Staff Cyber Threat Intelligence Analyst

About The Position

Requirements

• 8+ years of experience in cyber threat intelligence, intelligence analysis, incident-driven investigations, or a closely related analytical field.
• Demonstrated experience producing finished intelligence products such as actor profiles, campaign reports, attribution assessments, or infrastructure mapping.
• Deep expertise in cyber investigations, infrastructure attribution, campaign analysis, and actor profiling, including the ability to set a high bar for analytical rigor in these areas.
• Strong OSINT instincts and the ability to resolve identities, aliases, and behavior across fragmented sources.
• The ability to connect technical findings to financial infrastructure, including wallets, laundering paths, sanctions exposure, or identity-linked leads when relevant to the investigation.
• Excellent judgment about analytical confidence, evidentiary strength, and what can or cannot be defended in a report, referral, or operational setting, including the ability to guide others on those standards.
• A track record of leading complex investigations, improving workflows, shaping analytical standards, and raising the quality of work beyond your own cases.
• Excellent written and verbal communication skills, with the ability to package findings for technical and non-technical audiences alike.
• Comfort operating in a fast-paced environment where priorities can change quickly and ambiguity is normal.
• AI fluency is required. AI tools should be a meaningful part of your research, synthesis, and workflow acceleration toolkit, with strong human quality control over the resulting output.

Responsibilities

• Produce finished cyber threat intelligence, including actor profiles, campaign reports, IOC packages, infrastructure attributions, and evidence-ready analytical outputs.
• Act as a staff-level analytical leader across multiple active actors and campaigns at once, raising quality, shaping standards, and coaching other analysts through exemplary tradecraft and judgment.
• Drive the highest-complexity investigations from seed indicators such as domains, IPs, hashes, aliases, or wallets through to attributed actors, clusters, or campaign pictures, and codify the methods others can reuse.
• Correlate technical indicators with OSINT, identity signals, infrastructure patterns, and financial-rail activity to build a fuller understanding of adversary behavior.
• Triage large indicator sets, cluster infrastructure, and turn fragmented signals into clear, defensible findings while improving the repeatability and rigor of how this work is done across the team.
• Support incident responders, threat hunters, investigators, leadership, and external partners with timely, high-confidence intelligence products and briefings, especially where judgment, prioritization, and ambiguity are unusually high.
• Evaluate and operationalize new analytical tooling by pressure-testing it on real workflows and identifying where it meaningfully reduces analyst effort, improves quality, or creates reusable leverage across investigations.
• Drive better investigation workflows, analytic standards, and repeatable methods that increase analyst throughput without sacrificing rigor.
• Partner across intelligence, engineering, and data science to translate investigative tradecraft into scalable analytical capabilities and product-informed improvements.

Benefits

• Health insurance
• Dental insurance
• Vision insurance