Lead Threat Intelligence Analyst

About The Position

Requirements

• Be proficient in using Threat Intelligence Platforms (TIPs), such as OpenCTI, and mapping intelligence data to STIX/TAXII frameworks.
• Demonstrate strong analytic skills in processing, correlating, and synthesizing multiple sources of intelligence to produce actionable reports.
• Possess SIEM experience or related/equal experience
• Position and discuss security issues with customer technical and leadership audiences to reach positive outcomes
• Demonstrate technical writing skills for customer or executive audiences
• Demonstrate proficiency in English; additional languages are a plus.
• Possess a deep understanding of threat actors, their motivations, TTPs (aligned to MITRE ATT&CK), and how they target industries and organizations.
• Leverage Scripting experience

Nice To Haves

• GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware, (SOC)
• EC-Council’s Certified Cyber Intelligence Analyst (CTIA), CREST's Certified Threat Intelligence Manager and CREST Registered Threat Intelligence Analyst, MITRE ATT&CK® Cyber Threat Intelligence Certification.
• Not required, but prefer some experience with Malware Analysis, Digital Forensics or Incident Response (full packet capture, host/network, email)

Responsibilities

• Monitor and evaluate publicly available and closed sources, selecting and reviewing cyber threat reporting for relevance and actionability.
• Analyze processed threat intelligence, correlating and synthesizing findings with other internal and external sources to create a comprehensive threat picture.
• Produce brief, high-impact customer-facing summaries highlighting essential facts for internal sharing, as well as more detailed formal reports that include key facts, technical details, threat actor profiling, victimology, attack chains, and TTPs.
• Recommend mitigation measures based on technical analysis and threat assessments to reduce client risk exposure.
• Identify and map key elements from intelligence reports to STIX threat objects for easy consumption by stakeholders and ingestion into the Threat Intelligence Platform.
• Ingest finalized intelligence reports and supporting data into the Threat Intelligence Platform for knowledge management, correlation, hunting, and alerting, ensuring accessibility for internal teams and clients.
• Collect, process, and analyze dark web activity and data leak site listings, maintaining a comprehensive leak site database to track trends, generate reports, and inform clients.
• Create charts, graphs, and tables to visualize threat actor activity and trends
• Monitor and respond to threat intelligence requests for information (RFIs) for both internal and customer facing teams.
• Participate in incident event escalations by identifying and actioning leads for intelligence reporting.
• Review and approve email notifications, blog posts, and other customer communications based on finalized threat intelligence reports.
• Provide intelligence-driven support to Security Operations Center, Threat Hunting, Incident Response, and Vulnerability Management teams.
• Brief internal teams, clients, and executive stakeholders on emerging threats, relevant threat actors, and mitigation strategies.
• Mentor junior analysts and contribute to the development of Cyber Threat Intelligence team tradecraft and processes.

Benefits

• Medical, dental, vision, and disability insurance
• Flexible Time Off (FTO), 11 company holidays, sick leave and 8-Weeks Paid Parental Leave
• Unique professional development benefits, starting at $3,000 annually
• Wellness contests and monthly educational programs
• 401(K) retirement program