Threat Intelligence Analyst

About The Position

Requirements

• 2–4 years of experience in cybersecurity, with at least 1–2 years in a threat intelligence, SOC, or closely related role.
• Working familiarity with the Intelligence Cycle and common threat frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain).
• Hands-on experience with OSINT tools and techniques (e.g., Shodan, VirusTotal, WHOIS).
• Strong writing skills with the ability to summarize threats in a clear, business-relevant way.
• Awareness of structured analytic techniques and a commitment to objective, evidence-based assessments.
• Exposure to or willingness to learn Threat Intelligence Platforms (e.g., ThreatConnect, OpenCTI).
• Basic familiarity with SIEM systems and log-based investigation.
• Awareness of STIX/TAXII protocols for threat intelligence sharing.
• Ability to read a sandbox report and extract basic indicators such as C2 infrastructure.

Nice To Haves

• Holds or is actively pursuing a relevant certification (e.g., CompTIA Security+, BTL1, or working toward GCTI).
• Curious by nature — you don't just flag a malicious IP, you want to understand who is behind it and why.
• Follows security researchers and threat intel communities online to stay current on emerging threats and zero-day disclosures.
• Stays composed and methodical when supporting the team during active security incidents.
• Eager to grow into deeper adversary profiling, dark web research, and advanced analytic tradecraft over time.
• Exposure to Python or similar scripting for basic data tasks is a plus.

Responsibilities

• Support all phases of the intelligence lifecycle — planning, collection, analysis, production, and dissemination — under the guidance of senior analysts.
• Research known threat actors and groups, mapping observed Tactics, Techniques, and Procedures (TTPs) to the MITRE ATT&CK framework to help identify potential gaps in current defenses.
• Monitor open sources, industry feeds, and relevant forums to contribute to "big picture" reporting on how the threat environment is evolving.
• Collect and help validate technical Indicators of Compromise (IOCs) from malware reports and OSINT sources to support blocklist hygiene and reduce noise.
• Proactively research and collect threat intelligence from open-source intelligence (OSINT), commercial feeds, and internal security data.
• Assist in producing written reports, including Flash Alerts for urgent threats and contributions to monthly blogs or executive summaries.
• Monitor vulnerability disclosures and exploit trends, surfacing relevant findings for review and escalation.
• Work alongside technical teams (e.g., Incident Response, SOC) and help communicate threat findings to non-technical stakeholders in plain language.