Senior Cyber Threat Intelligence Analyst

Who we are

American International Group, Inc. (AIG) is a leading global insurance organization. AIG member companies provide a wide range of property casualty insurance in approximately 70 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets and manage risks.

We're also committed to making a positive difference for our colleagues and in the communities where we work and live. We encourage colleagues to give back to the causes they care most about, supporting these efforts through our Volunteer Time Off and Matching Grants Programs.

Get to know the business

At AIG, technology is at the heart of everything we do, from underwriting risks to processing claims. The Information Technology team equips our employees with the latest tools to complete their work efficiently and with the highest standards of excellence. The team is responsible for shielding the company's systems from security risks, while designing technology strategies that enable AIG's businesses to achieve their goals. AIG's Information Technology functions include application development and management, enterprise architecture, and technology risk and compliance.

About the role

The AIG Cyber Threat Intelligence team consists of engineers and analysts who specialize in the tactics, tools and procedures used by cyber criminals. The Analyst will work within an interdisciplinary team that develops advanced analytical frameworks, tools and research methodologies in order to identify emerging cyber threats.

The Analyst will be responsible for analyzing the political, economic, social, and behavioral aspects of malicious cyber activity. Research will include monitoring of underground forums, chat channels, and social media, the identification and analysis of security incidents using open source and internal sources to assess severity and identify responsible parties, including hacktivist groups and actors. Additionally, the analyst will respond to client-directed research requests and contribute to internal intelligence products. This position will also aid in producing a comprehensive operating picture and cyber security situational awareness.

What you need to know:

• Collect, process, catalog, and analyze information on cybersecurity topics as required.
• Respond to requests for ad-hoc reporting and research topics from management as required.
• Aid in and participate in daily, weekly, quarterly, and yearly production of written reporting for clients, partners, and internal teams.
• Work with a cross-functional team of cybersecurity technologists across various information security functions such as vulnerability remediation, red-team, penetration-testing, security operations, and other relevant subject areas to gather, analyze and disseminate information on relevant threats.
• Deliver polished and informative threat intelligence briefings to various company stakeholders on a weekly/monthly/quarterly basis.
• Work with various intelligence collection and reporting tools and frameworks to produce reports.
• Analyze output from security controls and participate in incident response activities as needed.
• Research and analyze content from unindexed areas of the internet.
• Quickly understand and deliver on company and customer requirements.
• Write tactical and strategic assessments under deadlines.
• Responsible for maintaining professional relationships with cybersecurity vendors and contacts in the cybersecurity, finance industry, and government communities.
• Deal professionally with offensive, profane, and obscene materials encountered during the course of investigations and research.

What we're looking for:

• Knowledge of Cyber threat analysis and reporting techniques and approaches as well as intelligence collections techniques and tradecraft.
• Understanding of the intelligence lifecycle, information handling, dissemination, and supporting tools and techniques.
• Excellent verbal and written communications skills - samples and demonstration may be required during interview.
• Understanding of how functions like security operations, vulnerability management, cyber hunting, red-team and penetration-testing, function in a large-enterprise information security program.
• Understanding of various attack types, tools, and techniques; DDoS, credential phishing/stuffing, reconnaissance techniques, lateral movement and exploitation frameworks and tools.
• Working knowledge and understanding of frameworks such as MITRE ATT&CK, CVE/CWE, and similar frameworks.
• Understanding of the operation and execution of various malware types; ransomware, loaders, trojans, remote access tools, infostealers, adware, mobile, firmware-based, coinminers, and others.
• Understanding of malware distribution methods; spear-phishing, exploit-kits, social engineering, etc.
• Deep understanding of the cybercrime ecosystem - topics such as bulletproof hosting, ransomware, criminal affiliate programs, botnets, underground forums and marketplaces, criminal proxy and VPN services, spam, money/reshipping mules, carding, DDoS services, and/or malware development and distribution.
• Thorough understanding of TCP/IP and related protocols and the OSI reference model.
• Understanding of how Internet DNS, webhosting, service providers, and domain registration eco-systems function and how they can be abused by cybercriminals.
• Knowledge of how cybersecurity technologies function and work - firewalls, virtual private networking, intrusion-prevention, endpoint detect/response capabilities, DNS/RPZ, network detect/response, and similar approaches/controls.
• Ability to evaluate cybersecurity vulnerabilities and associated exploits in technologies.
• Ability to use Splunk to perform complex queries and search for relevant cyber event information.
• Good understanding of global geopolitical dynamics and the ability to apply that knowledge to an information security context.
• Proven ability to translate complex information sets into specific recommendations that can be actioned to enhance enterprise security posture.
• Knowledge of foreign languages is a plus.
• 7+ years of experience in cyber threat intelligence.
• Bachelor's degree in CIS or equivalent work experience.

Additional skills and experience desired include:

• Experience with threat intelligence platforms, endpoint detect/respond, and web-based intelligence tools and sources etc. is a plus.
• Network packet analysis and familiarity with tools like Wireshark and Snort.
• Vulnerability management and penetration-testing tools and frameworks.
• YARA signature crafting and retrohunting skills in VirusTotal or similar.
• Use/administration of threat intel and security automation/orchestration platforms.
• Understanding of public cloud (AWS/Azure) infrastructure.

A look at our Benefits

We're proud to offer a range of employee benefits and resources that help you protect what matters most - your health care, savings, financial protection and wellbeing. We provide a variety of leaves for personal, health, family and military needs. For example, our "Giving Back" program allows you to take up to 16 hours a year to volunteer in your community. Our global mental health and wellness days off provide all colleagues with a paid day off to focus on their mental health and wellbeing.

We also believe in fostering our colleagues' development and offer a range of learning opportunities for colleagues to hone their professional skills to position themselves for the next steps of their careers. We have a tuition reimbursement program for eligible colleagues to enhance their education, skills, and knowledge in areas that relate to their current position or future positions to which they may transfer or progress.

We are an Equal Opportunity Employer

American International Group, Inc., its subsidiaries and affiliates are committed to be an Equal Opportunity Employer and its policies and procedures reflect this commitment. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories such as sexual orientation. At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.

To learn more please visit: https://www.aig.com/about-us/diversity-equity-and-inclusion

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with physical or mental disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to [email protected]. Reasonable accommodations will be determined on a case-by-case basis.

Functional Area:

IT - Information Technology

Estimated Travel Percentage (%): No Travel

Relocation Provided: No

AIG Employee Services, Inc.