Happiest Minds Technologies
Website:
happiestminds.com
Job details:
- Threat Intelligence and Advisory Management
As part of this service, the IBM will perform the following:
Threat Sources Covered
Monitor, aggregate, and analyze threat intelligence and advisories from multiple sources, including but not limited to:
- Commercial Threat Intelligence Platforms (e.g., Anomali, Recorded Future)
- Vendor Security Advisories (e.g., Microsoft, Cisco, Palo Alto, Akamai)
- Government and CERT Alerts (e.g., UAE CERT, US-CERT, ENISA)
- Threat feeds from SOC and SIEM/SOAR platforms
- Crowd-sourced threat platforms and Bug Bounty findings (e.g., Bugcrowd)
- Open-source intelligence (OSINT) sources
- Dark Web intelligence sources (where applicable)
- Internal threat hunting findings
- Partner advisories and industry-specific alerts.
General Service Requirements
- Maintain continuous monitoring and validation of incoming threat intelligence.
- Analyse the potential impact of threats on the Group?s infrastructure, applications, users, and data.
- Prioritize threat advisories based on business relevance, criticality, and risk exposure.
- Provide actionable threat advisories with mitigation recommendations.
- Integrate threat intelligence outputs with SOC, Incident Response, and Vulnerability Management processes.
- Ensure threat intelligence-driven response activities are tracked, actioned, and closed.
- Develop and maintain threat advisory and intelligence playbooks for standardized processes.
Threat Detection and Collection
- Collect and normalize threat advisories and intelligence feeds.
- Validate the authenticity and credibility of threat sources.
- Remove noise and false positives to focus on credible and impactful threats.
Threat Analysis and Prioritization
- Perform enrichment on threat data using internal telemetry and external datasets.
- Correlate identified threats with the Group?s asset inventory and critical systems.
- Prioritize threats based on risk to the business (high, medium, low impact).
Threat Advisory Notification and Actioning
- Prepare clear, actionable threat advisories including:
- Threat description
- Potential impact
- Affected systems/services
- Recommended immediate and long-term mitigation actions
- Disseminate advisories to relevant stakeholders (e.g., IT, Security Operations, Business Units).
- Raise Threat Advisory Tickets (TA Tickets) where action is required.
- Assign and track closure of mitigation actions within agreed timelines.
Threat Intelligence Playbooks
- Develop structured playbooks for threat collection, validation, analysis, dissemination, and response.
- Ensure continuous updating of playbooks based on evolving threat landscapes and operational lessons learned.
- Align playbooks with MITRE ATT&CK, NIST, and other cybersecurity frameworks where applicable.
Threat Campaign Monitoring
- Identify ongoing threat campaigns targeting the Group?s sector or geography.
- Provide early warnings on advanced persistent threats (APTs), ransomware groups, and significant actors.
- Recommend preventive and defensive measures based on observed campaigns.
Threat Hunting Support
- Use threat intelligence to proactively identify indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) that could already exist in the environment.
- Support threat hunting activities based on high-fidelity threat intelligence and emerging threat patterns.
Threat intelligent Platform Management & Operations
- Perform daily, weekly, and monthly operational health checks.
- Maintain and update threat intelligence feeds (commercial, open-source, and internal).
- Perform platform upgrades, patches, and system tuning.
- Ensure high availability and business continuity configurations are in place.
- Monitor and manage platform performance and storage utilization.
- Manage user access, roles, and permissions according to governance policies.
- Enable role-based dashboards for SOC, IR, Threat Hunting, and Management.
- Conduct quarterly access reviews.
- Integrate various threat intelligence feeds (e.g., STIX/TAXII, MISP, ISACs).
- Validate, de-duplicate, and normalize intelligence data.
- Prioritize threat indicators based on relevance to the organization.
- Regular review and curation of feeds for noise reduction and enrichment.
- Integrate TIP with SIEM (e.g., QRadar, Splunk), SOAR, EDR, firewall, and other security controls.
- Automate indicator enrichment and correlation in SOC tools.
- Enable automated blocking of high-confidence IOCs in firewalls or proxy solutions.
- Develop and maintain integration of playbooks and dataflow documentation.
Cyber Security
Click on Apply to know more.