Sr. Security Consultant - Cyber Threat Intelligence

📋 Description

• • As a Senior Cyber Threat Intelligence (CTI) Consultant at SHI International Corp., you will be at the forefront of protecting organizations from evolving cyber threats. This pivotal role involves transforming raw intelligence into tangible operational outcomes that significantly enhance security postures. You will be instrumental in developing robust detection opportunities, enabling effective threat hunting missions, and driving cross-functional improvements across Security Operations Centers (SOC), Detection Engineering (DE), and Incident Response (IR) workflows.
• • Your primary responsibility will be to conduct in-depth cyber threat intelligence analysis, with a sharp focus on adversary Tactics, Techniques, and Procedures (TTPs) that pose a risk to our clients' specific environments. This deep dive into attacker methodologies allows for the creation of highly relevant and actionable intelligence.
• • You will lead complex intelligence workstreams, meticulously validating high-risk exposures, managing critical escalations, and ensuring that our service levels and the quality of our deliverables consistently meet the highest standards. This leadership ensures that intelligence efforts are impactful and well-managed.
• • A key aspect of your role will be to develop and maintain actionable intelligence outputs. This involves the critical review, prioritization, and operationalization of intelligence briefs, detection opportunities, and vulnerability intelligence. All outputs will be carefully aligned with each client’s unique risk profile and overarching organizational goals, ensuring maximum relevance and impact.
• • You will excel at translating TTP-driven intelligence into practical threat hunting and detection engineering outputs. This includes formulating precise hunting hypotheses, providing clear hunt guidance, and developing specific detection recommendations that directly address identified adversary behaviors.
• • The role requires you to deliver Tier 2/3 reporting, such as detailed operational intelligence briefs, comprehensive detection opportunity reports, and analyses of vulnerability exploitation likelihood. These reports will be tailored to align with client priorities, providing them with the insights needed to make informed decisions.
• • You will function effectively in both threat hunting and detection engineering capacities. This involves translating complex TTP-driven intelligence into:
• • Well-defined hunting hypotheses and scoped hunt guidance, enabling proactive threat discovery.
• • Actionable detection recommendations, including specific queries or rules, along with expected signal-to-noise ratios and tuning guidance to ensure efficacy.
• • You will provide crucial intelligence support during active investigations and incidents. Your expertise will help teams connect external threat signals to internal telemetry, thereby informing and guiding response decisions. You will act as a trusted intelligence consultant to both internal teams and external clients, translating complex threat intelligence into clear, informed security decisions.
• • A vital part of your contribution will be assessing the effectiveness of the intelligence outputs you generate. This will be achieved by actively soliciting and incorporating feedback from detection engineers, SOC analysts, and incident response teams, fostering a cycle of continuous improvement.
• • You will play a significant role in mentoring junior analysts and consultants, helping to refine internal processes, and contributing to the scaling of standardized playbooks and reporting quality. This mentorship ensures knowledge transfer and elevates the overall capability of the team.
• • Staying abreast of the latest industry risks and emerging trends is paramount. You will actively participate in threat-sharing communities, bringing back valuable insights to SHI and its clients.
• • Your communication skills will be essential in effectively conveying complex ideas to diverse audiences, facilitating clear communication between different teams, and mentoring others in best communication practices.
• • You will build strong relationships, take ownership of complex team initiatives, collaborate effectively with diverse groups, and drive results through adept relationship management.
• • Demonstrating self-motivation, you will take ownership of personal and professional initiatives, collaborating as needed to achieve objectives.
• • Your analytical thinking will be applied to solve complex problems, draw meaningful insights from data, and communicate solutions effectively. Critical thinking skills will be used to synthesize information from various sources for strategic decision-making.
• • You will be responsible for managing and executing complex intelligence workstreams to completion, ensuring quality, timeliness, stakeholder alignment, and adherence to defined notification models and service-level objectives.
• • You will leverage your expertise in security-relevant cyber threat intelligence collection, validation, and analysis, including the identification of credential/session exposure, initial access activity, malicious infrastructure, adversary targeting, and exploitation trends.
• • You will apply the cyber threat intelligence lifecycle (requirements definition, collection, processing, analysis, dissemination, and feedback) to deliver validated, actionable intelligence aligned to customer Priority Intelligence Requirements (PIRs).
• • You will assess, prioritize, and communicate external threats and exposures using evidence-based analysis and industry-accepted mitigation guidance, ensuring intelligence is actionable by SOC, IR, Detection Engineering, and Identity teams.
• • You will translate adversary behavior, TTPs, and campaign activity into operational intelligence outputs, including high-priority notifications, investigation pivots, detection opportunities, and threat-informed response guidance.
• • You will support threat hunting and detection engineering efforts, including the development of behavior-first hypotheses and detection opportunity recommendations.
• • You will examine, normalize, correlate, and model disparate data sets (OSINT, dark-web sources, telemetry summaries, vulnerability data, and incident context) to draw defensible conclusions and support decision-making.
• • You will produce finished intelligence products (alerts, operational briefs, executive summaries, trend analysis, and campaign narratives) tailored to both technical and non-technical audiences.
• • You will possess working knowledge of common security platforms and environments (identity providers, EDR/XDR, SIEM, email security, network controls, vulnerability management) sufficient to contextualize intelligence and recommend appropriate actions.