Job Description

Role: Threat Intelligence Analyst
Location: San Jose CA
Duration: Direct Hire


Job Description:

• Monitor the cyber threat landscape for emerging threats to Client's products, platforms, and customers.
• Create scripts and tools to automate threat intelligence collection and enhance efficiency.
• Gather and analyze threat intelligence from diverse sources including open-source intelligence (OSINT), commercial threat intelligence feeds, dark web monitoring, and threat intelligence platforms to identify patterns, trends, and potential threats relevant to Client.
• Provide timely, actionable intelligence to internal stakeholders, including security operations, incident response, threat hunting, detection engineering, risk management, vulnerability operation center, and executive leadership.
• Develop detailed threat actor profiles, risk assessments, and mitigation recommendations specific to Client's technology stack and customer ecosystem.
• Share threat intelligence findings with cross-functional teams, enabling proactive risk management across Client s products and services.

• Identification of Indicators of Compromise (IoCs): Proficient in recognizing and validating malicious IPs, domains, file hashes, and registry keys.
• Tactics, Techniques, and Procedures (TTPs) Analysis: Expertise in mapping adversary behaviors using the MITRE Telecommunication & CK framework to understand attack vectors and predict potential threats.
• Advanced Persistent Threat (APT) Profiling: In-depth knowledge of APT groups, their operational methodologies, tools, and geopolitical motivations.
• Cybercrime Ecosystem Intelligence: Strong understanding of dark web marketplaces, threat actor infrastructures, ransomware groups, and emerging cybercriminal tactics, techniques, and procedures (TTPs).

• Security Information and Event Management (SIEM): Hands-on experience with platforms like Splunk, QRadar, and ArcSight for real-time threat detection, event correlation, and log analysis.
• Threat Intelligence Platforms (TIPs): Proficient in using MISP, ThreatQ, Recorded Future, and similar platforms for aggregating, analyzing, and operationalizing threat intelligence feeds.
• Log Analysis & Event Correlation: Strong ability to analyze large datasets from diverse sources (firewalls, IDS/IPS, endpoints) to uncover hidden threats.
• Vulnerability Management: Understanding CVEs, CVSS scoring, and patch management and familiarity with vulnerability scanning tools (e.g., Nexpose, Qualys)
• Scripting & Automation
• Programming & Scripting: Proficient in Python, PowerShell, and Bash for automating repetitive tasks, developing custom scripts, and parsing large volumes of threat data.
• Data Extraction Techniques: Strong command of regular expressions (RegEx) for advanced data filtering, pattern recognition, and log parsing.
• API Integration & Automation: Experience in working with RESTful APIs to automate data collection from open-source intelligence (OSINT) tools and internal security platforms.
• Threat Feed Integration: Knowledge of STIX/TAXII protocols for automated sharing and ingestion of structured threat intelligence data across systems.

• Technical & Executive Reporting: Strong report-writing skills for delivering actionable threat intelligence to both technical stakeholders and executive leadership.
• Effective Communication: Ability to articulate complex cyber threats clearly and concisely through presentations, dashboards, and briefings tailored to diverse audiences.
• Cross-Functional Collaboration: Proven ability to work closely with CSIRT Operations, threat-hunting, Detection Engineering, Vulnerability Management, and other security stakeholders to enhance organizational security posture.
• Critical Thinking & Problem-Solving: Strong analytical mindset to assess threat data, identify patterns, and develop strategic responses to emerging threats.

• Fields: Cybersecurity, Information Security, Computer Science, Information Technology, or related disciplines.
• Focus Areas: Cloud and network security, data analysis, cryptography, incident response, and threat modeling

• Fields: Cyber Threat Intelligence, Cybersecurity Operations, Digital Forensics, or Risk Management.
• Professional Certifications (Highly Recommended) GIAC Cyber Threat Intelligence (GCTI) - Specialized in structured threat intelligence lifecycle management.
• Certified Threat Intelligence Analyst (CTIA) - Covers intelligence gathering, analysis, and dissemination

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

• Dice Id: RTX1caeb2
• Position Id: 25-05970

Job Tags

Similar Jobs