Senior Cyber Threat Intelligence Analyst
Experience Level: 7–10 Years Reports to: Director - Cyber Security Practice/ Manager - Cyber Threat Intelligence
Location: Abu Dhabi
Salary: Negotiable - includes relocation bonus, Visa Sponsorship and medical cover.
Role Overview
The Senior Threat Intelligence Analyst will play a dual role as both a hands-on intelligence practitioner and a Threat Intelligence Platform (TIP) specialist, responsible for deploying, configuring, operating, and optimizing TIP solutions within an enterprise-scale intelligence ecosystem.
This role is ideal for analysts who have moved beyond pure reporting and now operate at the intersection of intelligence operations, tooling, and platform engineering. You will work closely with backend engineers, data engineers, and AI teams to ensure intelligence workflows are automated, scalable, and operationally relevant. While strategic intelligence skills remain important, this role places strong emphasis on TIP configuration, data modeling, ingestion pipelines, workflow customization, and analyst enablement.
Key Responsibilities
1. Threat Intelligence Platform (TIP) Deployment & Configuration
- Lead or supported the deployment, configuration, and tuning of Threat Intelligence Platforms such as: a. Anomali (ThreatStream / Enterprise) b. ThreatConnect c. MISP / OpenCTI d. Recorded Future, Intel 471, Group-IB (integration layer)
- Configure data models, entities, and relationships aligned with operational CTI workflows.
- Design and manage ingestion pipelines for internal telemetry, OSINT, commercial feeds, and custom sources.
-Implement STIX/TAXII-based integrations, API connectors, and enrichment workflows.
- Customize workflows, playbooks, tagging schemas, scoring logic, and lifecycle states within the TIP.
2. Intelligence Operations & Analysis
- Perform tactical, operational, and strategic threat analysis using data curated and processed via the TIP.
- Validate, enrich, and contextualize IOCs, TTPs, malware families, threat actors, and campaigns.
- Map intelligence to MITRE ATT&CK, kill chains, and organizational risk scenarios.
- Support incident response, SOC, detection engineering, and vulnerability management teams with actionable intelligence.
- Conduct adversary and campaign tracking, ensuring data quality and analytical integrity.
3. Automation & Workflow Optimization
- Design and implement automation workflows within the TIP to reduce analyst toil.
- Work with SOAR platforms and scripting tools to enable intelligence-driven response actions.
- Optimize scoring, deduplication, false-positive reduction, and prioritization logic.
- Collaborate with engineers to expose TIP data via APIs and downstream systems (SIEM, EDR, ASM).
- Contribute to feedback loops for continuous improvement of intelligence quality and relevance.
4. Platform Governance & Data Quality
- Define and enforce intelligence data standards, schemas, and naming conventions.
- Ensure data lineage, traceability, and confidence scoring across all intelligence objects.
- Monitor platform health, ingestion failures, data drift, and feed degradation.
- Support role-based access controls, sharing policies, and compliance requirements.
- Assist in platform audits, migrations, or TIP-to-TIP transitions when required.
5. Collaboration, Enablement & Documentation
- Act as a bridge between analysts and engineers, translating intelligence requirements into technical configurations.
- Create standard operating procedures (SOPs), onboarding guides, and workflow documentation for TIP usage.
- Mentor junior analysts on platform usage, intelligence modeling, and analytical tradecraft.
- Participate in architecture reviews for new CTI modules, feeds, or AI-driven enhancements.
Desired Skills & Experience Core CTI & TIP Expertise (Mandatory)
- 7–10 years of experience in Cyber Threat Intelligence roles.
- Hands-on experience deploying, configuring, and operating TIPs in production environments.
- Strong understanding of STIX 2.x, TAXII, IOC lifecycle management, and intelligence ontologies.
- Experience integrating TIPs with SIEM, SOAR, EDR, and vulnerability management tools.
- Proven ability to customize workflows, scoring models, enrichment logic, and automation.
Technical & Platform Skills
- Strong familiarity with APIs, JSON, Python scripting, and data ingestion pipelines.
- Experience with log data, telemetry, malware feeds, and external intelligence providers.
- Exposure to graph-based intelligence modeling and relationship analysis is a plus.
- Understanding of cloud-based TIP deployments (AWS / Azure / GCP) preferred.
Analytical & Domain Skills
- Strong grasp of threat actor behavior, malware analysis outputs, and campaign lifecycle tracking. -Ability to translate raw intelligence into SOC-ready detections and risk insights.
- Experience supporting government, financial, or critical infrastructure environments is advantageous.
Soft Skills
- Highly organized with a strong operational mindset.
- Comfortable working in hybrid analyst–engineer environments.
- Clear communicator able to engage with technical and non-technical stakeholders.
- Proactive, detail-oriented, and automation-focused.
Preferred Certifications:
- SANS GCTI / FOR578
- ArcX Cyber Threat Intelligence
- Certified Threat Intelligence Analyst (CTIA)
- Any Threat Intelligence Platform certifications
- MITRE ATT&CK Defender (MAD)