Apply on Employer Site

Deepwatch · 4 days ago

Lead Threat Intelligence Analyst

Tampa, FL Hybrid

Full-time

Hybrid

Lead/Staff

$175K/yr - $190K/yr

Deepwatch is a leader in managed security services, dedicated to protecting organizations from cyber threats. As a Lead Threat Intelligence Analyst, you will collect, analyze, and disseminate cyber threat intelligence to enhance security operations and support client needs.

Cloud SecurityCyber SecurityInformation Technology

Comp. & Benefits

No H1B

U.S. Citizen Only

Responsibilities

Monitor and evaluate publicly available and closed sources, selecting and reviewing cyber threat reporting for relevance and actionability

Analyze processed threat intelligence, correlating and synthesizing findings with other internal and external sources to create a comprehensive threat picture

Produce brief, high-impact customer-facing summaries highlighting essential facts for internal sharing, as well as more detailed formal reports that include key facts, technical details, threat actor profiling, victimology, attack chains, and TTPs

Recommend mitigation measures based on technical analysis and threat assessments to reduce client risk exposure

Identify and map key elements from intelligence reports to STIX threat objects for easy consumption by stakeholders and ingestion into the Threat Intelligence Platform

Ingest finalized intelligence reports and supporting data into the Threat Intelligence Platform for knowledge management, correlation, hunting, and alerting, ensuring accessibility for internal teams and clients

Collect, process, and analyze dark web activity and data leak site listings, maintaining a comprehensive leak site database to track trends, generate reports, and inform clients

Create charts, graphs, and tables to visualize threat actor activity and trends

Monitor and respond to threat intelligence requests for information (RFIs) for both internal and customer facing teams

Participate in incident event escalations by identifying and actioning leads for intelligence reporting

Review and approve email notifications, blog posts, and other customer communications based on finalized threat intelligence reports

Provide intelligence-driven support to Security Operations Center, Threat Hunting, Incident Response, and Vulnerability Management teams

Brief internal teams, clients, and executive stakeholders on emerging threats, relevant threat actors, and mitigation strategies

Mentor junior analysts and contribute to the development of Cyber Threat Intelligence team tradecraft and processes

Qualification

Threat Intelligence PlatformsAnalytic skillsSIEM experienceCyber threat intelligenceScripting experienceMITRE ATT&CK knowledgeTechnical writingMalware AnalysisDigital ForensicsIncident ResponseEnglish proficiencyMentoring

Required

Be proficient in using Threat Intelligence Platforms (TIPs), such as OpenCTI, and mapping intelligence data to STIX/TAXII frameworks

Demonstrate strong analytic skills in processing, correlating, and synthesizing multiple sources of intelligence to produce actionable reports

Possess SIEM experience or related/equal experience

Position and discuss security issues with customer technical and leadership audiences to reach positive outcomes

Demonstrate technical writing skills for customer or executive audiences

Demonstrate proficiency in English; additional languages are a plus

Possess a deep understanding of threat actors, their motivations, TTPs (aligned to MITRE ATT&CK), and how they target industries and organizations

Leverage Scripting experience

Preferred

GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware, (SOC)

EC-Council's Certified Cyber Intelligence Analyst (CTIA), CREST's Certified Threat Intelligence Manager and CREST Registered Threat Intelligence Analyst, MITRE ATT&CK® Cyber Threat Intelligence Certification

Some experience with Malware Analysis, Digital Forensics or Incident Response (full packet capture, host/network, email)