24 days ago - req22253
Senior Cyber Intelligence analyst
Other corporate functions
In a nutshell
Other corporate functions
ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers – to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics.
The Cyber Defense Center (CDC) within ASML (Veldhoven office) through real time detection & response minimizes the damage caused by threat actors bypassing ASML preventative security controls and protecting ASML information.
To enhance our Cyber resilience, the Threat Intelligence team continuously research and report on emerging threats against ASML to strategically shape and guide the approach ASML takes to protect its assets.
Our team works closely together with other security functions and other ASML teams utilizing our shared in depth knowledge in our effort to secure the business for all our stakeholders.
You participate in a high skilled team to identify potential risks and threats to the organization by conducting all-source analysis and adversary targeting to identify, monitor, assess, and counter the threats posed by malicious cyber actors against our information systems, infrastructure and cyber-related interests. Based on your work the various levels and teams within ASML can make decisions and take action accordingly.
- Collaborate with CDC stakeholders to identify, validate, and levy requirements for collection and analysis;
- Participate in advanced analysis of collection and open-source data to ensure target continuity, to profile targets and their activities and develop techniques to gain more information
- Craft and deliver intelligence products to provide an accurate representation of the current threat landscape and associated risk through the use of supplier, community, and open source reporting;
- Real-time monitoring of third party security feeds, forums, and mailing lists to gather information on vulnerabilities and exploits relevant to ASML;
- Assess external events based on factual information and wider contextual information available;
- Support the CDC in their incident response activities from intelligence analysis perspective;
- Develop cyber indicators to maintain awareness of the status of our enterprise environment;
- Conducts cyber threat/vulnerability assessments;
- Write finished products based off of highly technical subject matter and analysis for dissemination to a less technical or non-technical audience;
- Collaborate with colleagues in the other value streams of the CDC as well as other technology departments to establish effective and productive relationships;
- Deliver security/risk insights for business partners within ASML by applying ML & AI as well as visualization and reporting skills;
- Develop and maintain algorithms and models for detection of malicious behavior;
- Visualize complex dataset for guided decision making, leveraging past experiences from other data domains and applying them to the security space;
- Increase understanding of data analytics concepts within the CDC as well as outside the team.
- Bachelor or Master’s degree in cyber security, Computer science or equivalent combination of education and work experience;
- One or more of the following certifications pre: CISSP, GCTI, GCFA, GCFE, GCIH, GREM, OSCP/OSCE.
- 5+ years of experience in: Cyber Operations, Threat Intelligence, Incident Response or Cyber Forensic roles;
- Experience with working in an agile work environment in an enterprise environment is a pre;
- Knowledge of IT architecture and operations (computing, network, storage & cloud), as well as knowledge of computer networking concepts and protocols (TCP/IP, OSI Model), and network security methodologies;
- Broad understanding and knowledge of offensive and defensive Tactics, Techniques and Procedures (TTPs), malware analysis (communication/installation/behavior) and computer network defense operations;
- Expertise in tracking complex campaigns and threat actor infrastructures utilizing both external and internal, tools and data sets but also by leveraging external intelligence enrichment sources;
- Technical proficiency with open source intelligence (OSINT) research tools and ability to work with large set of unstructured data;
- Good understanding of global geopolitical dynamics and the ability to apply that knowledge to an information security context;
- Experience in working with both commercial and open source TIPs in depth understanding of STIX/TAXII concepts, analytic tools, workflows as well as SIEM and EDR solutions;
- Experience in working with internally and externally high-trust sharing communities while maintaining TLP;
- Experience with developing Machine Learning & Artificial Intelligence technologies;
- Experience with Anomaly Detection, statistical modeling, text mining and deep learning.
- Critical thinking and contextual analysis abilities;
- Investigative and analytical problem solving skills;
- Teamwork, can-do mentality;
- Stress resistant and natural multi-tasker;
- Attention to detail;
- Result driven;
- Strong verbal presentation and writing skills, including the demonstrated ability to write clear and concise text;
- Strong time management skills and willing to go above and beyond where required.
Experience with at least one scripting / programming language e.g. Python, C, Java, PowerShell, Bash, and Rege
- Operating systems, including Windows and Linux;
- Data lake concepts;
- Proficient in English (business language), and multiple global major languages is considered a plus;
- Well versed understanding of cyber risk concepts: Advanced Persistent Threat, Third Party Risks, Cybercrime, Hacktivism, Malware and Ransomware, Social Engineering, Insider Threats, Incident Response, Threat Intelligence, and Host and Network-based security.
- Familiarity with Threat Models such as MITRE ATT&CK® , Diamond Model and Cyber Kill Chain®.
- A basic understanding of Attack methodologies and familiarity with common threat and attack models used during IR and Intel analysis;
- Ability to work collaboratively across a variety of business units or value streams;
- Understanding of cyber-attack vectors, malware analysis, cybercrime networks and methodologies represents a plus;
- Statisticalprogramming tooling (Python (PyOD, Gensim, Scikit-learn, Streamlit,PyTorch, TensorFlow), Jupyter Notebook etc.
Willing to work incidentally outside office hours due to the global presence of the team.
Other informationThis position requires access to U.S. controlled technology, as defined in the United States Export Administration Regulations. Qualified candidates must be legally authorized to access such U.S. controlled technology prior to beginning work.
ASML does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered ASML’s property, and ASML will not be obligated to pay a referral fee. This includes resumes submitted directly to hiring managers without contacting the Resource Center Department.
ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.
If you are interested in this vacancy please apply.