Threat Intelligence Analyst

About The Position

Requirements

• 3-5 years of experience in cybersecurity, threat intelligence, or SOC operations
• 1-2 years of hands-on experience with MISP
• Experience managing databases on Linux servers
• Understanding of REST APIs and JSON data formats
• Demonstrated experience producing written intelligence products
• Background in data analysis and visualization
• Programming: Python (required); experience with pandas, matplotlib, Jupyter notebooks
• Query Languages: KQL, SQL, Splunk SPL
• Data Analysis: Statistical analysis, pattern recognition, anomaly detection
• APIs: REST API integration and JSON manipulation
• Platforms: Microsoft Sentinel, MISP, Git, GitHub Enterprise
• Visualization: Power BI, Sentinel Workbooks, or similar tools
• Strong understanding of the Cyber Kill Chain and MITRE ATT&CK framework
• Experience with structured analytic techniques
• Ability to identify patterns in large datasets
• Strong critical thinking and hypothesis development skills

Nice To Haves

• Bachelor's degree in Computer Science, Cybersecurity, or related field
• Experience in defense contractor or government environments
• Published threat intelligence research or blog posts
• Contributions to open-source security projects
• Certifications such as GCTI, CySA+, GIAC, or similar
• Security+ (DoD 8570 IAT Level I required)
• CompTIA Linux+ or LPIC
• Experience with machine learning for threat detection
• Familiarity with CMMC and NIST frameworks
• Active security clearance

Responsibilities

• Analyze security incidents across 100+ enterprise clients to identify trends and patterns
• Produce monthly public-facing threat landscape reports
• Create industry-specific intelligence briefs (DIB, Construction, Education)
• Develop technical indicators and detection signatures
• Author threat actor profiles and campaign analyses
• Configure and maintain OSINT and commercial threat intelligence feeds
• Integrate MISP with Microsoft Sentinel and SOC tooling
• Correlate alerts in Microsoft Sentinel across multiple tenants
• Enrich indicators using Pulsedive API and custom scripts
• Develop Python automation for data collection and analysis
• Query MISP for historical threat patterns
• Create data visualizations and statistical models
• Collaborate with SOC analysts to identify noteworthy incidents
• Translate technical findings into executive-level summaries
• Create and maintain event templates for common threats
• Develop automation scripts for indicator processing
• Generate intelligence reports and statistics
• Develop KQL queries for proactive threat hunting
• Support incident response with intelligence context
• Maintain and expand the threat intelligence knowledge base
• Partner with marketing to publish intelligence reports
• Present findings at industry conferences
• Engage with the threat intelligence community
• Support sales with technical expertise
• Respond to media inquiries regarding emerging threats

Benefits

• Excellent health/dental benefits from BCBS and Ameritas
• See into the future with our luxurious VSP vision benefits
• Prepare for the long-haul courtesy of our 401k with company matching
• Unlimited mobile phone plan
• 10 days' vacation, 7 days sick time
• Bonuses and salary increase potential via our certifications plan