Lead Cyber Threat Intelligence Analyst

About The Position

Requirements

• 8+ years of experience in cyber threat intelligence, intelligence analysis, incident-driven investigations, or a closely related analytical field, with at least 1+ years of experience in a people lead/manager role.
• Demonstrated experience producing finished intelligence products such as actor profiles, campaign reports, attribution assessments, or infrastructure mapping.
• Deep familiarity with cyber investigations, infrastructure attribution, campaign analysis, and actor profiling.
• Strong OSINT instincts and the ability to resolve identities, aliases, and behavior across fragmented sources.
• The ability to connect technical findings to financial infrastructure, including wallets, laundering paths, sanctions exposure, or identity-linked leads when relevant to the investigation.
• Excellent judgment about analytical confidence, evidentiary strength, and what can or cannot be defended in a report, referral, or operational setting.
• A track record of leading complex investigations, improving workflows, and helping other analysts do better work.
• Excellent written and verbal communication skills, with the ability to package findings for technical and non-technical audiences alike.
• Comfort operating in a fast-paced environment where priorities can change quickly and ambiguity is normal.
• AI fluency is required. AI tools should be a meaningful part of your research, synthesis, and workflow acceleration toolkit, with strong human quality control over the resulting output.

Responsibilities

• Produce finished cyber threat intelligence, including actor profiles, campaign reports, IOC packages, infrastructure attributions, and evidence-ready analytical outputs.
• Act as a senior analytical lead across multiple active actors and campaigns at once, helping prioritize work, improve quality, and coach other analysts.
• Lead complex investigations from seed indicators such as domains, IPs, hashes, aliases, or wallets through to attributed actors, clusters, or campaign pictures.
• Correlate technical indicators with OSINT, identity signals, infrastructure patterns, and financial-rail activity to build a fuller understanding of adversary behavior.
• Triage large indicator sets, cluster infrastructure, and turn fragmented signals into clear, defensible findings that stakeholders can act on immediately.
• Support incident responders, threat hunters, investigators, leadership, and external partners with timely, high-confidence intelligence products and briefings.
• Help evaluate and operationalize new analytical tooling by pressure-testing it on real workflows and identifying where it meaningfully reduces analyst effort.
• Contribute to better investigation workflows, analytic standards, and repeatable methods that increase analyst throughput without sacrificing rigor.