Senior Information Security Consultant (Senior Cyber Threat Intelligence Analyst - Tactical)

Location:

Our Cyber Threat Management team rolls up into Key's broader Cyber Defense function within Corporate Information Security. Cyber Defense's mission is simple: We aim to Deter, Detect, Deny, and Disrupt adversaries through proactive threat-centric defense.

In this role, you will help mature the CTI program by evaluating the current state and recommending program and capability improvements. You will develop and maintain a deep understanding of the cyber threat landscape, including threat actors, malware variants, attack vectors, TTPs and their associated threats, to support mitigation efforts while leveraging MITRE ATT&CK, D3FEND and the Cyber Kill Chain. This position requires strong Open-Source Intelligence (OSINT) investigation skills, familiarity with dark web communities and ecosystems, and advanced knowledge of cybersecurity fundamentals and concepts. Success in this role demands an independent, thorough, and adaptable individual who can deliver accurate and complete intelligence outputs.

• Aggregate, evaluate, and synthesize threat intelligence from diverse sources such as open-source intelligence (OSINT), dark web forums, commercial feeds, and internal sources to identify relevant and actionable insights for the organization.
• Cyber Threat Intelligence (CTI) Analysis - Identifying, analyzing, and interpreting cyber threats from various internal and external sources to assess relevance and impact to KeyBank and cause adversary disruption.
• Expert knowledge of the cyber threat landscape (including financial sector) and the ability to communicate those threats to senior leadership, technical and non-technical audiences.
• Deep understanding of Threat Actor (TA) Tactics, Techniques, & Procedures (TTPs) and Indicators of Compromise (IOCs) utilized by cyber adversaries with the ability to identify new and novel TTP's.
• Apply frameworks (MITRE ATT&CK, D3FEND, Diamond Model, Kill Chain) to enhance detection and response.
• Skilled in automation, including intelligence gathering and processing using scripts or platforms (e.g., python, APIs, STIX/TAXII).
• Incident Response support - Collaborating with incident response teams to provide threat intelligence that informs remediation and mitigation efforts.
• Threat Modelling support - Partner with Security Engineering to identify potential threats and exposures within the company's infrastructure to ensure appropriate controls are in place.
• Threat Actor Profiling - Studying adversary tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK to provide context and attribution.
• Data Correlation and Enrichment - Correlating disparate data sets (e.g., IOC feeds, vulnerability databases, internal telemetry) to develop actionable intelligence.
• Report Writing & Briefing - Producing written reports, threat assessments, and briefings for technical and non-technical stakeholders.
• Familiarity with leveraging other security platforms like Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Threat Intelligence Platform (TIP), and Endpoint Detection and Response (EDR).
• Evaluate and manage CTI tools (TIPs, threat feeds, OSINT platforms, etc.).
• Practical application of intelligence to support SOC, IR, threat hunting, vulnerability management, and risk functions
• Define and track CTI performance metrics to measure intelligence effectiveness and drive continuous improvement, using data to demonstrate the value of CTI outputs to stakeholders and leadership
• Actively participate in tabletop exercises and red/blue/purple team activities.
• Interface with stakeholders withing Cyber Defense, the broader security organization, and those outside of security such as technology, fraud and other lines of business partners.
• Provide mentorship and technical guidance to junior analysts and cross-functional partners.
• Lead by example in fostering a culture of curiosity, rigor, and continuous learning within the CTI function.

• Bachelor's in Computer Science, Cybersecurity, or related field or equivalent experience
• A minimum of 5 years of experience in CTI, IR, SOC, or digital forensics.
• Strong analytical, research, and writing skills.
• Experience with malware and phishing analysis.
• Ability to work independently and escalate risks appropriately.
• Ability to communicate concisely, effectively and directly with executive management.

• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Certified Forensic Analyst (GCFA)
• Offensive Security Certified Professional (OSCP)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Cybersecurity Analyst (CySA+)
• CompTIA Security+

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be mobile or home based, which means you may work either at a home office or in a Key facility to perform your job duties. Preferred location is Brooklyn, OH. If you are local to KeyBank facilities, you will work a minimum of 2 days a week from the office location.

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $94,000.00 to $130,000.00 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.