myGwork - LGBTQ+ Business Community
Threat Intelligence Lead, Ransomware Affiliates
myGwork - LGBTQ+ Business Community, Newark, New Jersey, us, 07175
Threat Intelligence Lead, Ransomware Affiliates
Join to apply for the Threat Intelligence Lead, Ransomware Affiliates role at myGwork – LGBTQ+ Business Community.
This job is with Standard Chartered Bank, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
Job Summary We are seeking a Lead, Ransomware Affiliates who has extensive knowledge in intelligence analysis, data querying, and general cyber security awareness to join our Cyber Intelligence – Threat Management team in Newark. The successful candidate will serve as a Threat Lead, owning the development of high‑impact intelligence related to identified geographic or thematic threats. They will drive intelligence collection strategy, engage stakeholders, and deliver creative solutions for impactful intelligence across the Group. The role will work closely with the wider Cyber Intelligence – Threat Management teams, maintain relationships with business stakeholders, and contribute to continuous process improvements.
Key Responsibilities
Lead the Ransomware Affiliate Threat Area (RATA), focusing on individual threat actors that form part of the broader Ransomware‑as‑a‑Service (RaaS) program; accountable for developing high‑impact intelligence.
Produce high‑quality, standardised intelligence reports for stakeholders ranging from technical peers to senior executives, including analysis of cyber events with economic and geopolitical context.
Provide decision‑makers with a strategic view of the threat, predicting shifts in adversarial intent, goals, and objectives.
Create and maintain detailed threat actor profiles, mapping known TTPs to the MITRE ATT&CK framework.
Profile and track threat actors in the Synapse intelligence analysis platform.
Analyse patterns of adversary behaviour and develop hunting rules for automated detection and curated threat data feeds.
Support source analysis to understand and track adversaries targeting the bank.
Act as part of the incident response team and provide operational cyber intelligence support during incidents.
Establish and own relationships with senior internal and external stakeholders, providing in‑person/video briefings as needed.
Perform technical research into advanced, targeted attacks and emerging technologies that pose risk to the bank.
Drive team maturity through continual process improvement, particularly in intelligence analysis methodology and production.
Provide coaching and mentoring to junior analysts, reviewing and editing intelligence products and offering constructive feedback.
Maintain high standards of risk management, especially regarding intelligence collection operations, data processing, and confidentiality.
Qualifications
4+ years of cyber threat intelligence experience, preferably in banking, finance, or law enforcement.
Bachelor’s degree in a computer‑related major.
In‑depth knowledge of the global cyber threat landscape, including actors, tactics, techniques, and procedures.
Familiarity with the cybercrime/ransomware ecosystem and its intricacies.
Strong experience with intelligence processes, analytical methods, and the intelligence cycle.
Experience with structured analysis techniques such as Kill Chain, Diamond Model, MITRE ATT&CK.
Experience in threat hunting using tools like VirusTotal, pDNS, Certificate Transparency logs, Shodan.
Experience in intelligence sharing within communities such as FS‑ISAC, NCFTA.
Strong technical investigative skills, including network protocol analysis.
Proficiency in technical indicator pivoting and investigation (e.g., YARA rules, Censys/Shodan queries).
Experience with link analysis or data analysis tools like Synapse, IBM i2, Maltego, Palantir.
Knowledge of scripting or coding languages such as Python or Storm (Synapse).
Excellent written and verbal communication; experience writing and reviewing intelligence reports.
Experience with incident response and malware analysis.
Hands‑on experience in audit engagement and risk management is an advantage.
Experience using open‑source tools to research external threat actors and groups.
Nice To Have
Experience in SOC analysis and investigation environments.
Appropriate certifications such as GIAC GREM, GDAT, GCTI.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Referrals increase your chances of interviewing at myGwork – LGBTQ+ Business Community.
#J-18808-Ljbffr
This job is with Standard Chartered Bank, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
Job Summary We are seeking a Lead, Ransomware Affiliates who has extensive knowledge in intelligence analysis, data querying, and general cyber security awareness to join our Cyber Intelligence – Threat Management team in Newark. The successful candidate will serve as a Threat Lead, owning the development of high‑impact intelligence related to identified geographic or thematic threats. They will drive intelligence collection strategy, engage stakeholders, and deliver creative solutions for impactful intelligence across the Group. The role will work closely with the wider Cyber Intelligence – Threat Management teams, maintain relationships with business stakeholders, and contribute to continuous process improvements.
Key Responsibilities
Lead the Ransomware Affiliate Threat Area (RATA), focusing on individual threat actors that form part of the broader Ransomware‑as‑a‑Service (RaaS) program; accountable for developing high‑impact intelligence.
Produce high‑quality, standardised intelligence reports for stakeholders ranging from technical peers to senior executives, including analysis of cyber events with economic and geopolitical context.
Provide decision‑makers with a strategic view of the threat, predicting shifts in adversarial intent, goals, and objectives.
Create and maintain detailed threat actor profiles, mapping known TTPs to the MITRE ATT&CK framework.
Profile and track threat actors in the Synapse intelligence analysis platform.
Analyse patterns of adversary behaviour and develop hunting rules for automated detection and curated threat data feeds.
Support source analysis to understand and track adversaries targeting the bank.
Act as part of the incident response team and provide operational cyber intelligence support during incidents.
Establish and own relationships with senior internal and external stakeholders, providing in‑person/video briefings as needed.
Perform technical research into advanced, targeted attacks and emerging technologies that pose risk to the bank.
Drive team maturity through continual process improvement, particularly in intelligence analysis methodology and production.
Provide coaching and mentoring to junior analysts, reviewing and editing intelligence products and offering constructive feedback.
Maintain high standards of risk management, especially regarding intelligence collection operations, data processing, and confidentiality.
Qualifications
4+ years of cyber threat intelligence experience, preferably in banking, finance, or law enforcement.
Bachelor’s degree in a computer‑related major.
In‑depth knowledge of the global cyber threat landscape, including actors, tactics, techniques, and procedures.
Familiarity with the cybercrime/ransomware ecosystem and its intricacies.
Strong experience with intelligence processes, analytical methods, and the intelligence cycle.
Experience with structured analysis techniques such as Kill Chain, Diamond Model, MITRE ATT&CK.
Experience in threat hunting using tools like VirusTotal, pDNS, Certificate Transparency logs, Shodan.
Experience in intelligence sharing within communities such as FS‑ISAC, NCFTA.
Strong technical investigative skills, including network protocol analysis.
Proficiency in technical indicator pivoting and investigation (e.g., YARA rules, Censys/Shodan queries).
Experience with link analysis or data analysis tools like Synapse, IBM i2, Maltego, Palantir.
Knowledge of scripting or coding languages such as Python or Storm (Synapse).
Excellent written and verbal communication; experience writing and reviewing intelligence reports.
Experience with incident response and malware analysis.
Hands‑on experience in audit engagement and risk management is an advantage.
Experience using open‑source tools to research external threat actors and groups.
Nice To Have
Experience in SOC analysis and investigation environments.
Appropriate certifications such as GIAC GREM, GDAT, GCTI.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Referrals increase your chances of interviewing at myGwork – LGBTQ+ Business Community.
#J-18808-Ljbffr