Cyber Threat Analyst

Job Details:

We are seeking a highly analytical and proactive Cyber Threat Analyst to support the Cybersecurity organization. This role plays a critical part in strengthening InvoiceClouds proactive defense posture by identifying analyzing and operationalizing emerging cyber threats across the enterprise.

As a subject matter expert in threat intelligence threat hunting and detection engineering this individual integrates intelligence into actionable detection and response improvements. The Cyber Threat Analyst partners closely with SOC DevSecOps Architecture and Engineering teams to ensure threat-informed design improved alert fidelity and measurable enhancements to security controls.

This is a highly specialized role requiring strong analytical depth structured problem-solving and the ability to translate complex attacker behaviors into clear defensive strategies. Success in this role means consistently turning intelligence insights into operational outcomesimproving visibility reducing false positives strengthening detections and communicating risk clearly to both technical teams and executive stakeholders.

The ideal candidate combines deep knowledge of MITRE ATT&CK behavioral detection methodologies and modern telemetry analysis with the ability to build repeatable workflows support system design with threat modeling and influence cross-functional partners without direct authority.

Success Profile:

This role is anchored in our companys core competencies. These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role.

Results Driven

• Leads Threat Intelligence Collection & Analysis by collecting evaluating and synthesizing intelligence from internal telemetry OSINT vendor feeds advisories and community reporting producing actionable outputs that measurably strengthen defensive posture.
• Executes proactive Threat Hunting & Behavioral Detection initiatives using endpoint network identity and cloud telemetry developing hypotheses aligned to MITRE ATT&CK and validating findings through evidence-based analysis that results in improved detections and controls.
• Drives measurable improvements in Detection Engineering & SIEM Correlation by tuning existing rules reducing false positives recommending new detections based on attacker tradecraft and increasing alert fidelity across the environment.
• Delivers documentedand 210-day outcomes including detection coverage improvements closed visibility gaps reduced triage friction and executive-ready reporting demonstrating quantifiable risk reduction.

Takes Ownership

• Formalizes and operationalizes Threat Modeling & Secure Design Support during system and application design phases by identifying abuse cases mapping likely attacker paths and providing clear mitigation guidance to Engineering and Architecture teams.
• Builds and maintains a structured intelligence-to-detection workflow (intake analysis ATT&CK mapping detection/enrichment validation measurement) ensuring accountability and transparency from insight to operational impact.
• Partners closely in Cross-Functional Collaboration with SOC DevSecOps and Architecture teams to embed threat intelligence into playbooks response readiness and control improvements while supporting incident response with attribution hypotheses and tradecraft insights.
• Develops and publishes forward-looking 6- and 12-month threat-intelligence and threat-hunting maturation plans aligned to business priorities clearly communicating coverage gaps emerging risks and strategic improvements to Security leadership and the CISO

Drives Efficiency

• Enhances Detection Engineering & SIEM Correlation processes by introducing structured ATT&CK mapping telemetry validation enrichment workflows and standardized reporting templates that reduce friction and improve repeatability.
• Establishes repeatable Threat Hunting & Behavioral Detection cadences aligning hunts to prioritized attack surfaces industry threat trends and known adversary techniques to ensure consistent coverage over time.
• Standardizes Reporting & Communication outputs including recurring threat briefings campaign summaries and risk trend analyses that translate technical findings into prioritized defensible recommendations for both technical and non-technical stakeholders.
• Brings order to threat-intelligence workflows by refining taxonomy standards confidence scoring relevance ranking telemetry validation practices and feedback loops across stakeholders.

Innovative

• Advances Threat Hunting & Behavioral Detection capabilities through hypothesis-driven analysis and multi-dimensional thinking that uncovers stealthy or sophisticated attacker activity beyond signature-based detections.
• Leverages automation and scripting (e.g. Python or PowerShell) to enrich indicators normalize data generate reports streamline intelligence triage and improve the speed and scalability of intelligence-to-detection workflows.
• Continuously evaluates emerging threat actor campaigns tooling and industry trends translating intelligence insights into adaptive defensive strategies that strengthen InvoiceClouds proactive defense posture.

Requirements

• Bachelors degree in Information Security Cybersecurity or a related field (or equivalent experience).
• 35 years of experience in threat intelligence SOC analysis threat hunting detection engineering or related cybersecurity roles.
• Strong understanding of the MITRE ATT&CK framework and modern attacker tactics techniques and procedures (TTPs).
• Experience working with SIEM EDR cloud and identity telemetry to investigate threats and improve detections.
• Ability to conduct hypothesis-driven threat hunts and translate findings into actionable detection or control improvements.
• Experience analyzing and operationalizing threat intelligence from both internal and external sources.
• Scripting or automation experience (e.g. Python PowerShell) preferred.
• Strong analytical and problem-solving skills with the ability to communicate technical findings clearly to diverse audiences.
• Relevant certifications such as CISM CISA GCTI CTIA CEH or similar credentials are a plus.
• Ability to thrive in a fast-paced collaborative environment and handle sensitive information with professionalism and discretion.