Cyber Threat Intelligence Analyst

About The Position

Requirements

• Understanding of the threat intelligence life cycle.
• Ability to clearly synthesize and communicate intelligence for a variety of audiences.
• Understanding of cyber threat actors TTPs and IOCs.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field (or equivalent experience).
• Basic understanding of networking, operating systems, and common attack vectors.
• Familiarity with MITRE ATT&CK framework and threat intelligence concepts.
• Comfortable with SIEM/EDR, threat intel platforms, and basic malware/PCAP triage, even if not a full reverse engineer.
• Strong analytical and research skills with attention to detail.
• Ability to learn new tools and platforms quickly as the tech stack and threat landscape evolve.
• Excellent written and verbal communication skills.
• Familiarity with SIEM platforms (e.g., Splunk, Elastic, Microsoft Sentinel) for log analysis, correlation, and IOC hunting.
• Basic experience with EDR/XDR tools (e.g., CrowdStrike Falcon, Microsoft Defender, SentinelOne) to pivot on endpoint telemetry and extract IOCs.
• Exposure to Threat Intelligence Platforms (TIPs) such as MISP, OpenCTI, Anomali, or Recorded Future for ingesting, enriching, and sharing threat data.
• Ability to work with OSINT tooling (e.g., Maltego, SpiderFoot, Shodan, urlscan, WHOIS/IP pivoting tools) for infrastructure and attribution research.
• Understanding of structured threat intel formats and standards such as STIX/TAXII, YARA, and Sigma for representing and sharing indicators and detections.
• Basic malware and network traffic triage skills using tools like VirusTotal, ANY.RUN or other sandboxes, and Wireshark/PCAP viewers.
• Comfort using scripting languages (preferred: Python) for data enrichment, API-based collection, and automation of repetitive analysis tasks.
• Familiarity with Linux and Windows command-line utilities for log review, process and network inspection, and artifact collection.
• One or more SIEMs: Splunk, Elastic Security, Microsoft Sentinel, QRadar.
• One or more EDR/XDR tools: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Palo Alto Cortex.
• One or more TIPs or intel repositories: MISP, OpenCTI, Recorded Future, Anomali ThreatStream, Microsoft Defender Threat Intelligence.
• Common OSINT and investigation tools: Maltego, SpiderFoot, Shodan, DomainTools/WhoisXML, urlscan.io.

Nice To Haves

• Experience with OSINT tools and techniques.
• Exposure to threat intelligence platforms and threat intelligence feeds.
• Certifications such as CompTIA Security+, CySA+, or GCTI (nice to have).

Responsibilities

• Threat Data Collection: Gather information from open-source intelligence (OSINT), dark web sources, commercial feeds, and internal telemetry.
• Analysis & Reporting: Assist in analyzing indicators of compromise (IOCs), malware samples, and threat actor behaviors to produce intelligence reports.
• Monitoring & Alerting: Track global cyber threat trends and provide timely alerts on relevant developments.
• Collaboration: Work with SOC, incident response, and vulnerability management teams to share actionable intelligence and support investigations.
• Documentation: Maintain threat databases, update intelligence repositories, and contribute to knowledge-sharing initiatives.
• Tool Utilization: Use and learn threat intelligence platforms (TIPs), SIEM tools, and other cybersecurity technologies.