Sr. Cyber Threat Intelligence Analyst - Security Operations

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related discipline; or equivalent combination of education and relevant experience.
• 5+ years of experience in at least one of the following areas: Cyber threat intelligence. Incident response / detection engineering. Threat hunting. Security operations or closely related technical security roles.
• Strong understanding of: Common adversary TTPs, intrusion kill chains, and MITRE ATT&CK. Core network, endpoint, and cloud security concepts. Cyber attack vectors, detection techniques, and common exploit patterns.
• Demonstrated ability to: Research and analyze complex technical information and distill it into actionable, business‑relevant recommendations. Write clear, concise intelligence products in English for both technical and executive audiences. Work effectively in a fast‑paced environment, managing multiple concurrent priorities.
• Demonstrated ability to prepare and deliver clear, concise, and accurate verbal briefings to both technical and non-technical stakeholders, including senior leadership, with a focus on actionable insights.
• Experience with at least some of the following: Threat intelligence platforms and sharing tools (e.g., MISP, Recorded Future, VirusTotal). SIEM / logging platforms (e.g., Google Secops, QRadar, Splunk, or equivalent). Case management and ticketing systems (e.g., ServiceNow). Basic scripting or data analysis (e.g., Python, SQL, Jupyter, or similar) for IOC processing and enrichment.

Nice To Haves

• Experience working in a large enterprise automotive/manufacturing environment.
• Prior involvement with: Information sharing communities (e.g., Auto‑ISAC or other ISACs). Third‑party/supply chain cyber risk assessment.
• Industry-recognized certifications such as: GCTI, GCIH, GCIA, GCFA, GREM, or similar blue-team/CTI certifications. Security+, CySA+, or equivalent information security certifications.
• Familiarity with requirements-driven and capability-maturity approaches to CTI and integration with frameworks like NIST CSF.

Responsibilities

• Threat Intelligence Production & Analysis: - Collect, normalize, and analyze threat data from commercial feeds, deep/dark web, forums, ISACs, law enforcement partners, open sources, and internal telemetry on vulnerabilities, exploits, malware, and threat actors targeting connected vehicle, IT, HR, manufacturing and supply chain environments.
• Produce clear, concise, and well-structured intelligence products (alerts, briefings, assessments, and dashboards) tailored to different audiences (SOC, executives, engineers, developers, and business stakeholders).
• Maintain up‑to‑date awareness of adversary TTPs, emerging malware, ransomware trends, fraud schemes, and sector‑relevant developments (e.g., automotive, manufacturing, supply chain).
• Shape prioritization of remediation and control improvements by clearly articulating risk, likely impact, and recommended actions.
• Operational Support & Incident Response - Provide on‑call intelligence support for Security Operations, joining incident triage calls to contextualize alerts, prioritize actions, and recommend mitigations.
• Enrich investigations and cases in tools such as MISP, OpenCTI, and ServiceNow with IOCs, threat group context, and likely courses of action.
• Conduct ad hoc research and RFIs to support time-sensitive investigations, executive questions, and cross‑functional initiatives.
• Stakeholder Engagement & Collaboration - Build and maintain effective working relationships with internal stakeholders (Cyber Defense, Product Cybersecurity, Manufacturing, Third Party Cybersecurity, Legal, Red Team, etc.) and external partners (ISACs, vendors, and law enforcement as appropriate).
• Participate in recurring threat intel updates, briefings, and working sessions; adapt messaging to technical and non‑technical audiences.
• Gather feedback on intelligence products and services and use it to improve relevance, timeliness, and usability.
• Process, Tooling, and Measurement - Contribute to the development and continuous improvement of intelligence workflows, SOPs, and playbooks, leveraging automation wherever feasible.
• Use and help evolve key performance indicators (e.g., timeliness of IOC ingestion, pipeline health, customer satisfaction, and PIR coverage) to demonstrate measurable value from CTI.
• Follow a requirements-driven approach to ensure intelligence production is aligned with Threat Intelligence Requirements (PIRs) and organizational risk.
• Serve as a subject matter expert and mentor junior analysts, fostering a culture of continuous learning and technical excellence within GM’s security team.

Benefits

• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.