Description

A challenging and fulfilling technology role expanding upon the current CSOC capabilities by utilising traffic flow data on GTT global network to generate inhouse threat intelligence.

The threat intelligence data engineer, Cyber Security Operations designs, builds and operates a technology platform that assesses anomalous traffic flows acros the GTT network to facilitate the generation of accurate and actionable threat intelligence

Responsible for:

- Interacting with core network engineering teams

- Management of Arista switches used for analysis

- Operation of data analytics platform

- Identification of opportunities to utilise AI in the generation of threat intelligence

- enrichment of raw traffic flow data

Main Duties

Management of threat intelligence platform.

Collaborate with internal teams such as Product Management, Development, and Corporate Security to identify and deliver functionality to continually improve our products using industry best practices and trending customer requirements.

Act as the escalation point for all matters relating to inhouse threat intelligence generation.

Build relationships and become a trusted advisor to other department that make use of threat intelligence

Assess and drive metrics for the threat intelligence platform 

Develop tools, processes and communication strategies to ensure a timely and responsive approach to both customer reported and internally identified issues.

Manage 3rd party vendors including service review and licensing requirements.

Develop employee training requirements to ensure staff are highly proficient with the use of GTT’s threat intelligence data

Technical Experience

Essential:

Certified in Arista switches

Expert level knowledge at data analytics

Benficial:

Cisco / juniper

AI / generative AI

Working Hours

Standard. 7 hours per day with 1 hour lunch break between 9am and 5:00pm.

Occasional extended hours may be required during management escalation, critical incidents and platform upgrades.

Security

SC clearance required – (by end of probation period, can be extended)

Core Competencies

Deep understanding of Arista switch configuration for the purpose of packet analysis

Understanding of data analytics and anomaly identification

Ability to generate a sense of urgency and rally appropriate resources both internally and with third parties.

Strong problem solving, priority setting, facilitation, multi-tasking, analytical, and collaboration skills.

Significant understanding of security incidents, including malware, network reconnaissance and emerging threats.

Understanding of vulnerability assessment and remediation procedures including risk management.

Understanding of SIEM functionality and topology. 

Universal Competencies

Be a positive, self-motivated proactive individual who is equally comfortable engaging with customer senior management and all levels within the GTT organisation.

Possess excellent listening, written and verbal communication skills.

High level of initiative and integrity.

Deliver the appropriate balance of business need, customer expectation and compliance requirements.

Strong organizational, presentation, meeting, and communication skills.

Have a can do attitude and demonstrate a passion for new technology and learning.

Duties and Responsibilities:

Design and development of GTT’s SDN/NFV platforms and products

Continuous improvement of the existing products and platforms

Work with product management to create/maintain/execute the SDN/NFV roadmap

Last resort operational support for SDN/NFV platforms

Coach junior architects and engineers