Familiarity with company internal procurement processes, vendor/sources contracts and renewals.
- Familiarity with Threat Intelligence Platform software such as ThreatConnect, OpenCTI or Anomali.
- Experience participating in threat intelligence sharing organizations.
- Intelligence Collections experience supporting report creation.
- Experience in scripting languages, especially Python, with a strong understanding of software development principles.
- Ability to create SNORT, YARA, SIGMA, and other behavior-based detection rules.
- Understanding of Splunk Enterprise Security, to include LookupTables and Splunk Threat Intelligence data model.
Leadership & Management Qualifications and Skills:
- Monitor project progress, identify potential risks, and implement mitigation strategies. Report the projects status weekly gaining the track of each project from the team members.
- Responsible for planning, managing, and coordinating projects and teams for the development of new products, sources and improvements.
- Ability to provide oversight across multiple initiatives or projects.
- Experience working independently and geographically separate from some team members.
- Mentor and coach team members, fostering a culture of continuous learning and innovation.
- Desire and ability to work in a dynamic, fast-paced environment.
- Experience maintaining documentation.
Work Location: Hyderabad
Work Timing: 11AM – 8PM