Cyber Threat Intelligence Analyst

This is a fully remote position, open to applicants in Greece.

📋 Description

• Analyze the activities of threat actors, their campaigns, malware families, and the evolution of their tactics, techniques, and procedures (TTPs).

• Generate actionable intelligence reports for the Security Operations Center (SOC), Incident Response (IR) teams, and leadership.

• Conduct assessments of the threat landscape and perform risk analysis specific to various sectors.

• Monitor and profile Advanced Persistent Threat (APT) groups, financially motivated actors, and emerging threats.

• Extract and correlate Indicators of Compromise (IOCs), including domains, IPs, hashes, and infrastructure patterns.

• Map adversary techniques to the MITRE ATT&CK framework.

• Analyze malware behavior reports and outputs from sandbox environments.

• Review packet captures (PCAPs), logs, and telemetry to detect patterns and anomalies.

• Assist in the development of detection rules utilizing Sigma, YARA, Splunk, and EDR queries.

• Collaborate with STIX/TAXII feeds and threat intelligence platforms.

• Aid in the automation of ingestion, normalization, and correlation pipelines.

• Contribute to intelligence scoring models, including risk scoring, actor confidence, and exploit maturity.

• Validate intelligence using internal telemetry and data from honeypots when applicable.

• Provide support to the SOC during active investigations.

• Offer insights on adversaries during incident response activities.

• Engage in purple team exercises and threat emulation scenarios.

• Present findings to both technical and executive stakeholders.

⛳️ Requirements

• This position is available exclusively for residents of Greece.

• Strong comprehension of adversary TTPs.

• Familiarity with the Kill Chain and the MITRE ATT&CK framework.

• Understanding of the IOC lifecycle and enrichment techniques.

• Experience with Threat Intelligence Platforms (TIPs).

• Proficient in analyzing malware reports.

• Competence in log analysis using tools like Splunk and ELK.

• Knowledge of Open Source Intelligence (OSINT) collection techniques.

• Familiarity with STIX and TAXII standards.

• Experience in creating YARA and Sigma rules.

• Understanding of network protocols and traffic analysis.

• Proficiency in Windows and Linux security telemetry.

• Scripting skills (Python preferred) for data processing and automation tasks.

• Experience tracking specific threat actors such as APT28, Lazarus, and FIN7.

• Familiarity with trends in exploit development and timelines for CVE weaponization.

• Experience with honeypots and telemetry-driven intelligence.

• Understanding of ransomware ecosystems and initial access brokers.

• Knowledge of machine learning-assisted threat detection is a bonus.

• Strong analytical thinking driven by hypotheses.

• Ability to distinguish between noise and signal.

• Proficient technical writing skills.

• Capability to provide concise briefings to senior leadership.

• Awareness of operational security practices.

• Preferred certifications include GIAC (GCTI, GCIA, GCED), OSCP / OSCE, CISSP, and other SANS CTI-related certifications.

🏝️ Benefits

• Highly competitive salary that is regularly reviewed for upward adjustments.

• Remote work opportunity: Achieve your goals from the comfort of your home, as we prioritize performance over location.

• Involvement in cutting-edge projects and technical challenges, along with participation in large-scale initiatives.

• Opportunities for personal and professional growth alongside industry experts and talented colleagues.

• Continuous learning with access to extensive resources.

• A structured onboarding plan and training to ensure a smooth transition and equip you with confidence for your new role.

• Provision of equipment to ensure you have all necessary tools to perform your duties effectively and efficiently.

• No formal dress code, as we want you to be as comfortable as possible.