Threat Intelligence Analyst

About The Position

Requirements

• 3-5 years of experience in cyber threat intelligence, security operations, incident response, threat hunting, intelligence analysis, or related cybersecurity roles.
• Working knowledge of cyber threat actors, malware, vulnerabilities, attack lifecycle concepts, and adversary tactics, techniques, and procedures.
• Experience collecting, evaluating, analyzing, and summarizing threat information from multiple sources.
• Familiarity with SOC operations, SIEM workflows, indicators of compromise, detection concepts, and incident investigation processes.
• Strong written communication skills, including the ability to produce concise, accurate, and actionable intelligence products.
• Ability to assess source reliability, analytic confidence, operational relevance, and potential impact.

Responsibilities

• Collect and evaluate cyber threat information from open-source, commercial, government, industry, and internal security sources.
• Support development and refinement of intelligence requirements aligned to organizational mission, assets, technology, and risk priorities.
• Monitor threat actor activity, malware trends, exploitation activity, vulnerability disclosures, campaigns, and sector-specific threat reporting.
• Maintain awareness of current threat landscape developments that may affect enterprise, cloud, identity, endpoint, network, or operational environments.
• Analyze threat reporting, indicators, tactics, techniques, and procedures to assess relevance, credibility, confidence, and potential impact.
• Produce intelligence products such as threat briefs, situational awareness reports, actor profiles, vulnerability intelligence notes, and executive summaries.
• Map observed or reported adversary behavior to recognized frameworks such as MITRE ATT&CK.
• Identify trends, patterns, knowledge gaps, and intelligence priorities that support security operations and risk management.
• Validate, enrich, and manage indicators of compromise and other threat artifacts for operational use.
• Provide context around indicators, including associated campaigns, malware, infrastructure, confidence levels, and recommended handling.
• Coordinate with SOC, threat hunting, and engineering teams to support detection logic, alert enrichment, watchlists, and monitoring use cases.
• Recommend tuning, suppression, or prioritization guidance when intelligence indicates changes in threat relevance or confidence.
• Support SOC analysts with threat context during alert triage, investigation, escalation, and incident response activities.
• Provide intelligence inputs to threat hunting hypotheses, hunt priorities, and post-incident analysis.
• Assist with research on suspicious activity, adversary tradecraft, malicious infrastructure, malware families, and exploitation techniques.
• Document intelligence findings, assumptions, confidence levels, and recommended follow-up actions clearly and defensibly.
• Prepare written and verbal intelligence briefings for technical teams, program leadership, and other stakeholders.
• Translate complex threat information into clear operational and business risk language.
• Collaborate with SOC analysts, threat hunters, forensics personnel, security engineers, Splunk teams, and program leadership.
• Contribute to knowledge bases, intelligence repositories, recurring reports, and lessons-learned materials.
• Help improve intelligence workflows, source evaluation practices, reporting templates, tagging standards, and dissemination processes.
• Track intelligence usefulness, stakeholder feedback, recurring intelligence gaps, and opportunities to improve operational impact.
• Stay current with adversary tradecraft, intelligence analysis methods, security operations practices, and relevant frameworks.