Senior Cyber Threat Intelligence Analyst

ExtraHop is reinventing Network Detection and Response (NDR) to help enterprises and organziations stay ahead of emerging threats with unmatched network visibility, context, and control.

Today’s attackers bypass traditional security defenses through identity-based entry, move invisibly across cloud, on-premise, and data center networks using encryption and trusted applications, and exploit and exit whenever they want.  But all of that movement is visible on the network... if you can see it.

By combining the power of NDR with Network Performance Management (NPM), Intrusion Detection Systems (IDS), and forensics in a single, integrated platform, ExtraHop can decrypt and unlock complete packet-level data at wire speed, analyze and correlate it across all your networks, applications, devices, and users with cloud-scale machine learning, and provide a single interface to the SOC to detect, investigate, and remediate modern cyber risks in real time.

Position Summary

We are seeking a highly skilled and motivated Senior Cyber Threat Intelligence (CTI) Analyst with a strong technical background in cybersecurity and previous experience in creating high-quality customer-facing content. This individual will play a key role in researching emerging cyber threats and developing content such as white papers, blog posts, webinars, and other marketing materials with ExtraHop’s marketing team. The ideal candidate will have a deep understanding of threat actors and cybersecurity trends, combined with the ability to effectively communicate complex technical findings.

 

As a Senior CTI Analyst, you will work independently and collaborate with Detection Engineers, Threat Researchers and Data Scientists to analyze cyber threats and the marketing team to develop compelling and informative content that showcases the team’s findings and positions the company as a thought leader in the industry. 

 

ExtraHop R&D supports fully-flexible work options that include full-time onsite, hybrid, and fully remote working arrangements. Except for a few roles that require physical access, we believe in supporting you in making the choice that works best for you and makes the team successful. 

Key Responsibilities

• Threat intelligence research and analysis:
• Conduct in-depth research on emerging network security threats, threat actors, vulnerabilities, and malware campaigns.
• Generate, collect, and enrich internal threat intelligence, including collections of IOCs, and Threat Actor Profiles.
• Analyze customer logs and telemetry to identify new and novel threats.
• Reproduce and simulate attack techniques in lab environments to understand their network signatures and to ensure thorough detection coverage. 
• Continuously monitor threat intelligence sources to stay on top of emerging threats and trends.
• Present findings and work results to other internal teams.
• Content creation:
• Produce high-quality, customer-facing strategic, operational, and tactical-level written assessments, including white papers, blog posts, and case studies.
• Create and deliver engaging webinars, video content, and presentations to communicate research findings to both technical and non-technical audiences.
• Work closely with the marketing team to craft messages that align with the company’s brand and objectives.
• Mentorship:
• Mentor others regarding Threat Intelligence, intelligence writing, threat actor tracking and attribution, and threat hunting. 

Required Qualifications

• 5+ years of experience in threat research or threat intelligence
• Subject Matter Expert (SME) for cyber threat actors TTPs.
• Proven experience applying structure analytical techniques and intelligence methodologies to assess adversary activity, including the intelligence cycle, intelligence writing best practices, and frameworks such as the Diamond Model
• Familiarity with threat modeling and adversary tracking frameworks such as MITRE ATT&CK, the Cyber Kill Chain, and related models to support campaign clustering, detection development, and intelligence reporting
• Experience is producing public-facing strategic, operational, and tactical-level written content, including white papers, blog posts, newsletters, and/or video content, such as webinars
• Experience with data aggregation, hunting and analysis tools, such as Synapse, MISP, or OpenCTI
• Comfortable using SQL or other query language for threat hunting

Preferred Qualifications

• Understanding of networking fundamentals, including the OSI model and excellent working knowledge of the key protocols from Layer 2 through Layer 7
• Experience with security tools such as Kali Linux, Wireshark, TShark, tcpdump, Suricata, or other packet capture/analysis tools
• Experience in detecting and reproducing network attacks, such as vulnerability exploitation, system discovery, and lateral movement techniques
• In-depth knowledge of Windows protocols and attack techniques
• Proficient in at least one scripting or programming language (e.g., Python, JavaScript, Golang, YAML/TOML, etc.)
• Familiarity with software development tools such as: gitlab, github
• Experience working with cross-functional teams, including marketing and sales

ABOUT EXTRAHOP:

ExtraHop empowers enterprises to stay ahead of evolving threats with the most comprehensive approach to network detection and response (NDR).  Since 2007, the company has helped organizations across the globe extract real-time insights from their hybrid networks with the most in-depth network telemetry. 

ExtraHop NDR uniquely integrates network threat detection, network performance management (NPM), intrusion detection (IDS), and packet forensics into a single console with 100GB+ sensors, real-time decryption, and cloud-scale machine learning -  delivering complete network visibility, unmatched context for data-driven security decisions, and improved SOC productivity.

ExtraHop is recognized by leading organizations for both its innovation in the market and its commitment to building a world-class team. We are the only NDR vendor recognized as a leader by all major analyst firms including the 2024 Gartner® Magic Quadrant for Network Detection and Response™, the 2023 Forrester® Wave for Network Analysis and Visibility, the 2024 IDC® Marketscape for NDR, and the 2024 Gigamon® Radar Report for Network Detection and Response.

 

OTHER BENEFITS: 

Employees' wellbeing is top of mind for the ExtraHop team. Employees and their families will have the option to participate in the following benefits:

• Health, Dental, and Vision Benefits
• Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
• Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
• FSA and Dependent Care Accounts + EAP, where applicable
• Educational Reimbursement
• 401k with Employer Match or Pension where applicable
• Pet Insurance (US Only)
• Parental Leave (US Only)
• Hybrid and Remote Work Model

 

Our people are our most important competitive advantage, leading the charge against cyber criminals. Join the fight today!  

To learn more, visit www.extrahop.com or follow us on LinkedIn.

 

Create a Job Alert

Interested in building your career at ExtraHop? Get future opportunities sent straight to your email.