Cyber Threat Research Intelligence Analyst
M&T Bank · Buffalo, NY
This listing has closed — view similar roles below.
- On site
- Full-time
- $130,000 / year
- Buffalo, NY
Job highlights
- Analyze threats to M&T Bank's security.
- Manage the IOC lifecycle from intake to retirement.
- Operationalize intelligence into security detections.
- Collaborate across cybersecurity and technology teams.
- Analyze attack stages and threat actor methods.
About the role
Cyber Threat Research Intelligence Analyst
M&T Bank is seeking a Cyber Threat Research Intelligence Analyst to join our team. This role is hybrid, requiring four days onsite at our Seneca One Buffalo, NY location, with the flexibility to work from home one day per week.
Overview
The Cyber Threat Research Intelligence Analyst is responsible for gathering, analyzing, and interpreting intelligence data to identify potential threats to M&T Bank's security. This role proactively informs how Cybersecurity should strengthen defenses, mitigate threats, and enhance the overall security posture. A key responsibility includes managing the end-to-end indicator of compromise (IOC) lifecycle, ensuring high-fidelity intelligence reaches security controls quickly and safely.
Primary Responsibilities
- Independently collect and analyze intelligence data from various sources to identify relevant information and report findings to senior analysts and leaders.
- Define and maintain indicator quality standards (source reliability, scoring, false-positive handling, freshness/decay) and ensure consistent governance.
- Monitor the IOC lifecycle: intake, normalization, de-duplication, enrichment, confidence scoring, deconfliction, expiration/TTL, and feedback loops.
- Operationalize IOCs by partnering with Cybersecurity Operations Center/Hunt/Detection Engineering teams to convert intelligence into detections, blocklists, and response actions.
- Document clear and concise threat intelligence findings in a standardized format for threat intelligence briefings.
- Contribute insights from internal analysis for intelligence sharing initiatives with external organizations and industry groups.
- Analyze historical data and patterns to anticipate future threats and recommend proactive techniques to strengthen defenses.
- Attribute observed activities to specific threat actors based on known tactics, techniques, and procedures.
- Monitor current events and emerging technologies for correlations with the evolving threat landscape and communicate adjustments needed for internal technologies, policies, and procedures.
- Engage with vendors for routine security product or solution support.
- Identify opportunities for tuning and development of threat intelligence platform rules, alerts, and correlation logic.
- Manage day-to-day operations of threat intelligence systems, ensuring calibration and functionality.
- Collaborate across Cybersecurity and Technology to ensure appropriate threat intelligence is received and shared.
- Understand and adhere to the Company’s risk and regulatory standards, policies, and controls.
- Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
- Identify risk-related issues needing escalation to management.
- Complete other related duties as assigned.
Scope of Responsibilities
This role involves partnering with peers, managers, and the Cybersecurity team, leveraging established directions, policies, and guidelines. Work is reviewed for accuracy and quality, and approaches to solutions are developed independently. Work is evaluated upon completion to ensure objectives are met, with periodic check-ins for alignment and limited direction. A working knowledge of Open-Source Intelligence (OSINT), social monitoring tools, Threat Intelligence Platforms (TIP), Darkweb, and malware research tools is expected, along with an understanding of how intelligence is processed through an IOC pipeline into downstream security controls.
Education and Experience Required
- Bachelor's degree and a minimum of 3 years’ relevant work experience, or a combined minimum of 7 years’ higher education and/or work experience.
- Minimum of 1 year's experience utilizing tools, techniques, and methodologies for analyzing and mitigating cyber-attack stages (reconnaissance, scanning, enumeration, access escalation, privilege escalation, exploitation, and obfuscation).
- Intermediate understanding of cyber-attack stages.
Education and Experience Preferred
- Understanding of different types of threat actors, their motivations, and methodologies.
- Intermediate understanding of cyber-attack stages.
- Industry-recognized cybersecurity or technology certifications.
- Technical understanding of networking and routing protocols, services, structures, architecture, and designs supporting modern communication networks.
- Experience evaluating, analyzing, and synthesizing large quantities of fragmented and contradictory data to determine potential threat scope.
- Experience designing or operating IOC processing pipelines.
- Experience integrating intelligence with SIEM and EDR workflows and validating efficacy.
- Experience establishing IOC governance and measurement.
- Understanding of financial crimes and how threat intelligence can assist in mitigation.
Key skills/competency
- Cyber Threat Intelligence
- Indicator of Compromise (IOC) Lifecycle
- Open-Source Intelligence (OSINT)
- Threat Actor Analysis
- Cybersecurity Operations
- SIEM Integration
- EDR Integration
- Risk Management
- Malware Research
- Threat Hunting
Skills & topics
- Cyber Threat Intelligence
- Intelligence Analyst
- IOC Management
- OSINT
- Threat Actor Analysis
- Cybersecurity
- SIEM
- EDR
- Information Security
- Risk Management
- Threat Research
- Security Analyst
- Financial Services Cybersecurity
How to get hired
- Tailor your resume: Highlight your experience in cyber threat intelligence, IOC lifecycle management, and data analysis using keywords from the job description.
- Showcase technical skills: Emphasize your proficiency with OSINT, TIPs, SIEM, and EDR tools. Detail your experience with cyber-attack stages and threat actor analysis.
- Prepare for interviews: Be ready to discuss specific threat intelligence projects, your analytical process, and how you've operationalized intelligence into actionable defenses.
- Demonstrate understanding of the domain: Research M&T Bank's industry and express how your threat intelligence expertise can protect financial institutions.
- Highlight collaboration: Provide examples of successful partnerships with operations, hunt, and detection engineering teams.
Technical preparation
Master IOC lifecycle management tools and processes.,Practice threat actor attribution techniques.,Familiarize with SIEM/EDR integration methods.,Study cyber-attack stages and mitigation.
Behavioral questions
Describe a complex threat you analyzed.,How do you handle conflicting intelligence data?,Explain collaborating with operations teams.,How do you stay updated on threats?
Frequently asked questions
- What is the hybrid work arrangement for the Cyber Threat Research Intelligence Analyst role at M&T Bank?
- The Cyber Threat Research Intelligence Analyst position at M&T Bank is a hybrid role. Employees are expected to work onsite at the Buffalo, NY location for four days a week, with one day offering the flexibility to work remotely.
- What are the key responsibilities of a Cyber Threat Research Intelligence Analyst at M&T Bank?
- Key responsibilities include gathering and analyzing intelligence data, managing the Indicator of Compromise (IOC) lifecycle, operationalizing intelligence into security detections, attributing threat actors, and contributing to threat intelligence sharing initiatives. The role also involves collaborating with various cybersecurity and technology teams.
- What educational background and experience are required for this role at M&T Bank?
- A Bachelor's degree and at least 3 years of relevant experience are required. Alternatively, a combined total of 7 years of higher education and/or work experience will be considered. A minimum of 1 year of experience analyzing cyber-attack stages is also necessary.
- What kind of technical skills are important for the Cyber Threat Research Intelligence Analyst position?
- Important technical skills include proficiency with Open-Source Intelligence (OSINT) and social monitoring tools, Threat Intelligence Platforms (TIP), Darkweb and malware research tools, and an understanding of the IOC pipeline. Experience with SIEM and EDR integration is also highly valued.
- How does M&T Bank approach compensation for the Cyber Threat Research Intelligence Analyst role?
- M&T Bank is committed to fair, competitive, and market-informed pay. The salary range for this position is $97,100.00 - $161,800.00 Annually (USD). The final compensation will depend on the candidate's specific knowledge, skills, and experience.
- What is the significance of the IOC lifecycle in this role at M&T Bank?
- Managing the IOC lifecycle (intake, normalization, enrichment, scoring, dissemination, and retirement) is crucial for ensuring that high-fidelity intelligence is quickly and safely integrated into M&T Bank's security controls, thereby strengthening defenses against cyber threats.
- Can I apply for the Cyber Threat Research Intelligence Analyst job at M&T Bank if I don't have a degree but have significant experience?