Cyber Threat Intelligence (CTI) Analyst
A
AI2CYBERCybersecurity
Remote
Workable locations: Athens, Attica, Greece
This position in available only for Greek residents.
based in GreeceFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Required Skills
- Python
Requirements
- Strong understanding of: Adversary TTPs
- Strong understanding of: Kill Chain & MITRE ATT&CK framework
- Strong understanding of: IOC lifecycle & enrichment techniques
- Experience with: Threat Intelligence Platforms (TIPs)
- Experience with: Malware analysis reports
- Experience with: Log analysis (Splunk, ELK, etc.)
- Experience with: OSINT collection techniques
- Knowledge of: STIX/TAXII
- Knowledge of: YARA / Sigma rule creation
- Knowledge of: Network protocols & traffic analysis
- Knowledge of: Windows & Linux security telemetry
- Scripting capability (Python preferred) for data processing and automation.
- Experience tracking specific threat actors (APT28, Lazarus, FIN7, etc.)
- Familiarity with exploit development trends and CVE weaponization timelines
- Experience with honeypots and telemetry-driven intelligence
- Understanding of ransomware ecosystems & initial access brokers
- Knowledge of ML-assisted threat detection (bonus)
- Strong hypothesis-driven analytical thinking
- Ability to differentiate noise from signal
- Clear technical writing skills
- Ability to brief senior leadership concisely
- Operational security awareness
Responsibilities
- Analyze threat actor activity, campaigns, malware families, and TTP evolution.
- Produce actionable intelligence reports for SOC, IR, and leadership.
- Conduct threat landscape assessments and sector-specific risk analysis.
- Track and profile APT groups, financially motivated actors, and emerging threats.
- Extract and correlate IOCs (domains, IPs, hashes, infrastructure patterns).
- Map adversary techniques to MITRE ATT&CK.
- Analyze malware behavior reports and sandbox outputs.
- Review PCAPs, logs, and telemetry to identify patterns and anomalies.
- Support detection rule development (Sigma, YARA, Splunk, EDR queries).
- Work with STIX/TAXII feeds and threat intelligence platforms.
- Assist in automation of ingestion, normalization, and correlation pipelines.
- Contribute to intelligence scoring models (risk scoring, actor confidence, exploit maturity).
- Validate intelligence through internal telemetry and honeypot data (if applicable).
- Support SOC during active investigations.
- Provide adversary insights during incident response.
- Contribute to purple-team exercises and threat emulation scenarios.
- Present findings to technical and executive stakeholders.
View Full Description & ApplyYou'll be redirected to the employer's site
