Cyber Threat Intelligence Lead - Remote

Overview

The Cyber Threat Intelligence Lead will be a highly technical and strategic individual responsible for leading the technical direction of the threat intelligence function. This role will drive the continued maturation of our intelligence capabilities through technology advancements, process optimization, and the development of cutting-edge analytical techniques.

In Short

• Conduct in-depth technical analysis of threats, including malware analysis, network traffic analysis, and vulnerability research.
• Develop and deliver comprehensive threat intelligence reports to senior management and other stakeholders, highlighting key findings and recommendations.
• Drive the adoption and integration of threat intelligence technologies and platforms.
• Develop and maintain a robust threat intelligence infrastructure and integrations.
• Research and implement innovative analytical techniques and methodologies.
• Streamline and automate threat intelligence workflows and processes.
• Develop and implement tools and scripts to enhance operational efficiency.
• Document and disseminate best practices and knowledge within the team.
• Develop and maintain custom threat intelligence feeds and data sources.
• Mentor and guide junior analysts, fostering a culture of continuous learning and growth.

Requirements

• 5+ years of cybersecurity experience in threat hunting, incident response, digital forensics, cyber intelligence, or related fields.
• Deep expertise in security technologies, including EDR, SIEM, cloud security, and network security.
• Proven experience with threat intelligence platforms, data analysis tools, and scripting languages (e.g., Python, SPL).
• Tactical, operational, and strategic knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and motivations.
• Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.).
• Experience in network and host-based analysis and investigation.
• Experience with Splunk Search Processing Language (SPL), LogScale, and Endpoint Detection and Response (EDR) tools or other SIEM technologies and query languages.
• Understanding of complex enterprise networks to include endpoint, network, email, identity management, and administration systems.
• Deep understanding of network and host-based security concepts, including protocols (HTTP, DNS, SMB), operating systems (Windows, Linux, macOS), authentication protocols, and security tools (SIEM, EDR, SOAR).
• Excellent analytical and problem-solving skills, detail-oriented, and able to communicate process and findings verbally and through reports.

Benefits

• This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks.