Job Title: Threat Intelligence Analyst
Location: Chandigarh
Experience: 6+ Years
Employment Type: Full-time
About the role
We are seeking an experienced Threat Intelligence Analyst to strengthen our cyber defense capabilities by identifying, analyzing, and operationalizing threat intelligence across enterprise security platforms. This role focuses on tracking emerging cyber threats, adversary campaigns, and zero-day vulnerabilities, while transforming intelligence into actionable detection and security controls across the Microsoft security ecosystem.
The ideal candidate will play a critical role in integrating intelligence into SOC operations, detection engineering, and threat hunting, enabling proactive defense against advanced adversaries. You will collaborate closely with SOC analysts, incident responders, detection engineers, and security leadershipto ensure intelligence-driven security operations across the organization.
Key Responsibilities
Threat Intelligence Monitoring & Analysis
- Continuously track emerging cyber threats, adversary campaigns, malware families, and zero-day vulnerabilities.
- Monitor intelligence sources including OSINT feeds, dark web forums, security vendor reports, and commercial threat intelligence platforms.
- Identify threat trends and attack patterns that may increase organizational risk exposure.
- Perform malware campaign and adversary infrastructure analysis, including attacker tools, techniques, and targeting behavior.
Threat Intelligence Platform (TIP) Operations
- Operate and maintain the Threat Intelligence Platform (TIP) integrated with Microsoft Sentinel and
- Cortex XSOAR.
- Curate, validate, and operationalize intelligence feeds from commercial vendors, ISACs, open-source intelligence, and dark web sources.
- Maintain structured intelligence repositories and ensure data accuracy, deduplication, and intelligence lifecycle management.
Intelligence Operationalization
- Collect, validate, enrich, and prioritize Indicators of Compromise (IOCs)andTactics, Techniques, and Procedures (TTPs).
- Feed IOCs, TTPs, and contextual intelligence into Sentinel watchlists and XSOAR indicator management systems.
- Push validated intelligence into SIEM detection rules, SOAR playbooks, and SOC investigation workflows.
- Support Detection Engineersin converting intelligence findings intonew detection rules, analytics queries, and alert logic.
SOC & Incident Response Support
- Correlate threat intelligence with SOC alerts, investigations, and incident response casesto provide enhanced context and attribution.
- Enrich security investigations with campaign details, attacker infrastructure, malware behavior, and geopolitical context.
- Support Threat Hunting and Incident Response teams by developing attack hypotheses and providing curated IOC sets.
- Escalate high-risk or time-sensitive threats to SOC leadership and L3 analysts.
Threat Reporting & Intelligence Briefings
- Produce client-specific threat landscape reports, covering threat actors, campaigns, malware trends, and sector-specific risks.
- Deliver tactical (IOC-level), operational (campaign-level), and strategic (trend-level)intelligence reports.
- Provide executive briefings and risk-based intelligence insights to security leadership and business stakeholders.
- Translate technical intelligence into clear business risk narratives.
Detection Engineering & Security Improvement
- Partner with SOC and Detection Engineering teams to identify detection gaps and coverage issues.
- Recommend new analytics rules, threat hunting queries, and detection use cases based on intelligence insights.
- Map intelligence findings to the MITRE ATT&CKframeworkand other industry models.
- Measure intelligence effectiveness through improvements in SOC detection accuracy, investigation speed, and threat visibility.
Continuous Intelligence Lifecycle Improvement
- Maintain and improve threat intelligence SOPs, workflows, and enrichment pipelines.
- Update intelligence lifecycle processes to reflect evolving attacker techniques and emerging threats.
- Perform adversary threat modeling aligned to organizational assets and attack surfaces.
- Prioritize threats based on business impact, exploitability, and attacker capability.
Tools & Technologies
The role involves working with modern security and intelligence platforms including:
- Microsoft Sentinel
- Microsoft Defender for Endpoint
- Cortex XSOAR
- Cribl Stream
- Threat Intelligence Platforms (TIPs)
- OSINT intelligence tools and malware sandboxes
- Threat enrichment APIs and IOC databases
Required Skills & Experience
Core Requirements
- 6+ years of experience in Cyber Threat Intelligence, SOC operations, or security research roles.
- Strong understanding of threat intelligence frameworks such as:
- MITRE ATT&CK
- Cyber Kill Chain
- Diamond Model of Intrusion Analysis
Technical Expertise
- Experience operationalizing intelligence within Microsoft Sentinel, including:
- IOC ingestion
- Sentinel watchlists
- KQL-based enrichment
- Detection rule updates
- Hands-on knowledge of Microsoft Defender telemetry across Endpoint, Identity, and Cloud environments.
- Experience integrating intelligence into SOAR workflows and automation pipelines.
- Familiarity with Cribl pipelines for log normalization, enrichment, and intelligence ingestion.
- Strong analytical capability in identifying malware infrastructure, adversary behavior, and campaign patterns.
Analytical & Communication Skills
- Ability to filter low-quality or spoofed threat intelligence and prioritize high-confidence indicators.
- Strong investigative and correlation skills across security telemetry sources.
- Excellent written and verbal communication skills for executive-ready intelligence reporting.
- Ability to simplify complex threat intelligence into actionable insights.
Preferred Certifications
- SC-200 Microsoft Security Operations Analyst
- SC-100 Microsoft Cybersecurity Architect
- AZ-500 Azure Security Engineer
- GCTI / CTIA Cyber Threat Intelligence Certifications
- GIAC (GCIA, GCTI, GREM)
- Cribl Foundations / Administrator
