Jobs · Information Technology · Texas

Threat Intelligence Analyst - IBM CISO

IBM · Austin, TX · 1 wk ago
HybridInformation TechnologyFull-time

Role Overview

We are seeking an experienced Cyber Threat Intelligence (CTI) Analyst to join our team. As a CTI Analyst within the Office of the IBM CISO you will conduct all-source intelligence operations, which includes Gathering CTI that is relevant and actionable by IBM. Maintaining relevant, up-to-date and accurate data on threat activity clusters, nexuses, malware, tools, infrastructure, attack patterns and campaigns. Supporting other cyber defence teams such as Incident Response, Security / Network Operations Centres, Threat Hunting, Vulnerability Response and Engineering.

Key Responsibilities

  • Threat Intelligence: Collect, process, analyze and disseminate cyber threat intelligence from internal and external sources. Identify patterns and trends to anticipate, detect and mitigate potential threats. Perform contextualization on data and intelligence materials to determine their relevance and risk to IBM based on business operations, location, technology usage and victimology. Apply your skills to form hypotheses, critically assess and apply analysis techniques to query, merge, enrich, evaluate, and pivot within data to obtain and share insights with other IBM teams.
  • Alert and Case Analysis: Analyze and investigate suspicious activities detected by our Security Operations Centre and Cyber Security Incident Response Team to assess the level of threat by correlating intelligence with sightings made within the IBM environment.
  • Incident Response: Assist Incident Responders by enriching investigations, sightings and alerts with valid, qualified and contextualized intelligence.
  • Vulnerability Assessment: Monitor for Proofs-of-Concept and exploitation of relevant vulnerabilities.
  • Collaboration: CTI Analysts are expected to collaborate in (virtual) teams and across the CISO organization like SOC, Threat Hunting and CSIRT. At times, they collaborate directly with other IBM functions—such as commercial business units, supply chain, and research—to model, contextualize, assess, detect, and help mitigate specific threats.

Education and Technical Expertise

  • Preferred Education: Bachelor's Degree Required
  • Technical and Professional Expertise: Strong cyber security domain knowledge with the ability to speak authoritatively on cyber threat intelligence, including intelligence products (reports, advisories, indicators, attack/behaviour/compromise data) and intelligence lifecycle processes. Proven, methodical investigative approach with the ability to clearly articulate both findings and investigative methodology. Solid understanding of intelligence analysis principles, including deductive, inductive, and abductive reasoning. Practical experience with CTI standards and frameworks such as STIX/TAXII, CAPEC, the Cyber Kill Chain, and the CIA triad (or equivalents). Ability to model and analyze cyber threat Tactics, Techniques, and Procedures (TTPs), including decomposition of attack patterns. Hands-on experience with the MITRE ATT&CK (Enterprise and Mobile) frameworks. Working knowledge of broader security standards such as CVE and CWE. Strong data handling and manipulation skills to support intelligence collection, processing, analysis, and dissemination (e.g., parsing, decoding, feature extraction). Experience with enterprise security tools, including Threat Intelligence Platforms (e.g., ThreatConnect, OpenCTI), SIEM, SOAR, EDR, and data visualization tools (e.g., Kibana, Grafana).
  • Technical Skills: Advanced user proficiency in Windows, Linux, or macOS environments, with a solid understanding of networking, cloud, and enterprise IT technologies. Experience with query languages such as SQL (and variants), KQL (Kibana QL), XQL (Cortex QL). Experience using Artificial Intelligence (AI) within CTI roles and environments. Experience applying automation techniques to CTI problems. Experience working with Threat Hunting teams – specifically, providing intelligence to support their work and extracting intelligence from their findings. Experience working in large, complicated organisations that require collaboration with multi-disciplinary teams. Experience working with global teams – specifically spanning North America, Europe and Asia-Pacific.

Preferred Experience

  • Additional language skills besides English.
  • Practical experience managing intelligence datasets in OpenCTI.
  • Knowledge of query languages such as SQL (and variants), KQL (Kibana QL), XQL (Cortex QL).
  • Experience using Artificial Intelligence (AI) within CTI roles and environments.
  • Experience applying automation techniques to CTI problems.
  • Experience working with Threat Hunting teams – specifically, providing intelligence to support their work and extracting intelligence from their findings.
  • Experience working in large, complicated organisations that require collaboration with multi-disciplinary teams.
  • Experience working with global teams – specifically spanning North America, Europe and Asia-Pacific.
  • Industry-recognised courses and certifications – such as GIAC and CREST.
  • Undergraduate degree or equivalent in a relevant field – such as cyber security, computing, networking or engineering.

Similar jobs