Cyber Threat Intelligence Analyst

About The Position

Requirements

• 3+ years of experience in cyber threat intelligence, intelligence analysis, incident-driven investigations, or a closely related analytical field.
• Demonstrated experience producing finished intelligence products such as actor profiles, campaign reports, attribution assessments, or infrastructure mapping.
• Deep familiarity with cyber investigations, infrastructure attribution, campaign analysis, and actor profiling.
• Strong OSINT instincts and the ability to resolve identities, aliases, and behavior across fragmented sources.
• The ability to connect technical findings to financial infrastructure, including wallets, laundering paths, sanctions exposure, or identity-linked leads when relevant to the investigation.
• Excellent judgment about analytical confidence, evidentiary strength, and what can or cannot be defended in a report, referral, or operational setting.
• A track record of independently driving complex investigations, improving workflows, and elevating the quality of analytical work around you.
• Excellent written and verbal communication skills, with the ability to package findings for technical and non-technical audiences alike.
• Comfort operating in a fast-paced environment where priorities can change quickly and ambiguity is normal.
• AI fluency is required. AI tools should be a meaningful part of your research, synthesis, and workflow acceleration toolkit, with strong human quality control over the resulting output.

Responsibilities

• Produce finished cyber threat intelligence, including actor profiles, campaign reports, IOC packages, infrastructure attributions, and evidence-ready analytical outputs.
• Act as an analyst across multiple active actors and campaigns at once, helping improve quality, share tradecraft, and informally support other analysts through strong analytical execution.
• Assist in complex investigations from seed indicators such as domains, IPs, hashes, aliases, or wallets through to attributed actors, clusters, or campaign pictures.
• Correlate technical indicators with OSINT, identity signals, infrastructure patterns, and financial-rail activity to build a fuller understanding of adversary behavior.
• Triage large indicator sets, cluster infrastructure, and turn fragmented signals into clear, defensible findings that stakeholders can act on immediately.
• Support incident responders, threat hunters, investigators, and partner-facing teams with timely, high-confidence intelligence products and briefings.
• Help evaluate new analytical tooling by pressure-testing it on real workflows and identifying where it meaningfully reduces analyst effort or improves output quality.
• Contribute to stronger investigation workflows, analytic standards, and repeatable methods that improve analyst throughput without sacrificing rigor.