Lead Cyber Threat Intelligence Analyst

About the Role

The Lead Cyber Threat Intelligence (CTI) Analyst operates with expanded scope, autonomy, and accountability to guide and mature the execution of the cyber threat intelligence lifecycle across the enterprise. The Lead is responsible for optimizing how CTI operates, ensuring intelligence activities are consistent, scalable, and aligned to enterprise objectives. Additionally, the Lead influences outcomes beyond individual execution, establishes standards and expectations for intelligence delivery, and enables effective, repeatable intelligence practices that support threat-informed decision making.

This role acts as the primary liaison between CTI and threat management operations, ensuring CTI delivers timely, relevant, and actionable intelligence that directly supports operational threat management functions. In support of this objective, the Lead advances CTI maturity by emphasizing adversary behavior, tactics, and techniques over indicator-only intelligence, enabling intelligence outputs that better inform detection priorities, security control posture, and operational prioritization, while contributing to the establishment and maintenance of intelligence requirements for CTI stakeholders.

Key Responsibilities

Operational Intelligence Enablement

• Drive the structuring and alignment of intelligence outputs to ensure they deliver intelligence driven operational outcomes, support threat-informed security operations, investigations, and remediation decision-making without requiring direct analyst rework.
• Direct the development and implementation of operational intelligence strategies to proactively address emerging threats and support enterprise objectives.
• Enable consistent production of timely intelligence products focused on relevant and active threats to support enterprise threat management operations.

Stakeholder Engagement & Intelligence Requirements

• Drive cross-functional collaboration, facilitating integration of threat intelligence with risk management, incident response, and security operations.
• Establish and maintain stakeholder engagement models, including onboarding, stakeholder profiling, intelligence requirement intake, and feedback mechanisms, to ensure intelligence outputs are aligned to evolving enterprise and business needs.

Collection Management & Threat Monitoring

• Direct intelligence collection planning and prioritization to ensure effective coverage of priority and emerging threats while minimizing duplicative or ad hoc collection efforts.
• Evaluate and recommend enhancements to intelligence tools, processes, and frameworks to optimize operational efficiency and effectiveness.
• Perform threat actor and infrastructure analysis, including research and data pivoting, to identify malicious campaigns and emerging threat activity.
• Leverage threat intelligence frameworks to assess threat coverage and identify gaps in visibility or control effectiveness.

Analysis and Production

• Lead the analysis of threats to the enterprise and the production of finished intelligence that integrates tactical and operational insights and provides direction on threat-driven prioritization.
• Enhance tactical and operational intelligence deliverables by applying adversary behavior and TTP-based analysis that informs detection priorities, security control posture, and response actions.

Governance, Metrics & Continuous Improvement

• Set clear goals and measure performance against established KPIs, using data-driven insights to inform decisions and program improvements.
• Incorporate stakeholder feedback and performance insights to drive continuous improvement of intelligence relevance, delivery efficiency, and measurable program outcomes.
• Apply data analysis and threat intelligence frameworks to assess adversary activity, intelligence coverage, and defensive alignment over time.

Communication & Influence

• Represent the CTI function in strategic forums, influencing enterprise security strategy and risk prioritization through actionable intelligence.
• Effectively communicate and report CTI program metrics and KPIs to technical leaders, senior leaders, and executives to demonstrate program effectiveness and value.
• Translate technical threat intelligence into risk-relevant context, when appropriate, to inform or influence enterprise risk understanding and prioritization.
• Influence security planning, prioritization, and response through actionable intelligence.

Required Qualifications

• Bachelor's degree or higher in a relevant field (e.g., Information Technology, Information Systems, Computer Science, Intelligence, Political Science, International Relations) or equivalent experience.
• Minimum of 5+ years' experience in cyber threat intelligence, or a related security discipline, within a large, highly regulated organization in the public or private sector.
• Demonstrated experience across the intelligence lifecycle (planning, collection, processing, analysis, dissemination).
• Experience in intelligence collection management, including aligning collection activities to defined intelligence requirements and evolving threat priorities.
• Demonstrated experience conducting tactical and operational cyber threat analysis, including threat actor tracking, adversary behavior analysis, and malicious infrastructure research.
• Strong understanding of advanced cyber threats, threat vectors, and adversary methodologies.
• Ability to apply threat intelligence frameworks and data analysis techniques to produce insights that inform detection strategy, control posture, and threat-driven prioritization.

Preferred Qualifications

• Professional cybersecurity or intelligence certifications (e.g., CISSP, GCTI, GOSI).
• Experience supporting enterprise investigations, fraud, or insider threat programs.
• Advanced knowledge of cyber threat frameworks and analytic techniques (e.g., ATT&CK, Diamond Model, Cyber Kill Chain).
• Experience leveraging automation tools to streamline and improve varies aspects of the intelligence lifecycle.
• Experience using analytical and investigative tools (e.g., Maltego, Analyst's Notebook) to support threat analysis, relationship mapping, and investigative research.

Key skills/competency

• Cyber Threat Intelligence
• Threat Actor Tracking
• Adversary Behavior Analysis
• Incident Response
• Risk Management
• Security Operations
• ATT&CK Framework
• Data Analysis
• Collection Management
• Strategic Planning