The core responsibilities of a Cyber Threat Intelligence Analyst involve gathering, analyzing, and interpreting data from various sources to identify and assess potential cyber threats. The analyst monitors the threat landscape, including emerging trends and the activities of threat actor groups. Based on their analysis, the analyst creates comprehensive reports and alerts that inform security strategies and guide mitigation efforts. CTI Analysts often work with security teams to implement countermeasures and stay up to date on the latest cybersecurity trends.

Duties include responsibilities like monitoring and analyzing cyber threats, assessing their potential impact on organizations, and providing actionable intelligence to mitigate risk. This role involves researching threat actors, their tactics, and developing threat models. Effective communication of findings through reports and briefings to other Kroll employees and leadership and clients is a crucial responsibility.

Responsibilities

• Threat Monitoring and Analysis:
  • Continuously monitor external and internal sources for cyber threats, including open-source intelligence (OSINT), deep dark web (DDW) forums, and threat intelligence feeds.
• Cyber Threat Data
  • Required to collect, process, analyze, and apply data related to cyber threats to enhance a stakeholder’s or client’s security posture or shed light on a cybersecurity incident.
  • Gather data from diverse sources including OSINT, proprietary threat intelligence feeds (commercial or internal); internal security tools and logs; deep and dark web information from forums and marketplaces where cybercriminals operate; and human intelligence where information is gathered during interactions with other internal and external experts.
• Threat Assessments
  • Evaluate the potential impact of identified threats on organization’s and/or client’s infrastructure, data, and operations, prioritizing based on severity and likelihood.
• Threat Modeling
  • Develop and maintain threat models and risk assessments to identify vulnerabilities and guide security strategies.
• Reporting and Communicating
  • Prepare and deliver clear, concise, and actionable reports and briefings for various stakeholders, including internal and external technical and leadership/management teams.
• Incident Response Support
  • Provide threat intelligence support to incident response teams during security breaches, helping to identify the nature of the attack, its scope, and potential impact.
• TTP Research
  • Research and analyze tactics, techniques, and procedures (TTPs) used by threat actors to understand their methods and develop countermeasures.
• Tool Development and Maintenance
  • Contribute to the development and maintenance of tools and scripts for threat analysis and detection, potentially including YARA rules or RE JEX patterns
• Staying Current
  • Maintain deep understanding of current threat landscapes, including emerging technologies, attack vectors, and threat actor groups.

Requirements

• Technical Skills—strong analytical and problem-solving skills with experience in threat intelligence platforms and security analysis.
• Research and Investigative Skills—ability to conduct through research, gather data from various sources, and synthesize information into actionable intelligence.
• Communication Skills—excellent written and verbal communication skills with the ability to explain complex technical concepts to diverse audiences.
• Knowledge of Cybersecurity Principles—In-depth understanding of cybersecurity concepts, network protocols, and common attack methods.
• Incident Response Experience—familiarity with incident response methodologies and the ability to support incident handling teams.
• Collaboration Skills—ability to work effectively with other security teams and stakeholders.
• Time Management—proven ability to thrive and respond to frequent demands of multiple stakeholders, both internal and external, in a high demand, customer-centric environment.

• Efficient and Effective—ability to condense complex information into concise, relevant reporting while minimizing impacts on resources available.

#LI-DNI