Cyber Threat Analyst

Job Details:

We are seeking a highly analytical and proactive Cyber Threat Analyst to support the Cybersecurity organization. This role plays a critical part in strengthening InvoiceCloud’s proactive defense posture by identifying, analyzing, and operationalizing emerging cyber threats across the enterprise.

As a subject matter expert in threat intelligence, threat hunting, and detection engineering, this individual integrates intelligence into actionable detection and response improvements. The Cyber Threat Analyst partners closely with SOC, DevSecOps, Architecture, and Engineering teams to ensure threat-informed design, improved alert fidelity, and measurable enhancements to security controls.

This is a highly specialized role requiring strong analytical depth, structured problem-solving, and the ability to translate complex attacker behaviors into clear defensive strategies. Success in this role means consistently turning intelligence insights into operational outcomes—improving visibility, reducing false positives, strengthening detections, and communicating risk clearly to both technical teams and executive stakeholders.

The ideal candidate combines deep knowledge of MITRE ATT&CK, behavioral detection methodologies, and modern telemetry analysis with the ability to build repeatable workflows, support system design with threat modeling, and influence cross-functional partners without direct authority.

Success Profile:

This role is anchored in our company’s core competencies. These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role.

Results Driven

• Leads Threat Intelligence Collection & Analysis by collecting, evaluating, and synthesizing intelligence from internal telemetry, OSINT, vendor feeds, advisories, and community reporting, producing actionable outputs that measurably strengthen defensive posture.
• Executes proactive Threat Hunting & Behavioral Detection initiatives using endpoint, network, identity, and cloud telemetry, developing hypotheses aligned to MITRE ATT&CK and validating findings through evidence-based analysis that results in improved detections and controls.
• Drives measurable improvements in Detection Engineering & SIEM Correlation by tuning existing rules, reducing false positives, recommending new detections based on attacker tradecraft, and increasing alert fidelity across the environment.
• Delivers documented 30-, 150-, and 210-day outcomes including detection coverage improvements, closed visibility gaps, reduced triage friction, and executive-ready reporting demonstrating quantifiable risk reduction. 

Takes Ownership

• Formalizes and operationalizes Threat Modeling & Secure Design Support during system and application design phases by identifying abuse cases, mapping likely attacker paths, and providing clear mitigation guidance to Engineering and Architecture teams.
• Builds and maintains a structured intelligence-to-detection workflow (intake → analysis → ATT&CK mapping → detection/enrichment → validation → measurement), ensuring accountability and transparency from insight to operational impact.
• Partners closely in Cross-Functional Collaboration with SOC, DevSecOps, and Architecture teams to embed threat intelligence into playbooks, response readiness, and control improvements while supporting incident response with attribution hypotheses and tradecraft insights.
• Develops and publishes forward-looking 6- and 12-month threat-intelligence and threat-hunting maturation plans aligned to business priorities, clearly communicating coverage gaps, emerging risks, and strategic improvements to Security leadership and the CISO 

Drives Efficiency

• Enhances Detection Engineering & SIEM Correlation processes by introducing structured ATT&CK mapping, telemetry validation, enrichment workflows, and standardized reporting templates that reduce friction and improve repeatability.
• Establishes repeatable Threat Hunting & Behavioral Detection cadences, aligning hunts to prioritized attack surfaces, industry threat trends, and known adversary techniques to ensure consistent coverage over time.
• Standardizes Reporting & Communication outputs including recurring threat briefings, campaign summaries, and risk trend analyses that translate technical findings into prioritized, defensible recommendations for both technical and non-technical stakeholders.
• Brings order to threat-intelligence workflows by refining taxonomy standards, confidence scoring, relevance ranking, telemetry validation practices, and feedback loops across stakeholders. 

Innovative

• Advances Threat Hunting & Behavioral Detection capabilities through hypothesis-driven analysis and multi-dimensional thinking that uncovers stealthy or sophisticated attacker activity beyond signature-based detections.
• Leverages automation and scripting (e.g., Python or PowerShell) to enrich indicators, normalize data, generate reports, streamline intelligence triage, and improve the speed and scalability of intelligence-to-detection workflows.
• Continuously evaluates emerging threat actor campaigns, tooling, and industry trends, translating intelligence insights into adaptive defensive strategies that strengthen InvoiceCloud’s proactive defense posture. 

Requirements

• Bachelor’s degree in Information Security, Cybersecurity, or a related field (or equivalent experience).
• 3–5 years of experience in threat intelligence, SOC analysis, threat hunting, detection engineering, or related cybersecurity roles.
• Strong understanding of the MITRE ATT&CK framework and modern attacker tactics, techniques, and procedures (TTPs).
• Experience working with SIEM, EDR, cloud, and identity telemetry to investigate threats and improve detections.
• Ability to conduct hypothesis-driven threat hunts and translate findings into actionable detection or control improvements.
• Experience analyzing and operationalizing threat intelligence from both internal and external sources.
• Scripting or automation experience (e.g., Python, PowerShell) preferred.
• Strong analytical and problem-solving skills with the ability to communicate technical findings clearly to diverse audiences.
• Relevant certifications such as CISM, CISA, GCTI, CTIA, CEH, or similar credentials are a plus.
• Ability to thrive in a fast-paced, collaborative environment and handle sensitive information with professionalism and discretion.