Security Content Analyst - Belfast

Company Description Anomali is headquartered in Silicon Valley and is the Leading AI-Powered Security Operations Platform that is modernizing security operations. At the center of it is an omnipresent, intelligent, and multilingual Anomali Copilot that automates key workflows and empowers your team to deliver critical threat insights to leadership in seconds.   Anomali unifies ETL, SIEM, XDR, SOAR, and the world’s largest repository of global intelligence into a single, cloud-native platform that improves detection, speeds investigations, and reduces costs at scale.   Do more with less. Be Different. Be the Anomali. Learn more at www.anomali.com Position Description: As a Security Analytics Content Engineer, you will lead the design and production of content detection logic and rules used in Anomali's various technologies. This role is responsible for supporting Anomali’s content detection efforts to become a leader in Security Analytics Market.  You will also be responsible for building, deploying and testing all SIEM detection rules and logic .   1.     Threat Analysis and Detection: Analyzing various forms of digital content, such as emails, web pages, and files, to detect potential security threats like malware, phishing attacks, or harmful scripts. Creating documents on the treats found during the threat analysis, including what the threat is, when the treat was first noticed, where the threat originated, how to detect the threat, why to mitigate the threat and, with whom the threat is associated.   2.     Deep Dive into TTPs: Techniques Identification: Identify specific techniques used in the campaign, such as spear phishing, exploitation of public-facing applications, or credential dumping. Tactics Correlation: Correlate these techniques with the tactics in the MITRE ATT&CK matrix, which are broad categories describing the objectives of the adversary, such as "Initial Access", "Execution", "Persistence", etc. Procedures Detailing: Detail the specific procedures or methods used for each technique. For instance, if the technique is 'spear phishing', the procedure might involve sending emails with malicious attachments tailored to specific individuals Detection Mapping: Create detections to watch the adversary's behavior to known profiles in the MITRE ATT&CK framework.   3.     Development of Detection Rules:  Designing and developing detection rules and algorithms using query language operators and functions to automatically detect harmful content. This involves understanding the latest in machine learning, pattern recognition, and data analysis techniques.   4.     Research and Keeping Up-to-date:  Staying informed about the latest malware trends, attack vectors, and detection technologies. This involves continuous learning and sometimes participating in cybersecurity research with Anomali's Advanced Threat Research Group.   5.     Testing Custom Detection Tools: Develop Custom Scripts/Tools: If applicable, test custom-developed scripts or tools designed for malware detection. Machine Learning Models: Evaluate the effectiveness of any machine learning models that have been trained to detect malware. A Content Detection Engineer typically specializes in identifying and mitigating security threats . This role involves analyzing threat actors , their campaigns, and creating detection rules and algorithms to detect and prevent such attacks. Additionally, the role may create content based on approved customer requests. The role is a blend of cybersecurity knowledge and content analysis skills.  Qualifications Required Skills/Experience: o Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. Additional experience and/or relevant certifications will be considered in lieu of degree. o Proficiency in programming languages such as Python, Java, or C++. o Foundational understanding of Threat Intelligence and detection rules for Malware and malicious campaigns.  o Ability to analyze and interpret logs and alerts from various security tools. o Experience with machine learning and artificial intelligence, especially in content recognition and classification. o Familiarity with data analysis and data mining techniques. o Experience with tools and techniques for detecting malware, phishing attempts, and other malicious content. o Knowledge of network security and protocols, including experience with firewalls, intrusion detection systems, and encryption technologies. o 2+ years of relevant experience in the cyber security space, doing work relevant to the responsibilities of this position. o Previous experience in threat analysis, content detection or a similar field. o Prior experience with Anomali ThreatStream preferred. o Hands-on experience with machine learning algorithms and tools. o Strong analytical and problem-solving skills. o Attention to detail and accuracy. o Ability to work independently and as part of a team. o Good communication skills, as the role may involve collaborating with other teams and explaining complex concepts to non-technical stakeholders. o Willingness to stay updated with the latest developments in technology, particularly in areas relevant to content detection. o This position is a hybrid position working onsite at our Belfast office. This position is not remote. o This position is not eligible for employment visa sponsorship. The successful candidate must be authorized to work freely in Belfast.   Benefits: o Competitive Salary   Medical o Private Healthcare Plan o Dental Plan o Optical Plan    Work-Life Balance o Paid Public Holidays o Accrued Paid Time Off – 25 days