Senior Threat Intelligence Analyst

Company: M&T Bank
Location: Buffalo
Posted on: May 15, 2022

Job Description:

Overview: Serves as subject matter expert (SME) in cybersecurity threat intelligence and possesses knowledge of how information can lead to key risk decision-making in multiple areas of the Bank. - Drives development, implementation and execution of various Cybersecurity threat intelligence initiatives, systems and processes. - Maintains knowledge of intelligence collection methods, technical analysis and dissemination of threat intelligence and understands technical concepts required to properly analyze and assess impact of Cybersecurity threats. - Assists in creating threat reports for new and emerging threats to the Bank, and reviewing and approving threat reports before dissemination. Primary Responsibilities:

• Characterize and analyze threat intelligence data to identify potential cyber related information that could impact the Bank.
• Support development, implementation and execution of various threat-intelligence initiatives, systems and processes.
• Work with more experienced team members to provide guidance, testing plans, and/or analysis reporting to be used within the team and Cybersecurity to ensure conformance to established compliance, regulatory, best practice, and risk management programs.
• Identify potential threats, review with more experienced team members, and disseminate information to applicable parties in accordance with standardized dissemination processes.
• Coordinate with more experienced team members and Operations, Technology, and business unit personnel in an auditing, analysis, training, and outreach capacity.
• Support functions, systems, and processes critical to the Corporation's ability to identify, investigate, minimize and defend against cybersecurity threats.
• Interact with various internal and external audit, regulatory, privacy and/or compliance personnel.
• Interact and coordinate initiatives with outside teams and external professional organizations supporting areas of expertise.
• Assist with documenting and communicating proposed new approaches, methods, technologies, or breakthroughs in area of expertise.
• Represent information security governance, compliance, and risk management function on committees and ad-hoc projects as assigned.
• Work independently on high-level systems analysis and technical phases of development.
• Understand and adhere to the Company's risk and regulatory standards, policies and controls in accordance with the Company's Risk Appetite. - Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned. Scope of Responsibilities:The position works under general supervision while being afforded opportunity to exercise independent judgment and discretion and assisting less experienced team members. - This requires the position to interact regularly with non-management, middle management, certain senior management, and business units and partners. Education and Experience Required:
  • Associate's degree in an applicable discipline, and a minimum of 4 years' relevant work experience in two or more of the following Cybersecurity domains: - Security and Risk Management, Asset Security, - Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing, and Security Operations, or in lieu of a degree, a combined minimum of 6 years' higher education and/or work experience, including a minimum of 4 years' relevant work experience in two or more of the following Cybersecurity domains: - Security and Risk Management, Asset Security, - Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing, and Security Operations
  • Detailed knowledge of tools, techniques, and methodologies analyzing and mitigating cyber attack stages, including reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation
  • Prior experience completing complex problem analysis and problem resolution across multiple disciplines
  • Prior experience with and demonstrable aptitude for quickly learning new technical skills and supporting systems, tools, and processes
  • Experience with active participation in technical analysis walkthroughs
  • Technical understanding of common networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks
  • Detailed knowledge of evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and contributing towards intelligence reporting
  • Must be a US Citizen and eligible to obtain a US Government Security Clearance Education and Experience Preferred:
    • Bachelor's degree in an applicable discipline
    • Comprehensive understanding of different types of threat actors, and advanced understanding of motivations and methodologies
    • Understanding of what types of intelligence a Cybersecurity Operations Center and the Financial Crimes team(s) would benefit from receiving and how it can be operationalized
    • Experience with tools, techniques, and methodologies analyzing and mitigating cyber attack stages, including: reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation
    • Technical experience with common networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks
    • Experience with evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) and accurately determining the potential range and scope of threats and assisting with development of high-quality intelligence reporting
    • GCED (GIAC Certified Enterprise Defender), CEH (Certified Ethical Hacker), or platform-specific or Cybersecurity domain-related industry-recognized certification LocationBuffalo, New York, United States of America

Keywords: M&T Bank, Buffalo , Senior Threat Intelligence Analyst, Professions , Buffalo, New York