Location:
4910 Tiedeman Road - Brooklyn, Ohio 44144
Our Cyber Threat Management team rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat-centric defense.
In this role, you will help mature the CTI program by evaluating the current state and recommending program and capability improvements. You will develop and maintain a deep understanding of the cyber threat landscape, including threat actors, malware variants, attack vectors, TTPs and their associated threats, to support mitigation efforts while leveraging MITRE ATT&CK, D3FEND and the Cyber Kill Chain. This position requires strong Open-Source Intelligence (OSINT) investigation skills, familiarity with dark web communities and ecosystems, and advanced knowledge of cybersecurity fundamentals and concepts. Success in this role demands an independent, thorough, and adaptable individual who can deliver accurate and complete intelligence outputs.
Key Responsibilities
Aggregate, evaluate, and synthesize threat intelligence from diverse sources such as open-source intelligence (OSINT), dark web forums, commercial feeds, and internal sources to identify relevant and actionable insights for the organization.
Cyber Threat Intelligence (CTI) Analysis - Identifying, analyzing, and interpreting cyber threats from various internal and external sources to assess relevance and impact to KeyBank and cause adversary disruption.
Expert knowledge of the cyber threat landscape (including financial sector) and the ability to communicate those threats to senior leadership, technical and non-technical audiences.
Deep understanding of Threat Actor (TA) Tactics, Techniques, & Procedures (TTPs) and Indicators of Compromise (IOCs) utilized by cyber adversaries with the ability to identify new and novel TTP's.
Apply frameworks (MITRE ATT&CK, D3FEND, Diamond Model, Kill Chain) to enhance detection and response.
Skilled in automation, including intelligence gathering and processing using scripts or platforms (e.g., python, APIs, STIX/TAXII).
Incident Response support - Collaborating with incident response teams to provide threat intelligence that informs remediation and mitigation efforts.
Threat Modelling support - Partner with Security Engineering to identify potential threats and exposures within the company's infrastructure to ensure appropriate controls are in place.
Threat Actor Profiling - Studying adversary tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK to provide context and attribution.
Data Correlation and Enrichment - Correlating disparate data sets (e.g., IOC feeds, vulnerability databases, internal telemetry) to develop actionable intelligence.
Report Writing & Briefing - Producing written reports, threat assessments, and briefings for technical and non-technical stakeholders.
Familiarity with leveraging other security platforms like Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Threat Intelligence Platform (TIP), and Endpoint Detection and Response (EDR).
Evaluate and manage CTI tools (TIPs, threat feeds, OSINT platforms, etc.).
Practical application of intelligence to support SOC, IR, threat hunting, vulnerability management, and risk functions
Define and track CTI performance metrics to measure intelligence effectiveness and drive continuous improvement, using data to demonstrate the value of CTI outputs to stakeholders and leadership
Actively participate in tabletop exercises and red/blue/purple team activities.
Interface with stakeholders withing Cyber Defense, the broader security organization, and those outside of security such as technology, fraud and other lines of business partners.
Provide mentorship and technical guidance to junior analysts and
CLZUU DOMUU SK111 SK222 SK333 SK444 SK555 SK666
