Cyber Threat Intelligence Team Lead

10-12 years of experience in cybersecurity, cyber threat intelligence, or cyber security operations. Leadership experience in a threat intelligence environment is a plus. Ability to distill highly technical information into business-centric language. Experience with Splunk (or other event monitoring capability), Crowdstrike, RecordedFuture, MS sentinel, SentinelOne, OpenCTI, MISP, Proofpoint. Deep knowledge of incident response, digital forensics, malware analysis, and threat intelligence. Hands-on experience with SOC technologies (SIEM, SOAR, EDR, IDS/IPS, log management). Strong understanding of MITRE ATT&CK framework and NIST Cybersecurity Framework. Excellent leadership, communication, and stakeholder management skills. Relevant certifications preferred: CISSP, CISM, GIAC (GSOM and GCTI), or equivalent.

Build, manage, and scale a Cyber Threat Intelligence Team. Develop Standard Operating Procedures for threat intelligence activities. Lead management of severe and critical cyber security incidents. Train and mentor threat intelligence analysts, engineers, and threat hunters. Establish operational processes, escalation paths, and playbooks. Oversee the triage of cyber events. Manage incident response activities. Develop metrics, KPIs, and reporting to measure SOC effectiveness. Lead proactive threat hunting operations. Integrate threat intelligence into SOC workflows. Evaluate and optimize the client’s technology stack. Drive continuous improvement of detection rules, automation, and response capabilities. Recommend emerging tools and processes. Conduct regular check-ins, provide coaching, and manage performance. Serve as the main liaison between team members and ECS program management. Participate in hiring processes. Lead onboarding and manage offboarding logistics. Manage team schedules and approve PTO.