Torchora
Back to Home

Key Responsibilities and Required Skills for a Threat Intelligence Analyst

💰 $90,000 - $160,000

CybersecurityThreat IntelligenceSecurity OperationsInformation Security

🎯 Role Definition

As a Threat Intelligence Analyst, you will be at the forefront of our cybersecurity defense strategy. Your mission is to delve into the global threat landscape, transforming raw data from disparate sources into finished, actionable intelligence. You will be responsible for understanding the "who, what, where, when, and why" of cyber threats, enabling our organization to move from a reactive to a proactive security posture. This role is perfect for an intellectually curious and highly analytical individual who thrives on connecting disparate dots to uncover malicious activity and predict future attacks. You will be a key partner to our Security Operations Center (SOC), Incident Response, and Vulnerability Management teams, providing them with the context and indicators needed to defend our digital environment effectively.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Security Operations Center (SOC) Analyst
  • Incident Responder
  • Digital Forensics Analyst
  • Network Security Engineer

Advancement To:

  • Senior Threat Intelligence Analyst
  • Threat Intelligence Manager / Team Lead
  • Principal Security Researcher
  • Director of Threat Intelligence

Lateral Moves:

  • Threat Hunter
  • Red Team Operator
  • Security Architect
  • Incident Response Manager

Core Responsibilities

Primary Functions

  • Proactively collect, analyze, and correlate threat data from a diverse range of sources, including open-source intelligence (OSINT), dark web forums, social media, technical sources (e.g., malware sandboxes), and commercial intelligence feeds.
  • Develop and maintain detailed, evidence-based profiles of threat actors, including their motivations, capabilities, infrastructure, and Tactics, Techniques, and Procedures (TTPs).
  • Author and disseminate a variety of intelligence products, from strategic reports for executive leadership on emerging threats to tactical alerts and technical Indicators of Compromise (IOCs) for security operations teams.
  • Conduct in-depth research and analysis on geopolitical events, industry-specific threats, and technology trends to assess their potential impact on the organization's security posture.
  • Map observed malicious activity to cybersecurity frameworks like MITRE ATT&CK® and the Cyber Kill Chain® to provide a structured understanding of adversary behavior.
  • Support incident response efforts by providing critical context on attacking adversaries, enriching investigation data, and identifying related malicious infrastructure or campaigns.
  • Collaborate with the threat hunting team by developing high-fidelity hypotheses based on new intelligence, threat actor TTPs, and observed global attack patterns.
  • Manage and operationalize threat intelligence platform (TIP) data, ensuring IOCs are effectively integrated into security controls like firewalls, proxies, EDR, and SIEM.
  • Conduct technical analysis of malware, phishing campaigns, and exploit kits to extract IOCs, understand functionality, and attribute activity to known threat groups.
  • Perform deep-dive research into the dark web and underground criminal forums to identify emerging threats, data leaks, and targeted attack planning against the organization.
  • Create and deliver regular threat briefings and presentations to a wide range of audiences, from technical security teams to non-technical business leaders.
  • Track and analyze vulnerabilities and exploits in the wild, providing prioritized intelligence to the vulnerability management team for effective patch and remediation efforts.
  • Develop and maintain a repository of intelligence, ensuring data is properly tagged, stored, and searchable for future analysis and historical correlation.
  • Evaluate and recommend new intelligence sources, tools, and analytical techniques to enhance the team's overall capabilities and efficiency.
  • Participate in and represent the organization within intelligence-sharing communities and partnerships, such as ISACs, to both contribute and consume valuable threat information.
  • Conduct detailed intelligence investigations into specific security events or incidents to determine attribution, scope, and impact.
  • Reverse engineer adversary TTPs to develop and refine detection rules, analytics, and countermeasures for deployment within our security toolset.
  • Monitor for brand impersonation, executive targeting, and reputational threats across the surface, deep, and dark web.
  • Provide subject matter expertise on cyber threats during security architecture reviews, risk assessments, and red team planning exercises.
  • Automate intelligence collection and processing tasks using scripting languages (e.g., Python) to improve the speed and scale of intelligence operations.
  • Develop custom intelligence collection capabilities and maintain unique sources to gain an information advantage over adversaries.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis for security leadership.
  • Contribute to the organization's overall data and security strategy and roadmap.
  • Collaborate with business units to translate their operational risks into intelligence requirements (PIRs).
  • Participate in sprint planning and agile ceremonies within the broader cybersecurity team.
  • Mentor junior analysts, providing guidance on analytical tradecraft, tools, and reporting standards.
  • Assist in post-incident reviews to ensure lessons learned are integrated into the intelligence lifecycle.

Required Skills & Competencies

Hard Skills (Technical)

  • Deep understanding of the intelligence lifecycle (e.g., planning, collection, processing, analysis, dissemination, feedback).
  • Proficiency in mapping threat activity to frameworks like MITRE ATT&CK®, Lockheed Martin Cyber Kill Chain®, and the Diamond Model.
  • Hands-on experience with Security Information and Event Management (SIEM) platforms such as Splunk, QRadar, or Microsoft Sentinel for threat hunting and log analysis.
  • Strong knowledge of OSINT collection techniques and familiarity with tools like Maltego, Shodan, Recon-ng, and theHarvester.
  • Experience utilizing and managing a Threat Intelligence Platform (TIP), such as ThreatQuotient, Anomali, or MISP.
  • Foundational scripting and automation skills, particularly in Python or PowerShell, for data parsing, API integration, and task automation.
  • Basic to intermediate malware analysis skills (static and dynamic) using tools like IDA Pro, Ghidra, Wireshark, and sandboxing environments.
  • In-depth knowledge of network protocols (TCP/IP, DNS, HTTP/S), security controls (Firewalls, IDS/IPS, EDR), and common attack vectors.
  • Experience analyzing and pivoting on technical indicators (IOCs) such as IP addresses, domain names, file hashes, and network artifacts.
  • Familiarity with navigating and researching on the deep and dark web using appropriate operational security (OPSEC) measures.

Soft Skills

  • Exceptional analytical and critical thinking skills with a keen eye for detail.
  • Strong written and verbal communication skills, with the ability to convey complex technical concepts to both technical and non-technical audiences.
  • Unwavering intellectual curiosity and a persistent drive to uncover the "why" behind an event.
  • Ability to work effectively under pressure and make sound decisions in fast-paced situations.
  • A highly collaborative mindset with a demonstrated ability to work across different teams and functions.
  • Strong problem-solving abilities and a methodical approach to investigations.
  • Adaptability and a willingness to continuously learn new technologies and analytical techniques.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's Degree in a relevant field or equivalent demonstrated practical experience in a cybersecurity role.

Preferred Education:

  • Master’s Degree in Cybersecurity, Information Security, International Relations, or a related discipline.

Relevant Fields of Study:

  • Computer Science
  • Cybersecurity / Information Security
  • International Relations / Political Science
  • Intelligence Studies

Experience Requirements

Typical Experience Range:

  • 3-7 years of experience within cybersecurity, with a minimum of 2 years in a dedicated threat intelligence, incident response, security research, or SOC analyst role.

Preferred:

  • Experience working for or with a national-level intelligence agency, military cyber command, or a mature enterprise threat intelligence team.
  • Professional certifications such as GCTI (GIAC Cyber Threat Intelligence), FOR578 (Cyber Threat Intelligence course), CTIA (Certified Threat Intelligence Analyst), CISSP, or OSCP.
Explore More Careers