Lead Threat Intelligence Analyst

Your Opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

Charles Schwab’s Cybersecurity Operations organization Threat Intelligence team members are tasked with exciting opportunities. Developing relationships both internally and externally, identifying trends, educating employees, studying attacker TTPs and providing proactive defense measures and models to other teams. As the Lead Cyber Threat Intelligence Analyst, you will play a critical role in analysis of disparate information and synthesizing into relevant actionable intelligence.

• Focus on identifying and analyzing threats to Schwab and its core assets.
• Deliver accurate, timely and professional intelligence products.
• Support investigative efforts within the CSOC and the Security Organization.
• Collaborate with peer departments across the firm.
• Build positive and productive relationships with the business and technology.

What you have

Required qualifications

• BS in Computer Science (or related field) or equivalent work experience.
• Minimum of 7 years of experience in one or more of the following areas is required: Information Security, Enterprise Security Monitoring & response, Security Orchestration and Automation, Information Technology, penetration testing, threat intelligence, security architecture/design strategy, system analysis and implementation, or related function.
• Minimum of 5 years of experience
• Working with how advanced adversaries operate, their TTPs and malware families
• In monitoring OSINT (Open-Source Intelligence), SOCMINT (Social Media Intelligence), and internal intelligence resources for known and emerging security threats to employee safety, company security, business operations, or reputation risks and provide correlation and trending analysis.
• Developing and managing relationships with high-level law enforcement officials and international counterparts, including international security agencies, intelligence, and other relevant governmental functions and private sector counterparts worldwide

Preferredqualifications

• Experience conducting threat hunting to identify, classify, prioritize, and report on cyber threats following industry best practices.
• Collecting, processing, cataloging, and documenting threat information and regularly provide expert analysis through curated intelligence briefings.
• Experience in the consumption, processing, and analysis of tactical Cyber Threat Intelligence within an operational environment, supporting monitoring detection and response capabilities.
• Experience with any Public Clouds (AWS/GCP/Azure)
• Works in cooperation with vital stakeholders, participates and executes in developing an effective strategy to assess and mitigate foreign and domestic risk, manage crises and incidents, and safeguard the organization.
• Directs and assists team resources in identifying, developing, implementing, and maintaining security processes, practices, and policies throughout the organization to reduce risks, respond to incidents, and limit exposure and liability in all areas of information, financial, physical, personal, and reputational risk.
• Ensures the organization’s compliance with the local, national, and international regulatory environments where applicable to the accountability of this role (i.e., privacy, data protection, and environmental health and safety).
• Contribute to advancing the organization's global security intelligence program, focusing on actionable data to proactively protect the company, employees, and assets.

• Experience with reporting/visualization of metrics, establishing and maintaining standards, processes, and procedures.
• Demonstrated effectiveness influencing the cross-organizational teams.
• Understanding of NIST, MITRE ATT&CK framework.
• Experience with varied technologies including SOAR, SIEM, Cloud based security platforms, data analysis tools.