Threat Intelligence Analyst

Job Title: Threat Intelligence Analyst

Location: San Jose, CA 95110 (Open to hybrid and remote candidates. Preference is candidates that can work a hybrid schedule in San Jose, CA.)

Duration: 6 months

Contract Type: W2 only

Pay Rate: $70.42/Hour

Duties:

• Monitor the cyber threat landscape for emerging threats to client’s products, platforms, and customers.
• Create scripts and tools to automate threat intelligence collection and enhance efficiency.
• Gather and analyze threat intelligence from diverse sources including open-source intelligence (OSINT), commercial threat intelligence feeds, dark web monitoring, and threat intelligence platforms to identify patterns, trends, and potential threats relevant to the client.
• Provide timely, actionable intelligence to internal stakeholders, including security operations, incident response, threat hunting, detection engineering, risk management, vulnerability operation center, and executive leadership.
• Develop detailed threat actor profiles, risk assessments, and mitigation recommendations specific to Client's technology stack and customer ecosystem.
• Share threat intelligence findings with cross-functional teams, enabling proactive risk management across Client’s products and services.

Skills:

Threat Analysis & Detection

• Identification of Indicators of Compromise (IoCs): Proficient in recognizing and validating malicious IPs, domains, file hashes, and registry keys.
• Tactics, Techniques, and Procedures (TTPs) Analysis: Expertise in mapping adversary behaviors using the MITRE ATT&CK framework to understand attack vectors and predict potential threats.
• Advanced Persistent Threat (APT) Profiling: In-depth knowledge of APT groups, their operational methodologies, tools, and geopolitical motivations.
• Cybercrime Ecosystem Intelligence: Strong understanding of dark web marketplaces, threat actor infrastructures, ransomware groups, and emerging cybercriminal tactics, techniques, and procedures (TTPs).

Cybersecurity Tools & Technologies

• Security Information and Event Management (SIEM): Hands-on experience with platforms like Splunk, QRadar, and ArcSight for real-time threat detection, event correlation, and log analysis.
• Threat Intelligence Platforms (TIPs): Proficient in using MISP, ThreatQ, Recorded Future, and similar platforms for aggregating, analyzing, and operationalizing threat intelligence feeds.
• Log Analysis & Event Correlation: Strong ability to analyze large datasets from diverse sources (firewalls, IDS/IPS, endpoints) to uncover hidden threats.
• Vulnerability Management: Understanding CVEs, CVSS scoring, and patch management and familiarity with vulnerability scanning tools (e.g., Nexpose, Qualys)

Scripting & Automation

• Programming & Scripting: Proficient in Python, PowerShell, and Bash for automating repetitive tasks, developing custom scripts, and parsing large volumes of threat data.
• Data Extraction Techniques: Strong command of regular expressions (RegEx) for advanced data filtering, pattern recognition, and log parsing.
• API Integration & Automation: Experience in working with RESTful APIs to automate data collection from open-source intelligence (OSINT) tools and internal security platforms.
• Threat Feed Integration: Knowledge of STIX/TAXII protocols for automated sharing and ingestion of structured threat intelligence data across systems.

Soft Skills

• Technical & Executive Reporting: Strong report-writing skills for delivering actionable threat intelligence to both technical stakeholders and executive leadership.
• Effective Communication: Ability to articulate complex cyber threats clearly and concisely through presentations, dashboards, and briefings tailored to diverse audiences.
• Cross-Functional Collaboration: Proven ability to work closely with CSIRT Operations, threat-hunting, Detection Engineering, Vulnerability Management, and other security stakeholders to enhance organizational security posture.
• Critical Thinking & Problem-Solving: Strong analytical mindset to assess threat data, identify patterns, and develop strategic responses to emerging threats.

Education:

Bachelor’s Degree (Preferred):

• Fields: Cybersecurity, Information Security, Computer Science, Information Technology, or related disciplines.
• Focus Areas: Cloud and network security, data analysis, cryptography, incident response, and threat modeling.

Master’s Degree (Optional but Advantageous):

• Fields: Cyber Threat Intelligence, Cybersecurity Operations, Digital Forensics, or Risk Management.

Professional Certifications (Highly Recommended)

• GIAC Cyber Threat Intelligence (GCTI) – Specialized in structured threat intelligence lifecycle management.
• Certified Threat Intelligence Analyst (CTIA) – Covers intelligence gathering, analysis, and dissemination.

Certifications & Licenses:

• Certified Threat Intelligence Analyst (CTIA)