07.12.2022

Вакансія: Threat Intelligence Coordinator (Short-Term) for USAID Cybersecurity for Critical Infrastructure in Ukraine Activity

ЗАВЕРШЕНО

Vacancy вакансія — Вакансія: Threat Intelligence Coordinator (Short-Term) for USAID Cybersecurity for Critical Infrastructure in Ukraine Activity

BACKGROUND/CONTEXT:

The purpose of the US Agency for International Development (USAID) Cybersecurity for Critical Infrastructure in Ukraine Activity is to strengthen the resilience of Ukraine’s critical infrastructure from cyberattacks by establishing trusted collaboration between key cybersecurity stakeholders in the government, private sector, academia, and civil society. The activity aims to achieve this goal by implementing the following activity components:

Component 1: Strengthen the cybersecurity enabling environment

The legal, regulatory, and institutional framework for national cybersecurity in Ukraine needs to be strengthened and aligned with international standards and best practices. This component will strengthen the cybersecurity resilience of Ukraine’s critical infrastructure sectors by addressing legislative gaps, promoting good governance, enabling collaboration between stakeholders, and supporting cybersecurity institutions.

Component 2: Develop Ukraine’s cybersecurity workforce

Ukraine suffers from a severe shortage of cybersecurity professionals. This component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity will address workforce gaps through activities that develop new cybersecurity talent and build the capacity of existing talent. These activities will address the entire workforce pipeline, the quality of education received by cybersecurity specialists, and industry training programs to rapidly upskill Ukraine’s workforce to respond to immediate cybersecurity vulnerabilities.

Component 3: Build a resilient cybersecurity industry

A growing cybersecurity industry in Ukraine will contribute directly to national security and prosperity. This component will seek to build trust and collaboration between the public and private sector to develop innovative solutions for future cybersecurity challenges; spur investment and growth in the broader cybersecurity market in Ukraine through greater access to financing; support smaller cybersecurity companies to rapidly increase the number of local cybersecurity service providers; and offer mechanisms for Ukrainian firms to connect with industry partners to enable better access to innovations and business opportunities.

ROLE’S PURPOSE:

The National Security and Defense Council (NSDC) is one of Ukraine’s key government authorities and one of the Activity’s primary stakeholders. The National Coordination Center for Cybersecurity (NCCC), under the NSDC, is responsible for overseeing and coordinating implementation of cybersecurity policy as it relates to national security. The NSDC has developed a new National Cybersecurity Strategy (Strategy) to address cybersecurity challenges and advance cyber capabilities of Ukraine.   

However, NCCC needs more comprehensive analytical assistance to develop their analytical capacity and facilitate its coordination work with other cyber stakeholders in strengthening cybersecurity landscape. The Activity assists NSDC/NCCC in improving their analytical capacity and provides rapid analytical support.

The Activity is looking for the services of a Threat Intelligence Coordinator to identify priority areas for the analytical tasks, analyze tactics of cyberattacks on critical infrastructure operators, determine cyber activities patterns, establish processes for cyberattacks responses, and build capacity on protecting critical infrastructure in cyberspace. This work will be carried out in close coordination with representatives of the NSDC/NCCC.

The Activity is looking for a Threat Intelligence Coordinator to:

Lead the Cyberthreats and APT activities assessment (including tactics, techniques, and procedures (TTP), aims and vectors of attacks)
Determining the trend of threat development (for further modeling of threats and security incidents, preparing recommendations for detection, analytical processing of cyber incidents and conducting research on threats, vulnerabilities and attack analysis)
Setting up of Threat intelligence / Threat hunting (TI/TH) processes in the NCCC, which includes: monitoring of the Internet, development of SCAD elements of TI/TH, preparation of informational materials within the framework of TI/TH processes.

The Threat Intelligence Coordinator will work under the oversight of the Enabling Environment Lead. 

DELIVERABLES AND DEADLINES

Deliverables

Due by date

Monthly report on cyberthreats which should contain results on:

Monitoring of cyber threats regarding the activity of APT groups, their tactics, techniques and procedures (TTP) and goals
Updating the Cyber Threat Response documentation
Updating knowledge bases on cyber threats, attack vectors, threat actors and threat trends
Providing recommendations on detection and analysis of cyber incidents
Conducting analysis of threats, vulnerabilities and attacks on the infrastructure of cybersecurity entities
Providing analysis of hypotheses, predictive models and construction of cause-and-effect relationships within the framework of Threat intelligence / Threat hunting (TI/TH) processes
Developing proposals for remediation or prevention of cyberattacks
Monitoring the open-source internet data on threat analysis (TI/TH)
Build proposals, hypotheses and develop expected results on threat analysis (TI/TH) in the NCCC
Develop informational materials on threat analysis (TI/TH)
Provide proposals for updating Rules for Event Monitoring and Correlation Systems

On the monthly basis

MINIMUM QUALIFICATIONS, SKILLS AND EXPERIENCE:

Bachelor’s degree in Information Technology, Information Security/Cybersecurity Engineering or related field of study.
4+ years of professional experience in a Cyber Threat Intelligence.
Experience of computer systems engineering for GOU authorities (desired);
Previous experience in monitor and response to cybersecurity incidents preferred;
Experience analyzing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translate these into actionable intelligence for our SOC.
Experience with using and troubleshooting cybersecurity and IT tools.
Knowledge of the intelligence cycle/process
Knowledge of Threat intelligence / Threat hunting
Skills in creating YARA, SIGMA, Snort, etc. rules
Understanding of various enterprise IT and cloud architectures and technologies such as networks, server infrastructure, operating systems, web applications, databases, containerization and mobile devices

ADDITIONAL BENEFITS

Experience working in a cybersecurity operations center, or participating in a red or blue team and the ability to work as both an attacker and a defender
Windows/Unix administration experience;
Experience using security scanners (nmap, nessus);
Experience with attack detection systems (IDS/IPS, HIDS/HIPS);
Experience in IS monitoring or IS incident investigation
Certificates:
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
GIAC Certified Incident Handler (GCIH)
GIAC Cyber Threat Intelligence (GCTI)
GIAC Reverse Engineering Malware (GREM)
Certified Incident Handler Engineer (CIHE)
Information Systems Security Engineering Professional (ISSEP)

Period of Performance – 1 January 2023 -31 December 2023

Maximum Level of Effort – 230 working days

Qualified candidates should send their CV and cover letter with the name of position in a subject line to [email protected]. by 31 December 2022 6:00 pm Kyiv time. Only short-listed candidates will receive notice requesting additional information.