Senior Analyst, Cyber Defense - Threat Operations

About The Position

Requirements

• Candidates must have practical experience in threat hunting, tactical CTI, insider threat, and daily use of security tools and telemetry. They should be skilled in analytical methods, the intelligence cycle, and detection based on frameworks like MITRE ATT&CK and D3FEND. They need to clearly present information to both technical and non-technical groups. Familiarity with models such as ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, D3FEND, and the NIST Cybersecurity Framework is required. Knowledge of malware techniques, threat actor TTPs, and common threat terminology is critical. Experience working with intelligence-sharing groups and collaborating with SOC and IR teams is important. Candidates must show deep technical understanding of the cyber threat landscape and countermeasures. It is important that they can analyze, condense, and effectively share large amounts of information with leadership and dynamic audiences.
• Bachelor’s degree or equivalent proven experience, complemented by relevant certifications like GIAC (GCTI/GOSI/GCIA/GCED), CompTIA Security+, or EC‑Council C|TIA (or similar training).
• 4–6+ years in cybersecurity roles such as SOC, IR, CTI, and hunting. Regularly work with SIEM, EDR, DLP, identity, and cloud telemetry. Include 2–4 years performing internal and external threat reconnaissance.
• 3+ years passionate about intelligence and threat hunting, operationalizing IOCs and TTPs at a global enterprise scale.
• Experience working alongside global enterprise organizations and collaborating across distributed teams.
• Direct experience running Threat Intelligence Platforms (MISP, ThreatConnect, Anomali) and STIX/TAXII 2.1 data ingestion and export.
• Familiar with network security architecture concepts, including topology, protocols, components, and defense-in-depth principles.
• Ability to work effectively with minimal oversight in a fast-paced, fluid environment while prioritizing tasks efficiently.
• Strong team-player mentality with willingness to collaborate across a distributed team and multiple departments.
• Proficient in MITRE ATT&CK (Enterprise), investigative hunt methods, and writing threat hunting queries across platforms to build detections and playbooks.
• Hands-on experience with SIEM, XDR, EDR, integrating threat intelligence feeds, and proficiency in DLP, UEBA, UAM for detecting internal risks while collaborating with HR, Legal, and IR.
• Experienced in OSINT and dark-web investigations, emphasizing OPSEC and evidence preservation, along with scripting/automation (Python, PowerShell) for enrichment and content management.
• Strong analytical skills, multi-functional security knowledge, and ability to present publicly as a leader with a clear security viewpoint.
• High integrity, dependability, autonomy, and outstanding interpersonal communication, negotiation, and presentation skills.

Nice To Haves

• Master’s degree or comparable professional experience.
• Prior Military/US Government all-source or cyber intelligence background.
• Familiarity with SOAR workflows and case management.
• Strong understanding of data analytics and data visualization guidelines.
• Experience using Artificial Intelligence (AI) to streamline security operations.

Responsibilities

• Triage alerts and events from intelligence partners while maintaining awareness of trending attacks, vectors, and emerging threats.
• Lead insider threat investigations and partner with other functions (HR, Legal, SOC, DataSec) to reduce internal exposure.
• Support the SOC with Tier III analysis and correlate telemetry across endpoint, identity, network, and cloud environments.
• Conduct proactive threat hunts grounded in clear assumptions aligned with MITRE ATT&CK.
• Publish reusable hunt notebooks and detection improvements using SPL, KQL, and Sigma.
• Willingness to train others, and act as a technical lead to help upskill the team.
• Conduct OSINT and deep web intelligence operations to identify digital threats (e.g. exposed credentials, infostealers) and reduce external exposure.
• Align controls with MITRE D3FEND, author technical advisories, drive runbooks/playbooks, improve workflows, and train/upskill team members as a technical lead.

Benefits

• This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO).