Threat Intelligence Analyst
TENEX.AI · Sarasota, FL · 2 wk ago
HybridInformation TechnologyFull-time
About the role
We are looking for an investigative Threat Intelligence Analyst to join our Cybersecurity team. You will be responsible for identifying, evaluating, and communicating threats to our organization.
Responsibilities
- Support all phases of the intelligence lifecycle — planning, collection, analysis, production, and dissemination — under the guidance of senior analysts.
- Research known threat actors and groups, mapping observed Tactics, Techniques, and Procedures (TTPs) to the MITRE ATT&CK framework to help identify potential gaps in current defenses.
- Monitor open sources, industry feeds, and relevant forums to contribute to "big picture" reporting on how the threat environment is evolving.
- Collect and help validate technical Indicators of Compromise (IOCs) from malware reports and OSINT sources to support blocklist hygiene and reduce noise.
- Proactively research and collect threat intelligence from open-source intelligence (OSINT), commercial feeds, and internal security data.
- Assist in producing written reports, including Flash Alerts for urgent threats and contributions to monthly blogs or executive summaries.
- Monitor vulnerability disclosures and exploit trends, surfacing relevant findings for review and escalation.
- Work alongside technical teams (e.g., Incident Response, SOC) and help communicate threat findings to non-technical stakeholders in plain language.
Qualifications
- Experience: 2–4 years of experience in cybersecurity, with at least 1–2 years in a threat intelligence, SOC, or closely related role.
- Knowledge: Working familiarity with the Intelligence Cycle and common threat frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain).
- Research Skills: Hands-on experience with OSINT tools and techniques (e.g., Shodan, VirusTotal, WHOIS).
- Communication: Strong writing skills with the ability to summarize threats in a clear, business-relevant way.
- Analytical Mindset: Awareness of structured analytic techniques and a commitment to objective, evidence-based assessments.
- Technical Skills & Tools: Exposure to or willingness to learn Threat Intelligence Platforms (e.g., ThreatConnect, OpenCTI). SIEM: Basic familiarity with SIEM systems and log-based investigation. Standard Formats: Awareness of STIX/TAXII protocols for threat intelligence sharing. Malware Literacy: Ability to read a sandbox report and extract basic indicators such as C2 infrastructure. Scripting: Exposure to Python or similar scripting for basic data tasks is a plus.
- Holds or is actively pursuing a relevant certification (e.g., CompTIA Security+, BTL1, or working toward GCTI).
- Curious by nature — you don't just flag a malicious IP, you want to understand who is behind it and why.
- Follows security researchers and threat intel communities online to stay current on emerging threats and zero-day disclosures.
- Stays composed and methodical when supporting the team during active security incidents.
- Eager to grow into deeper adversary profiling, dark web research, and advanced analytic tradecraft over time.