Ensure identification, prioritization and tracking of cyber threat intelligence requirements, probing for signs of compromise and providing analyses. Lead development of threat models to determine incident-type activities, organize and contextualize intel, and communicate the nature, impact and mitigations for applicable security vulnerabilities. Provide offensive security and intelligence support to other security operations functions in support of established objectives. Parse large technical data sets, integrate output of technical research, and share and escalate severe findings to team and management. Gather, evaluate and study multiple intelligence reports, dig for intrusion patterns, and manage documentation and tracking of relevant threats. Collaborate with other analysts, ensuring that individual and team goals are met. Including above, work hours will be spent approximately as follow.

30% - Develop threat models to facilitate a threat intelligence-informed prioritization of security operations and information technology activities in order to mitigate cyberattacks and security risks across business and technology environments. Support security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.
20% - Coordinate closely with other security operations functions in order to analyze threat actor activity, identify intrusions, and develop detections. Analyze data feeds for relevance and potential impact to the university to enhance security monitoring, provide contextual information to enable alert handling, response, and preventative control configuration.
10% - Define standards, processes, and tools to identify, prioritize, and track cyber threat intelligence research findings. Utilize high-level technical and threat actor information to correlate intelligence findings across domains (e.g., crime, espionage, hacktivism). Serve as threat intelligence subject matter expert, formulating and prioritizing intelligence requirements according to established risk management framework.
20% - Design and conduct proof-of-concept tests to replicate third-party findings and propose solutions to resolve discovered security issues. Prepare detailed reports on findings while working closely with internal and external groups to develop appropriate security controls. Conduct tactical assessments involving social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal/external network architecture and a wide array of commercial and bring-your-own products.
10% - Actively hunt for threat exposure and identify incidents warranting action to disrupt and remediate threats. Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams. Maintain currency with industry best practices. Assess and recommend additional tools/technologies as needed, and perform research activities to investigate technologies which may impact the university and present findings to appropriate leadership.
10% - Influence departmental goals and objectives. Promote an environment that fosters inclusive relationships and creates unbiased opportunities for contributions that uphold principles of the USC Code of Ethics. Establish and maintain appropriate network of professional contacts and memberships in professional orgs. Attend meetings, seminars and conferences, and maintain required/desirable certifications.

Hybrid remote: May work several days per week remotely from home (within So. CA); schedule subject to manager approval.

Must be able to work onsite outside of normal working hours (weekends, evenings and/or holidays) as needed to support the business – e.g., to support major security incidents, which happen on rare occasions and require activation of on-call team members.

Hours/Salary: Full-time; $114,710.00-$140,191.82/year

Requirements: Bachelor’s or equivalent degree in computer science, cybersecurity, intelligence and cyber operations or equivalent field plus two years of work experience as a threat intelligence analyst, penetration tester, security analyst or equivalent position. Requires two years of experience in an intelligence function supporting enterprise security operations including a variety of technologies, platforms, threats, and threat actors; threat intelligence analysis and incident response; packet capture and analysis; vulnerability testing and security assessment tools; conducting analytical studies and communicating technical information to non-technical audiences; and Python, C# and Java programming languages. Requires good verbal and written English communication skills. Requires at least one relevant certification (e.g., OSCP, GCIH, GCTI, USAICOE 35F, etc.).

TO APPLY: Email resume with “ref. cb84” in subject field to University of Southern California, ITSRes@usc.edu