Cyber Threat Intelligence Lead

About Xerox Holdings Corporation

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power today’s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients — no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.

Description:

Serve as the primary researcher of threats against the Xerox reputation, brand, and systems through multiple threat intelligence sources. Communicate the same to a network of cyber security practitioners across Xerox for awareness and/or action to mitigate the threat(s).

The Cyber Threat Intelligence Lead works with the cyber defense team to make accurate, risk-based decisions on where to focus security efforts that will protect our employees, operations, and revenue streams to yield the highest ROI from expended security resources.

Primary Responsibilities:

• Maintain a research regimen of continuous monitoring and alerting of threats discovered and/or realized in the industry. Analyze the applicability and potential impact to Xerox systems/resources:
• Collect and process both technical and non-technical, internal, and external threat intelligence.
• Gather pertinent, relevant data instrumental to analyzing applicability across a broad range of technologies, resources, and stakeholders within Xerox.
• Maintain a clear understanding of the Xerox global footprint, external attack surface, and the relevant technologies to be monitored for new threats/vulnerabilities, particularly those that may escalate our response needs beyond standard security policy/standards for remediation.
• Communicate verbally and electronically in a clear, concise, manner being careful to validate and document immediate or long-term actions required to neutralize the threat or exploitable vulnerability.
• Develop briefings to disseminate and present to a wide range of stakeholders to include technical, operational, executive, or senior leadership stakeholders.
• Maintain integration of threat intelligence sources with the Security Incident & Event Management Tool.
• Support detection and response teams with context and analysis support, provide industry expertise and recommend relevant remediation and countermeasures to support CSIRT in triaging and responding to security incidents.
• Monitor threat sources continually based on input from Xerox Product Security, Corporate Security, and threats against systems & software of prevalent use in the conduct of Xerox business.
• Analyze data from various sources to identify possible risk indicators, determine possible root cause and identify preventative actions.
• Collaborate with the managed security services supplier in designing rules/alerts within the security information & event management system (SIEM) and/or other security technologies employed by Xerox to swiftly detect and/or prevent compromise to systems and/or information.
• Perform threat hunting exercises using knowledge of tactics, techniques and procedures used by adversaries.
  
  

Knowledge and Skills Required:

• Working knowledge and/or experience in analysis in investigations, such as in IT, law enforcement, or military intelligence for at least 2-4 years.
• Statistical modeling and analysis experience to infer possible cybersecurity threats.
• Understanding of IDS/ IPS, SIEM, email security, EDR and end point protection technologies
• Experience in performing disk/ memory forensics and/or malware analysis would be a plus.
• Strong understanding of network, application layer and OS fundamentals.
• Experience analyzing and responding to incidents in cloud environments would be a plus.
• Knowledge of common Threat Actor tools, tactics, or protocols (TTPs) and identification of countermeasures to reduce risk.
• Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting with global peers.
• Possess a good technical understanding, takes initiative to remain up to date with cyber security skills, and fosters an attitude of continual learning/adapting.
• Knowledge of threat intelligence platform capabilities for operationalizing and delivering actionable intelligence to key groups and stakeholders to manage remediation.
• Manage vendor relationship and drive delivery of platform capabilities.
• Strong communication skills, including clear verbal and written communication, collaboration, technical presentations, adaptability, and interpersonal skills.
  
  

Qualifications:

• Education Requirements: Master’s degree (Cybersecurity, Computer Science, Information Systems, or related field)
• Professional Certifications: Preferred – A technical certification such as GCFE, GREM, CISSP, CISA, or equivalent is desired.
• Ability to work in the Eastern time zone is preferred.