Threat Intelligence & Detections Manager

Requisition Number: 154905

Position Title: Sr Software Engineer I - Security

External Description:

• Threat Intelligence & Detections Manager

  We’re EA—the world’s largest video game publisher. You’re probably familiar with many of our titles—Apex Legends, Anthem, Battlefield, FIFA, The Sims, Need for Speed, Dead Space, and Star Wars, to name a few. But maybe you don’t know how we’re committed to creating games for every platform—from social to mobile to console—to give our consumers that anytime, anywhere access they demand. What does that mean for you? It means more opportunities to unleash your creative genius, be inspired by those around you and ignite your path in any direction you choose.

  Summary

  The Threat Intelligence & Detections Manager plays a pivotal role in security risk management across EA. The role includes interfacing with external partners to collaborate on threat intelligence, planning and driving the detections program across EA, and where necessary, support the wider team with security incident response.

  This role is a senior position and is part of the Global Security Incident Response Team (GSIRT) Leadership team reporting directly to the Global Director of Security Incident Response.

  Previous hands on detections authoring for different tools/platforms, incident response and attack analysis aligned with the cyber kill chain principles will be especially effective in this role. Knowledge of malware analysis and malware reverse engineering is important but can also be cemented through training and on the job practice.

  Patience and a “get it done” attitude are qualities that are well-suited for this position. The successful candidate will also possess strong written and verbal communication, as you will be customer facing on a daily basis.

   

  Primary Responsibilities

  • Partner with externals to collaborate on threat intelligence.
  • Build and lead a mature detections program, including formal detections lifecycle – Initial focus is to ensure that all EA environments are covered by all basic attacks/TTPs before progressing to more advanced TTPs.
  • Work with incident response operations and Red Team to perform hunting activities across all EA environments to test for gaps and create new detections to address.
  • Work directly with GSIRT Leadership team to ensure that threat intelligence is acted on and drives our tactical planning, strategy and tools used.
  • Review and improve existing EA threat intelligence platform and partner with engineering team/developers to uplift as necessary.
  • Malware analysis and other attack analysis to extract indicators of compromise.
  • Assemble and coordinate with IR Operations, technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.

   

  Skills, Knowledge, and Abilities

  The ideal candidate will have the following skills and experience:

  • Previous hands on detections experience – external attacker TTPs and insider threat TTPs.
  • Experience with a threat intel platform (CRITS/MISP/ThreatQ etc).
  • An understanding of the Threat Intel data formats and standards (openioc, stix, taxii, maec).
  • Malware analysis and reversing experience (this can be developed but incumbent must have some prior experience).
  • Experience with scripting and use of threat intel APIs.
  • Current working knowledge of the industry threat landscape and tracking of cyber threats.
  • Understanding and experience of intrusions analysis and incident response.
  • Problem solving to learn new technical and non-technical analysis techniques to overcome problems.
  • Host and network-based forensics skills.
  • Ability to self-learn and maintain a strong proficiency in technical tools, countermeasures and techniques.
  • Strong Unix/Linux experience.
  • Understanding of TCP/IP fundamentals, network protocols, system administration and network architectures.
  • An understanding of Logging platforms and SIEMs e.g. Elastic, Splunk, ArcSight etc.
  • Understanding of log analysis and correlation.

   

  Additional Requirements

  • Must be willing to travel internationally to partner company locations and other global EA offices to foster and grow intelligence relationships to protect EA network and players.
  • Perform multiple critical assignments under deadline pressure in a fast-paced, high volume, office work environment.
  • The incumbent must effectively interact between the various internal departments and unit executives to accomplish business goals.
  • Effectively perform work at varying levels to include executive/strategic and detailed/analytical.
    
    
    

  What’s in it for you? Glad you asked!

  • Competitive salary plus annual bonus scheme
  • Central location in Guildford (5 minutes from main train station)
  • Private medical insurance & dental care
  • Pension scheme
  • Life insurance
  • Stock plans
  • Free onsite gym
  • Employee discounts
  • Rail season ticket loan
  • Annual game points and digital download allowance
  • Onsite café
  • 25 days holiday (including 3 days company shutdown days between Christmas & New Year)
  • Two annual staff parties (Summer & Christmas)
  • Casual dress code
  • Games Area

  
  
  

  We thought you might also want to know more about our location:

  http://careers.ea.com/our-locations/guildford

  
  
  

  
  

City:

State:

Community / Marketing Title: Threat Intelligence & Detections Manager

Company Profile:

Electronic Arts Inc. 是全球领先的互动娱乐软件公司。 EA 提供适用于联网主机、个人电脑、手机和平板电脑的游戏、内容和在线服务。

EEOText: EA 是一个奉行机会均等的雇主。 所有招聘决定均不考虑种族、肤色、国籍、血统、生理性别、社会性别、性别认同或表达、性向、年龄、遗传信息、宗教信仰、残障状况、医疗状况、怀孕状况、婚姻状况、家庭状况或退伍军人身份等因素的影响。 EA 还会遵照相关法律，为符合条件的残障个体改善工作环境。

Days Open: 79

Can this position be remote?:

EEO Employer Verbiage:

EA 是一个奉行机会均等的雇主。 所有招聘决定均不考虑种族、肤色、国籍、血统、生理性别、社会性别、性别认同或表达、性向、年龄、遗传信息、宗教信仰、残障状况、医疗状况、怀孕状况、婚姻状况、家庭状况或退伍军人身份等因素的影响。 EA 还会遵照相关法律，为符合条件的残障个体改善工作环境。