Cyber Threat Research Intelligence Analyst

Cyber Threat Research Intelligence Analyst

M&T Bank is seeking a Cyber Threat Research Intelligence Analyst to join our team. This role is hybrid, requiring four days onsite at our Seneca One Buffalo, NY location, with the flexibility to work from home one day per week.

Overview

The Cyber Threat Research Intelligence Analyst is responsible for gathering, analyzing, and interpreting intelligence data to identify potential threats to M&T Bank's security. This role proactively informs how Cybersecurity should strengthen defenses, mitigate threats, and enhance the overall security posture. A key responsibility includes managing the end-to-end indicator of compromise (IOC) lifecycle, ensuring high-fidelity intelligence reaches security controls quickly and safely.

Primary Responsibilities

• Independently collect and analyze intelligence data from various sources to identify relevant information and report findings to senior analysts and leaders.
• Define and maintain indicator quality standards (source reliability, scoring, false-positive handling, freshness/decay) and ensure consistent governance.
• Monitor the IOC lifecycle: intake, normalization, de-duplication, enrichment, confidence scoring, deconfliction, expiration/TTL, and feedback loops.
• Operationalize IOCs by partnering with Cybersecurity Operations Center/Hunt/Detection Engineering teams to convert intelligence into detections, blocklists, and response actions.
• Document clear and concise threat intelligence findings in a standardized format for threat intelligence briefings.
• Contribute insights from internal analysis for intelligence sharing initiatives with external organizations and industry groups.
• Analyze historical data and patterns to anticipate future threats and recommend proactive techniques to strengthen defenses.
• Attribute observed activities to specific threat actors based on known tactics, techniques, and procedures.
• Monitor current events and emerging technologies for correlations with the evolving threat landscape and communicate adjustments needed for internal technologies, policies, and procedures.
• Engage with vendors for routine security product or solution support.
• Identify opportunities for tuning and development of threat intelligence platform rules, alerts, and correlation logic.
• Manage day-to-day operations of threat intelligence systems, ensuring calibration and functionality.
• Collaborate across Cybersecurity and Technology to ensure appropriate threat intelligence is received and shared.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls.
• Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
• Identify risk-related issues needing escalation to management.
• Complete other related duties as assigned.

Scope of Responsibilities

This role involves partnering with peers, managers, and the Cybersecurity team, leveraging established directions, policies, and guidelines. Work is reviewed for accuracy and quality, and approaches to solutions are developed independently. Work is evaluated upon completion to ensure objectives are met, with periodic check-ins for alignment and limited direction. A working knowledge of Open-Source Intelligence (OSINT), social monitoring tools, Threat Intelligence Platforms (TIP), Darkweb, and malware research tools is expected, along with an understanding of how intelligence is processed through an IOC pipeline into downstream security controls.

Education and Experience Required

• Bachelor's degree and a minimum of 3 years’ relevant work experience, or a combined minimum of 7 years’ higher education and/or work experience.
• Minimum of 1 year's experience utilizing tools, techniques, and methodologies for analyzing and mitigating cyber-attack stages (reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation).
• Intermediate understanding of cyber-attack stages.

Education and Experience Preferred

• Understanding of different types of threat actors, their motivations, and methodologies.
• Intermediate understanding of cyber-attack stages.
• Industry-recognized cybersecurity or technology certifications.
• Technical understanding of networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks.
• Experience evaluating, analyzing, and synthesizing large quantities of fragmented and contradictory data to determine potential threat scope.
• Experience designing or operating IOC processing pipelines.
• Experience integrating intelligence with SIEM and EDR workflows and validating efficacy.
• Experience establishing IOC governance and measurement.
• Understanding of financial crimes and how threat intelligence can assist in mitigation.

Key skills/competency

• Cyber Threat Intelligence
• Indicator of Compromise (IOC) Lifecycle
• Open-Source Intelligence (OSINT)
• Threat Actor Analysis
• Cybersecurity Operations
• SIEM Integration
• EDR Integration
• Risk Management
• Malware Research
• Threat Hunting