- Analyze threat actor activity, campaigns, malware families, and TTP evolution.
- Produce actionable intelligence reports for SOC, IR, and leadership.
- Conduct threat landscape assessments and sector-specific risk analysis.
- Track and profile APT groups, financially motivated actors, and emerging threats.
- Extract and correlate IOCs (domains, IPs, hashes, infrastructure patterns).
- Map adversary techniques to MITRE ATT&CK.
- Analyze malware behavior reports and sandbox outputs.
- Review PCAPs, logs, and telemetry to identify patterns and anomalies.
- Support detection rule development (Sigma, YARA, Splunk, EDR queries).
- Work with STIX/TAXII feeds and threat intelligence platforms.
- Assist in automation of ingestion, normalization, and correlation pipelines.
- Contribute to intelligence scoring models (risk scoring, actor confidence, exploit maturity).
- Validate intelligence through internal telemetry and honeypot data (if applicable).
- Support SOC during active investigations.
- Provide adversary insights during incident response.
- Contribute to purple-team exercises and threat emulation scenarios.
- Present findings to technical and executive stakeholders.
Python