Cyber Threat Intelligence (CTI) Engineer

Threat Hunting and Analysis

• Conduct proactive threat hunting activities across various environments (endpoints, networks, cloud).
• Develop and maintain threat hunting hypotheses based on current threat intelligence and organizational risk assessments.
• Apply structured threat hunting methodologies leveraging frameworks such as MITRE ATT&CK, PEAK, TAHITI, THMM and Diamond Model to guide hypothesis creation, evidence collection and iterative improvements.      
• Deep technical knowledge of adversary tactics, malware analysis, intrusion detection and cloud security.

Tooling and Automation

• Familiar with EDR/XDR solutions, SIEM platform, data pipeline and threat hunting tooling to detect and disrupt adversary tactics.
• Develop custom scripts and tools to automate threat hunting processes and improve efficiency.
• Leverage various threat hunting techniques, including but not limited to, YARA rules, IOC analysis, and behavioral based analysis.

Incident Investigation

• Analyze security logs, network traffic, and endpoint data to identify malicious activity and potential threats.
• Investigate security incidents and provide detailed reports on findings, including root cause analysis and remediation recommendations.
• Collaborate with other security teams (incident response, vulnerability management, etc.) to share threat intelligence and coordinate security efforts.

Cyber Threat Intelligence (CTI)

• Develop and manage Cyber Threat Intelligence while staying up to date on the latest threat landscape, attack techniques, and emerging technologies.
• Map advisory behaviors to ATT&CK techniques and translate findings into actionable intelligence.
• Share actionable intelligence with internal teams and external stakeholders.
• Present findings and recommendations to technical and executive audiences.

Continuous Improvement

• Contributes to the development and improvement of threat hunting strategies, processes and playbooks aligning with PEAK and TAHITI cycles for structural threat hunting.
• Develop and maintain a strong understanding of the organization's infrastructure and applications to strengthen awareness of evolving threats and adversary behavior.
• Drive maturing of the overall security operations service.

Qualifications & Skills: 

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Minimum 8 years of relevant experience is required in cyber security focusing on threat intelligence/hunting
• Strong understanding of various operating systems (Windows, Linux, macOS).
• Experience with various security tools and technologies (SIEM, EDR, network monitoring tools).
• Proficiency in scripting (Python, PowerShell).
• Strong analytical and problem-solving skills.
• Excellent communication and presentation skills to translate technical findings into business impact.
• Experience with threat intelligence platforms, feeds and CTI frameworks.
• Relevant security certifications (e.g., SANS GIAC, GNFA, GCFA, Offensive Security, etc.)
• Experience with cloud platforms (AWS, Azure, GCP) and container security is a plus.