Cyber Threat Intelligence Analyst

Our IT organization isn’t just here to support our business. We’re here to reinvent it – by changing how our customers, partners, and employees interact with our company. To do that, we’re looking for people who bring great ideas and improve our partners’ ideas. Intellectually curious advisors (not order takers) who focus on outcomes to creatively solve business problems. People who not only embrace change but who accelerate it.

Job Description

As a global dynamic technology enterprise, our company presents an attractive target for malicious actors. It faces threats from internal to opportunistic to the most persistent attackers. The Cyber Threat Intelligence (CTI) team is a crucial partner to the Enterprise Information Security (EIS) program. It supports many components—like threat hunting and incident response—in its smooth and timely operations.

The CTI Analyst role is responsible for collecting, analyzing, and disseminating finished intelligence to leadership, security operations, technology stakeholders, and executive decision-makers. The analyst will be a part of a team that primarily focuses on identifying trends, patterns, and emerging threats while providing senior leadership with cyber intelligence that furthers their critical understanding of the cyber threat landscape specific to MSI. This position offers a unique opportunity for you to draw from your knowledge and experience and impact a global enterprise's security posture and decision-making.

Basic Requirements

Relocation Provided – None

Education Required – Bachelor's Degree or equivalent work experience

Experience Required – 2+ years of experience with Cyber Threat Intelligence (CTI) or 2+ years experience in other Intelligence Analysis fields.

Responsibilities:

• Monitor and analyze a variety of open-source and proprietary threat intelligence feeds.
• Develop playbooks for use in our Threat Intelligence Platform (TIP).
• Prepare and conduct threat briefings for executive-level audiences.
• Develop and maintain a portfolio of threat profiles, threat activity, trends, and common attack vectors from available sources.
• Recommend network defense actions to counter adversary activity and respond to and assist the Incident Response (IR) team.
• Correlate collected intelligence to build upon a tracked threat activity knowledge base.
• Develop all-source intelligence products for incident response, detection engineering, and threat hunting using analysis tools, technical and non-technical data sets, and aggregators.
• Perform OSINT and SOCMINT investigations as requested.

Skills and attributes for success:

• Proven ability to gather, analyze, and interpret threat intelligence data from multiple sources.
• Ability to prioritize tasks and meet deadlines in a fast-paced environment, including non-standard work hours in response to Information Security incidents.
• Ability to convey complex information in simple, concise explanations.
• Self-driven, creative, and can operate independently.

Requirements:

• Must be able to speak/read/write in English with Full Professional Proficiency. 
• Proven ability to gather, analyze, and interpret threat intelligence data from multiple sources.
• Experience creating actionable threat intelligence reports, threat and vulnerability assessments, and threat actor profiles.
• Strength in identifying and extracting pertinent Indicators of Compromise (IOCs) from reporting and providing them to operational teams.
• Understanding of threat actor Tactics, Techniques, and Procedures (TTPs).
• Knowledge of CTI frameworks (Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc.)
• Self-driven, creative, and can operate independently. 
• Experience with OSINT and SOCMINT investigations.
• Excellent written and verbal communication skills, including presenting technical information to non-technical audiences.
• Knowledge of cybersecurity and privacy principles, cyber threats, vulnerabilities, exploits, and the Threat Intelligence Cycle.
• Understanding of computer networking concepts, the OSI model, and underlying network protocols.

Desired:

• Industry certifications related to CTI, Pen Testing, Forensics, Networking, or Security (such as GCTI, GCIH, GCFE, GCFA, ATT&CK CTI).2+ years of experience in programming or scripting (Python, SQL, PHP, PowerShell).
• Language proficiency certification (such as TOEFL/ACTFL/DLPT)
• Experience with TIPs/TIMs/EDR/SIEMs/SOAR etc.
• Strength in uncovering relationships or trends using Maltego or other graphical link analysis tools to discover hidden relationships between IoCs.
• Experience with threat hunting for both indicator-based hunting (known threats) and hypothesis-driven hunting (unknown threats) through log analysis.
• Familiarity with Wireshark or other packet/protocol analysis tools.