Threat Intelligence Analyst (CPX)

Overview:

The Threat Intelligence Analyst is a core member of the Threat Intelligence Center, responsible for identifying, analyzing, and reporting on cyber threats targeting national critical infrastructure and enterprise systems. This role focuses on intrusion analysis, malware reverse engineering, and threat actor tracking across the surface, deep, and dark web. The analyst will transform raw technical data into actionable intelligence to support investigations, incident response, and proactive defense strategies.

Responsibilities:

Intrusion Analysis

• Analyze network telemetry, endpoint logs, and threat data to identify malicious activity and intrusion attempts.
• Correlate indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) with threat actor campaigns.
• Support incident response teams with threat context, attribution, and post-incident intelligence reporting.
• Develop detection logic using Sigma, Snort, and custom scripts to identify emerging threats.

Malware Analysis & Reverse Engineering

• Perform static and dynamic analysis of malware samples using tools such as Ghidra, IDA Pro, x64dbg, and Cuckoo Sandbox.
• Reverse engineer obfuscated binaries and scripts to extract payloads, persistence mechanisms, and C2 infrastructure.
• Create YARA rules and behavioral signatures to detect malware variants and families.
• Maintain a malware repository and contribute to threat hunting and detection engineering efforts.

Surface, Deep, and Dark Web Intelligence Collection

• Monitor underground forums, encrypted messaging platforms, and marketplaces for threat actor activity, data leaks, and exploit development.
• Use TOR, I2P, and specialized tooling to collect intelligence on cybercriminal operations and APT chatter.
• Identify and report on targeted threats, credential dumps, and mentions of organizational assets.
• Collaborate with law enforcement and intelligence-sharing communities when necessary.

Threat Intelligence Operations

• Produce high-quality intelligence products including technical reports, threat assessments, and adversary profiles.
• Manage and optimize threat intelligence platforms (TIPs) and integrate feeds into SIEM and SOAR systems.
• Develop and refine threat models using frameworks such as MITRE ATT&CK, Diamond Model, and the Cyber Kill Chain.
• Build and manage SIEM use cases based on threat intelligence findings.

Qualifications:

Required Skills & Experience

• Minimum 7 years of experience in cyber threat intelligence, malware analysis, or intrusion detection.
• Strong understanding of threat actor methodologies, APT groups, and cybercrime ecosystems.
• Proficiency in malware analysis tools (Ghidra, IDA Pro, Cuckoo, etc.) and packet analysis tools (Wireshark, tcpdump).
• Experience with threat intelligence platforms (MISP, ThreatConnect, Recorded Future) and SIEMs (Splunk, QRadar, Elastic).
• Hands-on experience with scripting languages (Python, PowerShell, Bash) for automation and enrichment.
• Familiarity with STIX/TAXII, YARA, OpenIOC, and other intelligence sharing formats.

Preferred Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• Certifications: GREM, GCTI, GCIH, CISSP, or equivalent.
• Experience in large-scale security operations (enterprise, military, or government).
• Strong analytical and investigative skills with the ability to synthesize complex data into actionable insights.
• Experience integrating threat intelligence into SOC workflows and detection pipelines.