Threat Analyst/Incident Responder
The primary responsibility of the Threat Intelligence team perform targeted profile collections, data processing and analysis and collaborate with LVSC operational components to leverage High Value Target (HVT) data for incident prioritization. This role is responsible for all-source intelligence analysis in a team responsible for producing authoritative intelligence assessments that define Cyber threats to networked LVSC systems, executives, team members and key guests. All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures.
Essential Duties & Responsibilities
- Key Performance Objectives
The Threat Analyst/Incident Responder has two major disciplines: the Cyber Threat Analyst (CTA) (1st discipline) and the Incident Response (2nddiscipline).
The Threat Analyst is responsible for performing cyber intelligence threat analysis and exploitation activities. In this discipline you are charged with gathering threat intelligence feeds from external sources, understand the threat landscape and then integrate them into a single threat framework for our global properties.
The Incident Response (IR) investigates computer related crimes:
- Discovers the problem
- Mitigates the damages
- Thoroughly investigates the situation
- Takes detailed notes throughout the entire process
- Uses a wide range of computer forensic tools to perform the functions of the job
- Works with Director of Incident Response, and the Director of Security Operations Center on matters relating to the execution of the Sand’s Corporation cyber intelligence threat assessment activities.
- Subject matter expert (SME) for all custom intelligence-based alerts
- Collaborate with the IDS Engineers and SIEM Engineers to reduce false positives while maximizing capture of suspect traffic.
- Present new technical details of relevant activity detected
Additional Duties & Responsibilities
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.
- Collect, process, catalog, and document information using an ALL-SOURCE approach and various technical and human means on cyber-security topics as required
- Respond to requests for ad-hoc reporting and research topics from management as required
- Aid in and participate in daily, weekly, quarterly, and yearly production reporting for internal teams
- Work with various intelligence collection and reporting tools and frameworks to produce reports
- Research and analyze content from unindexed areas of the internet
- Produce concise, written analysis and visual presentation of findings
- Quickly understand and deliver on company and customer requirements
- Write tactical and strategic assessments under deadlines
- Deal professionally with offensive, profane, and obscene materials encountered during the course of investigations and research
- Develop cyber intelligence threat analysis involving actual and alleged instances of information collection or system compromise achieved through cyber means
- Develop trend reports in cyber intelligence collection including dynamic cyber capabilities of foreign and domestic actors – both national and sub-national
- Conduct time-sensitive, actionable intelligence and apply it for continued analysis and collection.
- Directly interacting with the public and private sector Intelligence Community to support cyber security operations
- Ability to assess cyber intelligence threat assessment programs in the private sector and develop best analytic practices
- Communicate information, ideas, and analytical judgments and conclusions in a clear, concise, and logical manner, both orally and in writing
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
- Coordinates with the Director of Incident Response and Threat for developing IR Plans
- Partners with like contractors and develop a working relationship
- Processes Cyber and IT security complaints or incidents.
- Assesses threats to IT resources.
- Determines incident severity and escalates it, if necessary, with notification to Director of Incident Response
- Coordinates security incidents from discovery to closure.
- Reviews incidents, provides solutions/resolutions and closure.
- Perform intrusion scope and root cause analyses.
- Assist intrusion remediation and strategy development and implementation.
- Recommend effective process changes to enhance defense and response procedures.
- Handle high and critical severity incidents as described in the operations playbook.
- Perform additional analysis of escalations from the Security Operations Center
- Leads Cyber Hunt activities and provides direction to the Hunt team analysts assigned to the exercise
- Performs other related duties as assigned.
- Bachelor’s degree
- Three or more years of experience in an intelligence analyst role with an emphasis on collection and threat assessment and/or two or more years of direct Cyber Threat Analysis are desired
- Two or more years in a security role with strong working knowledge and understanding of cyber security, frameworks, incident management and cyber security operations
- Develop and maintain cyber intelligence liaison contacts in the public and private cyber intelligence community in the interest of informing Senior Leadership of cyber intelligence threats that may undermine the safe and secure operations of the LVSC enterprise network
- Develops cyber intelligence threat assessment products that support predictive analytics to secure the LVSC enterprise
- Experience in directly interacting with the Intelligence, Tactics, Techniques and Procedures (TTP), and the Law Enforcement community.
- Versed on network-borne attack vectors and feasible mitigating controls
- Professional presence to communicate the business impact a cyber threat poses to the reputation and brand of the Sands Corporation
- Subject Matter Expert on Advanced Persistent Threat actors and methods
- Significant written and verbal communication is required for this role, including site notices, analysis reports and executive summaries of cyber threats and APT activity, and formal and informational briefings
- Proficient at analyzing and interpreting network traffic for indications of malicious activity
- Maintain consistent adherence to the Venetian and Palazzo Unmatched Guest Service Standards.
- Work varied shifts, including weekends and holidays.
- Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the need of the business.)
- 21 years of age
- Ability to read and communicate effectively in standard English in written and oral business communications
- Regular and reliable attendance is an essential function of the job
- Proof of authorization to work in the United States
- Las Vegas Sands Corp. is an E-Verify employer
- Additional information regarding E-Verify can be found at http://www.uscis.gov/e-verify
- Perform a variety of duties, often changing from one task to another of a different nature, with frequent interruptions or distractions
- Adapt to frequent changes in workload and be able to adjust priorities quickly as circumstances dictate while completing tasks within established time frames
- Ability to establish and maintain cooperative working relationships with fellow Team Members, management, outside contacts, guest and the public
- Ability to meet the basic physical requirements of an office environment including moving freely and frequently about an office, accessing computers and related technologies using peripheral equipment and operating other office equipment
Job Segment: Cyber Security, Security
Las Vegas Sands Corp.
The Venetian® and The Palazzo®, Five-Diamond luxury resorts on the Las Vegas Strip, and Sands® Bethlehem in Eastern Pennsylvania are the company's properties in the United States. Marina Bay Sands® is the company's iconic Integrated Resort in Singapore's downtown Marina Bay district. Through its majority-owned subsidiary Sands China Ltd., the company owns a portfolio of properties on Macao's Cotai Strip®, including The Venetian® Macao, Four Seasons Hotel Macao, and Sands Cotai Central. The company also owns the Sands® Macao on the Macao Peninsula.
Company Type: Public Company
Company Size: 10,001+