Threat Intelligence Analyst

Security Operations Center (SOC), Microsoft Sentinel, Microsoft Defender Suite, Cribl, Threat Hunting, Security Orchestration, Automation & Response (SOAR)

Description

GSPANN is hiring a Threat Intelligence Analyst to monitor emerging cyber threats, adversary campaigns, and zero-day vulnerabilities. The role focuses on operationalizing threat intelligence into Microsoft Sentinel, Defender, Cribl, and SOAR workflows to strengthen detection, hunting, and incident response.

Location: Hyderabad

Role Type: Full Time

Published On: 18 February 2026

Experience: 8 - 10 Years

Share this job

Description

GSPANN is hiring a Threat Intelligence Analyst to monitor emerging cyber threats, adversary campaigns, and zero-day vulnerabilities. The role focuses on operationalizing threat intelligence into Microsoft Sentinel, Defender, Cribl, and SOAR workflows to strengthen detection, hunting, and incident response.

Role and Responsibilities

• Track emerging threats, adversary campaigns, malware families, and zero-day vulnerabilities on a continuous basis.
• Monitor OSINT sources, dark web forums, vendor threat reports, and commercial threat intelligence feeds.
• Identify threat trends that increase organizational risk exposure.
• Collect, validate, enrich, and prioritize Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs).
• Maintain structured threat intelligence repositories and ensure data accuracy.
• Push validated intelligence into Microsoft Sentinel, SOAR playbooks, detection rules, and L3 investigation teams.
• Correlate intelligence with SOC alerts and active investigations to provide stronger attribution and context.
• Enrich investigations with attacker context such as campaigns, malware, TTPs, infrastructure, regions, and motivations.
• Improve triage efficiency and reduce investigation time through actionable intelligence inputs.
• Partner with L3 analysts and detection engineers to identify detection gaps and coverage issues.
• Recommend new detection rules, hunting queries, and alert logic based on intelligence findings.
• Support proactive threat hunts by providing attack hypotheses, MITRE ATT&CK mapping, and IOC collections.
• Produce tactical (IOC-based), operational (campaign-level), and strategic (trend-level) intelligence reports.
• Deliver periodic threat briefings to SOC teams, IT leadership, and executive stakeholders.
• Provide risk-based recommendations to strengthen mitigation and preparedness.
• Collaborate with SOC leadership, Incident Response teams, Red Teams, and detection engineering teams.
• Feed intelligence into incident response workflows and support mitigation planning.
• Escalate time-sensitive and high-risk threats to SOC leadership and L3 teams.
• Perform adversary threat modeling aligned to organizational assets and threat exposure.
• Prioritize threats based on business impact, exploitability, and attacker capability.
• Align intelligence assessments with MITRE ATT&CK and industry threat frameworks.
• Measure intelligence effectiveness by tracking improvements in detection outcomes and SOC performance.
• Maintain and improve intelligence SOPs, workflows, and enrichment processes.
• Continuously update intelligence lifecycle processes to reflect evolving threats and attacker techniques.
  
  

Skills And Experience

• Strong expertise in threat intelligence methodologies and frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model.
• Proven experience operationalizing threat intelligence in Microsoft Sentinel, including IOC ingestion, analytics rule updates, and KQL enrichment.
• Hands-on understanding of Microsoft Defender telemetry across Endpoint, Identity, and Cloud.
• Working knowledge of Cribl pipelines for log normalization, enrichment, and threat feed ingestion.
• Ability to analyze malware families, adversary infrastructure, campaign behavior, and TTP evolution.
• Strong capability to filter out spoofed, low-quality, and irrelevant threat intelligence.
• Expertise in correlating threat intelligence with SOC alerts, incidents, and security telemetry.
• Experience creating attacker profiles, campaign summaries, threat assessments, and risk scoring models.
• Ability to support Incident Response and Threat Hunting teams with high-value intelligence artifacts.
• Proficiency in Kusto Query Language (KQL) for enrichment and intelligence-driven hunting.
• Experience with Threat Intelligence Platforms (TIPs), OSINT tools, malware sandboxes, and enrichment APIs.
• Strong understanding of network, endpoint, cloud, and identity telemetry sources.
• Excellent written and verbal communication skills to deliver executive-ready intelligence reports.
• Ability to simplify technical intelligence into clear risk narratives for non-technical stakeholders.
• Strong analytical thinking, structured problem-solving, and attention to detail.
• Strong collaboration skills across SOC, IR, Red Team, and leadership teams.
• Certifications such as SC-200, SC-100, AZ-500, GCTI, CTIA, GIAC Cyber Threat Intelligence, GREM, and Cribl Foundations/Admin are preferred.