Threat Intelligence Analyst
| Company | Alight |
|---|---|
| Location | California, USA, Texas, USA, Georgia, USA, New York, NY, USA |
| Salary | $72200 – $114500 |
| Type | Full-Time |
| Degrees | |
| Experience Level | Mid Level |
Requirements
- Minimum of 2 years of experience in a threat intelligence or related cybersecurity role.
- Strong understanding of cyber threat intelligence frameworks (MITRE ATT&CK, STIX/TAXII, Cyber Kill Chain).
- Experience with threat intelligence platforms (TIPs) like MISP, Recorded Future, Anomali, or ThreatConnect.
- Hands-on experience with SIEM and EDR/XDR tools (Microsoft Sentinel, CrowdStrike, etc.)
- Knowledge of malware analysis, digital forensics, and network security. Ability to dynamically analyze malicious code and related threats
- Understanding of threat actor groups, APTs, ransomware operations, and attack vectors.
- Scripting skills (Python, PowerShell, or Bash) for intelligence automation (a plus).
- Familiarity with dark web monitoring, OSINT techniques, and cybercrime forums.
- Strong communication and collaboration abilities.
Responsibilities
- Continuously track, analyze, and assess emerging cyber threats, including APT groups, malware campaigns, and cybercriminal activities.
- Investigate and document threat actor tactics, techniques, and procedures (TTPs) using frameworks like MITRE ATT&CK and Cyber Kill Chain.
- Gather intelligence from open-source (OSINT), dark web, commercial threat feeds, and internal telemetry to identify relevant threats.
- Identify indicators of compromise (IOCs) and adversary behaviors to enhance threat detection capabilities.
- Provide actionable intelligence and context to SOC analysts and IR teams to improve threat detection and response.
- Create detailed reports and executive summaries on threat trends, vulnerabilities, and attack campaigns to inform security leadership.
- Work with security engineers to integrate threat intelligence into SIEM and EDR solutions.
- Assist in proactive threat hunting initiatives to detect hidden threats within the environment.
- Leverage scripting (Python, PowerShell) and APIs to automate threat intelligence enrichment and correlation.
Preferred Qualifications
- Scripting skills (Python, PowerShell, or Bash) for intelligence automation (a plus).
- Relevant certifications such as GCTI, CTIA, GCIH, or equivalent are a plus.