Jobs · Information Technology · New York

Threat Intelligence Analyst, Associate - Security Operations

Blackstone · New York, NY · 4 days ago
Information Technology$135k–$170k/yrFull-time

Responsibilities

  • Monitor and analyze cyber threat activity targeting the financial sector, alternative asset management, and adjacent industries using open-source, commercial, and internal sources, correlating across them to identify patterns and provide early warning of emerging campaigns
  • Produce finished intelligence products and reports including recurring threat reporting, advisories, campaign profiles, actor dossiers, executive briefings, and visual products such as diagrams, tailored to both technical and non-technical audiences
  • Map adversary behaviors to the MITRE ATT&CK framework and maintain threat actor profiles covering TTPs, intent, and relevance to Blackstone
  • Extract, validate, enrich, and operationalize indicators of compromise (IOCs) to support detection engineering and incident response workflows
  • Leverage AI and automation tooling to scale collection, enrichment, and operationalization of intelligence
  • Partner with Alert, Detection & Response and Incident Response teams to translate intelligence into production detections (Splunk SPL, Sigma, YARA)
  • Track zero-day and critical vulnerabilities, assess Blackstone's exposure, and translate findings into new detections and preventions in coordination with detection and security engineering
  • Support threat-informed vulnerability prioritization (CVSS, EPSS, CISA KEV) and coordinate remediation tracking with asset owners
  • Operate and evolve the firm's external Attack Surface Management (ASM) program, discovering and inventorying internet-facing assets across Blackstone and its portfolio companies, triaging newly discovered exposures and misconfigurations, and coordinating remediation
  • Contribute to intelligence sharing with trusted industry partners, ISACs (such as FS-ISAC), government partners (such as JCDC), and peer financial institutions
  • Support fusion center digital-threat monitoring, including brand, executive, and reputational exposure across OSINT, social media, and dark web sources
  • Participate in incident response and the SOC on-call rotation (occasional, roughly every other month) to respond to escalated security incidents

Qualifications

  • 2+ years of experience in cyber threat intelligence, security operations, incident response, or a related cybersecurity discipline
  • Demonstrated understanding of the cyber threat landscape, including prominent threat actor groups, campaigns, and TTPs
  • Working knowledge of intelligence frameworks such as MITRE ATT&CK, the Diamond Model, or the Intelligence Cycle
  • Experience with threat intelligence platforms (TIPs), SIEM tools (e.g., Splunk), OSINT research methodologies, or attack surface management / vulnerability management tooling
  • Scripting or programming experience (Python preferred) for automating data collection, enrichment, and analytic workflows
  • Demonstrated, hands-on experience applying AI tooling (such as LLMs and coding assistants) to real work, and can clearly speak to several projects where you used AI to automate or accelerate a task
  • Capable of writing clearly and developing visual products (such as diagrams) to communicate complex cyber threats to both technical and non-technical stakeholders, including executive leadership
  • Strong analytical reasoning, attention to detail, and capable of prioritizing effectively in a fast-paced environment
  • B.S. in Computer Science, Cybersecurity, Intelligence Studies, International Relations, or a related field

Preferred Qualifications

  • Experience in the financial sector or an organization with a global threat landscape
  • Hands-on experience with Attack Surface Management platforms (e.g., Mandiant ASM, CrowdStrike Falcon Surface, Microsoft Defender EASM, or similar)
  • Hands-on experience with specific AI developer tooling, such as LLM assistants and APIs (e.g., ChatGPT/OpenAI, Claude/Anthropic, Gemini), coding assistants (e.g., GitHub Copilot, Cursor), or agentic and automation frameworks
  • Experience with vulnerability management programs, including prioritization frameworks (CVSS, EPSS, CISA KEV) and remediation tracking
  • Familiarity with structured analytic techniques and intelligence writing standards
  • Experience with detection content development (Sigma, YARA, Splunk SPL, or KQL)
  • Active participation in industry working groups, ISACs, or CTI community forums
  • Relevant certifications (GIAC GCTI, Security+, CTIA, or similar)
  • Exposure to cloud environments (AWS, Azure) and an understanding of cloud-specific threat vectors

Similar jobs