Cyber Threat Intelligence Analyst - Remote
About the role
We are seeking an experienced Cyber Threat Intelligence (CTI) Analyst to help mature the CSAA CTI program. This hands-on role focuses on operationalizing the Threat Intelligence Platform (TIP), tracking priority threats, and delivering actionable, detection-driven intelligence to security teams and leadership.
Responsibilities
- Monitor and analyze intelligence from commercial, industry, and OSINT sources to track threat actors, campaigns, and vulnerabilities, and assess their relevance, impact, and risk to the organization
- Maintain and use Threat Intelligence Platforms (TIP) and related tools to support intelligence operations, including ingestion, enrichment, tagging, and data quality
- Integrate intelligence across security tools (SIEM, SOAR, case management) to support operations
- Collect, enrich, and manage actionable IOCs to drive detection, blocking, and mitigation efforts across security operations
- Provide real-time intelligence context during investigations and incidents (e.g., adversary behavior, infrastructure, objectives)
- Analyze vulnerability intelligence, including KEV listings and active exploitation trends, to support risk-based vulnerability prioritization
- Respond to ad hoc and timesensitive intelligence requests from stakeholders
- Support threat hunting by developing indicators, behaviors, and hypotheses
- Produce and deliver intelligence reports and briefings for technical and nontechnical audiences
- Improve intelligence workflows, intake processes, RFIs, and documentation
Requirements
- 6+ years of experience in Cyber Threat Intelligence, SOC, Incident Response, Threat Hunting, or related cybersecurity roles
- Bachelor's degree in computer science, Information Technology, or a related field, or an equivalent combination of education and experience
- Deep experience operating and optimizing industry leading Threat Intelligence Platforms (TIPs)
- Proven experience leveraging commercial threat intelligence providers such as Flashpoint, Recorded Future, Intel 471, ZeroFox, or comparable services to support operational intelligence requirements
- Strong mastery of the intelligence lifecycle, with demonstrated ability to operationalize intelligence from collection through dissemination and action
- Advanced working knowledge of the MITRE ATT&CK framework, with experience applying it to threat analysis, detection engineering, and reporting
- Demonstrated experience managing and enriching IOCs, with a focus on translating intelligence into measurable detection, blocking, and mitigation outcomes
- Solid understanding of SIEM, SOAR, EDR, and case management platforms, and how intelligence integrates into and enhances investigative workflows
- Experience analyzing vulnerability and exploit intelligence to assess real-world risk, likelihood of exploitation, and potential business impact
- Strong written and verbal communication skills, with the ability to clearly articulate complex threat and risk concepts to both technical and nontechnical stakeholders
Qualifications
- A team player who values collaboration and knowledge sharing
- Ability to think critically and operate effectively in ambiguous or evolving situations
- Strong communication skills
- A strong passion for continuous learning, with curiosity to stay current on emerging threats, techniques, and evolving security trends
- A self-starter who takes initiative, operates effectively with minimal direction, and proactively sees opportunities to improve security outcomes
- Actively shapes our company culture (e.g., participating in employee resource groups, volunteering, etc.)
- Lives into cultural norms (e.g., willing to have cameras when it matters: helping onboard new team members, building relationships, etc.)
- Travels as needed for role, including divisional / team meetings and other in-person meetings
- Fulfills business needs, which may include investing extra time, helping other teams, etc.
Benefits
At CSAA IG, we offer a total compensation package, annual bonus eligibility for most roles, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at [https://careers.csaainsurance.aaa.com/us/en/benefits](https://careers.csaainsurance.aaa.com/us/en/benefits).
Pay
Factors used to determine the actual salary offered may include location, experience, or education.
Schedule
Most employees hold Home-Flex roles, working primarily from home, often with the flexibility to work from various locations including CSAA offices.
Equal Opportunity Employer
CSAA Insurance Group is an equal opportunity employer.