Threat Intelligence Analyst
We are hiring TI analysts
We are hiring analysts to help us deliver information and intelligence products to our monitoring and response service, customers and external collaboration partners.
mnemonic responds to the region’s most serious cyberattacks. We work side by side with Europe’s most important organisations and critical infrastructure to protect them from the cyberattacks they see today, and what they can expect to see tomorrow.
At more than 350 employees, we are amongst the largest pure play security companies in Europe, and continue to grow rapidly in Norway and internationally. In addition, we are continually ranked by Great Place to Work as one of Norway’s and Europe’s top workplaces.
You will be working with
You will get the opportunity to work with a wide range of tasks:
- Research and analysis of malware and attack campaigns aimed at mnemonic’s customers, but also malware and campaigns that may have future relevance to mnemonic’s customers.
- Signature development to detect new threats in detection technology such as NIDS, log analysis solutions and centralised mass processing solutions.
- Participation in the development of new detection mechanisms and techniques for detecting security incidents.
- Threat hunting in network data, log data and endpoint data after targeted attacks and serious profiteering campaigns against mnemonic’s customers.
- Traditional forensics and memory analysis of confirmed or suspected compromised machines.
- Participation in the development of analysis and enrichment solutions for threat intelligence and malware.
- Sharing of data and information with partners within threat intelligence.
- Participate in the establishment of permanent monitoring, threat intelligence and incident response services for mnemonic's customers.
What you will bring
We are looking for someone that has:
- a good understanding and knowledge about the "laws of physics" in information technology, including an understanding of what is possible to accomplish in computer networks and systems, given different prerequisites.
- experience with analysis of executable files and documents such as: PE files and/or JavaScript, Flash, Silverlight, PDF, Office documents, ELF and APK files.
- experience with analysis of network traffic.
- experience with or interest in technologies / software such as Snort, Suricata, Bro IDS (or other technologies for inspection and analysis of network traffic).
- experience with or interest in technologies such as Yara (or other static malware analysis solutions).
- experience with / interest in / desire to work with technologies such as Cuckoo, Joebox, Norman MAG, BlueCoat / Symantec MAA, FireEye AX, or experience with / interest in sandbox technologies.
experience with / interest in / desire to work with software such as Volatility, Rekall (or memory analysis in general). - experience with / interest in / desire to work with software such as FTK, Encase, Sleuthkit, Log2timeline, Plaso (or traditional forensics in general).
- experience with / interest in / desire to work with solutions such as Soltra, MISP or other platforms for information and data sharing.
Relevant certifications
- SANS Security certifications: SEC487, SEC503, SEC504, SEC505, SEC506, SEC511, SEC560, SEC599.
- SANS Forensics certifications: FOR500, FOR508, FOR526, FOR572, FOR578, FOR610.
What we can offer
- An informal and pleasant working environment that provides opportunities for growth, influence and variations in tasks
- Competitive salary, share program and bonus scheme that promotes a long-term employment outlook, including attractive pension and insurance coverage
- Opportunities for relevant professional training (courses) and conferences
- We place a strong emphasis on workplace well-being and teambuilding through social activities, events and trips with colleagues. In addition, we have an inclusive environment that promotes work-life balance and accommodates to families. Both in Utrecht and Oslo our offices are centrally located. In Oslo, you'll find us at Solli plass.
- A workplace that has been ranked as one of the best in Europe for a number of years. In Norway we have been amongst the top 10 workplaces for 10 years in a row. This year, we even won our category!
How do I apply?
Email us at [email protected] and write "MSS-TI-Analyst" in the subject field. Add a text about why you are right for the job, and your CV. Send us a code project you have been working on, that illustrates exactly how you work with code.
If you have publications or projects you have worked on that you think represent your technical skills or ability to communicate, please attach or refer to these.
Background check
We use Semac AS for background checks in our recruitment process. Security clearance is a requirement.
Do you have questions about a career in mnemonic?
