Threat Intelligence Analyst

About The Position

Requirements

• Bachelor’s degree or diploma in Computer Science, Cybersecurity, Information Systems, or equivalent practical experience.
• 3+ years of experience in threat intelligence, SOC analysis, incident response, or security operations.
• Strong understanding of attacker tradecraft, cybercrime ecosystems, and nation-state activity.
• Experience working with threat intelligence platforms (TIPs), SIEMs, and EDR tools (e.g., ThreatConnect, Splunk, CrowdStrike, SentinelOne).
• Solid knowledge of Windows and Linux operating systems, authentication mechanisms, and common attack vectors.
• Familiarity with cloud environments and cloud security concepts (AWS, Azure, GCP).
• Strong grasp of security frameworks (MITRE ATT&CK, NIST, Kill Chain).
• Ability to analyze indicators of compromise (IOCs), TTPs, and campaign-level activity.
• Experience with scripting or automation (Python, PowerShell, etc.) for intelligence enrichment and analysis.
• Excellent written and verbal communication skills, with the ability to present intelligence clearly to both technical and non-technical audiences.
• Strong analytical mindset, attention to detail, and ability to prioritize under pressure.
• Self-driven, curious, and passionate about staying ahead of the evolving threat landscape.

Nice To Haves

• Experience in an MSSP or consulting environment is a strong asset.
• Relevant certifications such as GCTI, GCIH, GCIA, GCED, Security+, CEH, or CISSP are considered an asset.

Responsibilities

• Collect, analyze, and curate threat intelligence from internal telemetry, commercial feeds, open-source intelligence (OSINT), and industry sharing groups.
• Track threat actors, campaigns, malware families, and vulnerabilities relevant to client environments.
• Map adversary behavior to frameworks such as MITRE ATT&CK to provide actionable intelligence and context.
• Enrich SIEM, EDR, and NDR alerts with threat intelligence to improve detection accuracy and prioritization.
• Produce high-quality intelligence reports, briefings, and advisories for internal teams and clients.
• Support SOC, threat hunting, and incident response teams with timely intelligence during active investigations.
• Identify emerging threats and proactively recommend detection use cases, control improvements, and mitigations.
• Collaborate with detection engineering teams to help develop and tune SIEM rules, correlation logic, and signatures based on intelligence findings.
• Participate in client-facing activities such as security reviews, threat briefings, onboarding, and post-incident reporting.
• Monitor the global threat landscape and continuously update intelligence priorities based on client risk profiles.
• Maintain awareness of vulnerabilities, exploits, and zero-day activity impacting customer environments.