Threat Intelligence Analyst, Associate - Security Operations
Blackstone · New York, NY · 4 days ago
Information Technology$135k–$170k/yrFull-time
Responsibilities
- Monitor and analyze cyber threat activity targeting the financial sector, alternative asset management, and adjacent industries using open-source, commercial, and internal sources, correlating across them to identify patterns and provide early warning of emerging campaigns
- Produce finished intelligence products and reports including recurring threat reporting, advisories, campaign profiles, actor dossiers, executive briefings, and visual products such as diagrams, tailored to both technical and non-technical audiences
- Map adversary behaviors to the MITRE ATT&CK framework and maintain threat actor profiles covering TTPs, intent, and relevance to Blackstone
- Extract, validate, enrich, and operationalize indicators of compromise (IOCs) to support detection engineering and incident response workflows
- Leverage AI and automation tooling to scale collection, enrichment, and operationalization of intelligence
- Partner with Alert, Detection & Response and Incident Response teams to translate intelligence into production detections (Splunk SPL, Sigma, YARA)
- Track zero-day and critical vulnerabilities, assess Blackstone's exposure, and translate findings into new detections and preventions in coordination with detection and security engineering
- Support threat-informed vulnerability prioritization (CVSS, EPSS, CISA KEV) and coordinate remediation tracking with asset owners
- Operate and evolve the firm's external Attack Surface Management (ASM) program, discovering and inventorying internet-facing assets across Blackstone and its portfolio companies, triaging newly discovered exposures and misconfigurations, and coordinating remediation
- Contribute to intelligence sharing with trusted industry partners, ISACs (such as FS-ISAC), government partners (such as JCDC), and peer financial institutions
- Support fusion center digital-threat monitoring, including brand, executive, and reputational exposure across OSINT, social media, and dark web sources
- Participate in incident response and the SOC on-call rotation (occasional, roughly every other month) to respond to escalated security incidents
Qualifications
- 2+ years of experience in cyber threat intelligence, security operations, incident response, or a related cybersecurity discipline
- Demonstrated understanding of the cyber threat landscape, including prominent threat actor groups, campaigns, and TTPs
- Working knowledge of intelligence frameworks such as MITRE ATT&CK, the Diamond Model, or the Intelligence Cycle
- Experience with threat intelligence platforms (TIPs), SIEM tools (e.g., Splunk), OSINT research methodologies, or attack surface management / vulnerability management tooling
- Scripting or programming experience (Python preferred) for automating data collection, enrichment, and analytic workflows
- Demonstrated, hands-on experience applying AI tooling (such as LLMs and coding assistants) to real work, and can clearly speak to several projects where you used AI to automate or accelerate a task
- Capable of writing clearly and developing visual products (such as diagrams) to communicate complex cyber threats to both technical and non-technical stakeholders, including executive leadership
- Strong analytical reasoning, attention to detail, and capable of prioritizing effectively in a fast-paced environment
- B.S. in Computer Science, Cybersecurity, Intelligence Studies, International Relations, or a related field
Preferred Qualifications
- Experience in the financial sector or an organization with a global threat landscape
- Hands-on experience with Attack Surface Management platforms (e.g., Mandiant ASM, CrowdStrike Falcon Surface, Microsoft Defender EASM, or similar)
- Hands-on experience with specific AI developer tooling, such as LLM assistants and APIs (e.g., ChatGPT/OpenAI, Claude/Anthropic, Gemini), coding assistants (e.g., GitHub Copilot, Cursor), or agentic and automation frameworks
- Experience with vulnerability management programs, including prioritization frameworks (CVSS, EPSS, CISA KEV) and remediation tracking
- Familiarity with structured analytic techniques and intelligence writing standards
- Experience with detection content development (Sigma, YARA, Splunk SPL, or KQL)
- Active participation in industry working groups, ISACs, or CTI community forums
- Relevant certifications (GIAC GCTI, Security+, CTIA, or similar)
- Exposure to cloud environments (AWS, Azure) and an understanding of cloud-specific threat vectors