Senior SOC Analyst, Cyber Threat Intelligence DFIR

About The Position

Requirements

• 3-6 years of experience in Cyber Threat Intelligence, Security Operations, or Threat Hunting.
• Proficiency with Recorded Future, CrowdStrike (especially Counter Adversary Module), and dark web intelligence platforms.
• Deep understanding of threat actor TTPs, MITRE ATT&CK framework, and intelligence lifecycle.
• Experience in multiple intelligence disciplines including:
• Threat Intelligence (TI)
• SecOps Intelligence
• Identity Intelligence
• Dark Web Intelligence
• Surface Web Intelligence
• Social Media Monitoring
• Third Party Intelligence
• Strong writing skills for producing intelligence reports, threat profiles, and executive summaries.

Nice To Haves

• Familiarity with TIP platforms, STIX/TAXII feeds, and intel ingestion into SIEM/SOAR tools.
• Certifications such as GCTI, GREM, CTIA, or GCIA.
• Understanding of geopolitical and nation-state threat landscapes.
• Experience contributing to threat hunting and red team exercises.

Responsibilities

• Collect, analyze, and operationalize threat intelligence across surface, deep, and dark web sources.
• Use tools such as Recorded Future, CrowdStrike Counter Adversary Module, OSINT, and dark web monitoring platforms to identify emerging threats, campaigns, and threat actor behaviors.
• Perform identity intelligence and account exposure investigations across criminal forums, paste sites, and marketplaces.
• Monitor and assess threats from social media, hacktivist groups, and geopolitical activity.
• Enrich SOC and IR investigations with contextual threat intelligence (IOCs, TTPs, attribution).
• Track and report on threat actors, malware families, exploit trends, and sector-specific targeting.
• Produce periodic threat assessments, intelligence briefings, and alerts for internal stakeholders.
• Collaborate with Detection Engineering to convert intelligence into detections and hunt hypotheses.
• Support intelligence requirements for Security Operations, Incident Response, Risk, and Legal teams.
• Proficient with forensic tools such as EnCase, FTK, Velociraptor, Volatility, etc.
• Experience with SIEM, EDR, and SOAR platforms (e.g., Splunk, CrowdStrike, SentinelOne).
• Strong knowledge of network protocols, system internals (Windows/Linux), and common attack techniques.

Benefits

• Lucid offers a wide range of competitive benefits, including medical, dental, vision, life insurance, disability insurance, vacation, and 401k.
• The successful candidate may also be eligible to participate in Lucid's equity program and/or a discretionary annual incentive program, subject to the rules governing such programs.