Cyber Threat Intelligence Analyst

Salary : 8 - 16 LPA

Job Title : Cyber Threat Intelligence Analyst

Job Level : Individual Contributor

Total Experience : 3-6 years

Relevant Experience : 3+ years

Responsibilities :

Cyber Threat Intelligence & Threat Hunting Responsibilities :

- Actively monitor, consume, research, and evaluate all-source cyber threat intelligence and perform proactive threat hunting to maintain a broad understanding and knowledge of the evolving threat landscape, adversarial tactics, techniques, and procedures (TTPs), and undiscovered threats within internal environments.

- Maintain and drive the development of new reports of Cyber Threat Intelligence analysis to peers, management, and customers for purposes of situational awareness and making threat intelligence actionable while integrating findings from threat hunting activities to enhance the relevance of the reports.

- Conduct in-depth threat hunting operations to identify undetected cyber threats, leveraging a combination of threat intelligence, internal security telemetry, and behavioral analysis techniques. Work closely with the security operations center (SOC) to uncover potential adversary activity.

- Evaluate, analyze, and derive actionable threat intelligence from a variety of open-source, commercial, and private sources to deliver quality deliverables to both technical and executive audiences, integrating insights gained from threat hunting operations.

- Assess, curate, and manage multiple threat intelligence feeds to enable the correlation of security events and support targeted hunting efforts based on the latest adversary techniques.

- Effectively perform all phases of the intelligence cycle (collection, analysis, production, and dissemination), while continuously integrating threat-hunting insights into the intelligence lifecycle to enhance detection strategies.

- Collaborate with operation teams to build novel detections, establish repeatable processes, drive threat hunting playbooks, and foster automation for containment and remediation activities based on the latest TTPs identified in both threat intelligence and threat hunting.

- Provide tactical and operational intelligence support for the Securonix Autonomous Threat Sweep service as well as Securonix Threat Intelligence services, incorporating findings from proactive threat-hunting operations to enrich service offerings.

- Perform proactive all-source research to identify and characterize new threats to the customer base and draft related threat intelligence products, where appropriate , complementing this research with targeted threat hunting to validate and investigate potential risks.

- Collaborate internally and externally, develop, enhance, and produce Securonix threat intelligence products, while contributing threat-hunting insights to ensure comprehensive reporting.

- Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution, and establishing countermeasures to increase cyber resiliency and proactive threat mitigation, while conducting active hunts based on identified trends.

- Develop compelling intelligence briefings, reports, and short position papers, with a focus on relevant, actionable intelligence, including findings and insights from targeted threat hunts.

- Integrate and apply CTI reporting and knowledge of adversary activity, relative to technology, into cybersecurity operations systems and processes, and collaborate with threat hunters to refine detection strategies based on adversary behavior.

- Collect, fuse, and analyze high volumes of open-source and proprietary threat reporting to provide predictive and actionable cyber threat intelligence, while ensuring ongoing threat-hunting activities address emerging threat vectors.

- Participate in threat intelligence vendor evaluations and expanding the capabilities of our threat intelligence service offering, particularly in areas that enhance our threat-hunting capabilities.

- Creation of detailed process documentation, including threat-hunting methodologies, detection tuning processes, and lessons learned from past hunts.

- Provide curated cyber intel to support the development of use cases mapped to common frameworks (e.g., MITRE ATT&CK) for detecting new/evolving threats, while actively hunting for those evolving threats in the customer environment.

- Respond to requests for ad-hoc reporting and research topics from management as required, providing both threat intelligence and threat-hunting context.

- Responsible for the development and publication of customer-facing and external intelligence products, with emphasis on findings from threat hunts to improve situational awareness.

- Communicate analytical findings to various audiences through in-person and virtual presentations, including threat-hunting methodologies and discoveries.

- Produce and review intelligence summaries for internal teams and clients, integrating threat-hunting activities and outcomes.

- Maintain memberships and establish intelligence-sharing relationships with appropriate sources within the intelligence community, while leveraging those relationships to inform threat-hunting initiatives.

- Research sets of standardized queries related to cyber threats for specific clients on a regular basis (daily, weekly, monthly, quarterly), and conduct threat-hunting tasks based on this ongoing research to identify active or latent threats.

Requirements :

- 3+ years of experience as a Cyber Threat Intelligence analyst, conducting all-source intelligence with a focus on cyber threat analysis, with additional experience in threat hunting and detection, actively uncovering hidden threats within an environment or a combination of intelligence, research, threat detection, or incident response work.

- Exhibit a deep knowledge of adversary techniques and emerging threats that could have a direct or indirect impact on business operations, technology infrastructure, and customer trust, with demonstrated application of CTI principles, including threat-hunting techniques to include adversary methodologies, TTPs, IOCs, and malware analysis.

- Understanding and knowledge of open source and commercial platforms, tools, and frameworks used within threat intelligence and threat hunting teams, such as threat intelligence platforms, threat-hunting tools, SIEM systems, malware sandboxes, and reverse engineering tools.

- Experience leveraging internal, commercial, and open-source tools and data sources to analyze, enrich, and synthesize indicators of compromise and/or other intelligence artifacts to provide meaningful and actionable intelligence and to identify active threats through proactive hunting.

- Experience creating and presenting technical analysis through written products and presentations, such as conference presentations, webinars, formal publications, blog posts, and/or white papers, particularly around threat hunting and detection strategies.

- Experience applying CTI expertise to drive impactful outcomes in cross-domains areas including but not limited to finance, disinformation, targeting, and space, as well as within threat-hunting and detection operations.

Preferred :

- Quantifiable experience as both Intel Analyst and Threat Hunter.

- Experience in writing, debugging, and maintaining code in one or more languages/platforms (i.e. Python).

- General log analysis (cloud services, DNS, email, DHCP, VPN, etc.) experience using SIEM or other security data lake platforms, with a focus on threat-hunting activities within these logs.

- Ability to quickly and effectively digest disparate data sources to determine security implications and risk levels, with experience in correlating threat intelligence with real-time hunting efforts.

- Indicator, Signature, and TTP development and management experience with hands-on threat-hunting in enterprise environments.