Threat Intelligence Analyst - IBM CISO

At IBM, work is more than a job - it's a calling: To detect. To protect. To contain. To collaborate. To prevent. To outthink threats. Not just to do something better, but to attempt what some would consider impossible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, let's talk.

Your role and responsibilities

We are seeking an experienced Cyber Threat Intelligence (CTI) Analyst to join our team. As a CTI Analyst within the Office of the IBM CISO you will conduct all-source intelligence operations, which includes Gathering CTI that is relevant and actionable by IBM.

• Maintaining relevant, up-to-date and accurate data on threat activity clusters, nexuses, malware, tools, infrastructure, attack patterns and campaigns.
• Supporting other cyber defence teams such as Incident Response, Security / Network Operations Centres, Threat Hunting, Vulnerability Response and Engineering.
• Overall, your intelligence end products will be used to counter threats to IBM's systems, networks, users and clients.
• The ideal candidate will understand the principles, processes and practices of CTI, have a strong analytical mindset and very good communication skills. This includes written report writing.
• A technical background in data manipulation (such as extract-transform-load, extract-load-transform), scripting or programming is desirable but not essential.

Key Responsibilities:

• Threat Intelligence: Collect, process, analyze and disseminate cyber threat intelligence from internal and external sources. Identify patterns and trends to anticipate, detect and mitigate potential threats.
• Perform contextualization on data and intelligence materials to determine their relevance and risk to IBM based on business operations, location, technology usage and victimology.
• Apply your skills to form hypotheses, critically assess and apply analysis techniques to query, merge, enrich, evaluate, and pivot within data to obtain and share insights with other IBM teams.
• Alert and Case Analysis: Analyze and investigate suspicious activities detected by our Security Operations Centre and Cyber Security Incident Response Team to assess the level of threat by correlating intelligence with sightings made within the IBM environment.
• Incident Response: Assist Incident Responders by enriching investigations, sightings and alerts with valid, qualified and contextualized intelligence. Vulnerability Assessment: Monitor for Proofs-of-Concept and exploitation of relevant vulnerabilities.
• Collaboration: CTI Analysts are expected to collaborate in (virtual) teams and across the CISO organization like SOC, Threat Hunting and CSIRT.

At times, they collaborate directly with other IBM functions-such as commercial business units, supply chain, and research-to model, contextualize, assess, detect, and help mitigate specific threats.

Required education

High School Diploma/GED

Preferred education

Bachelor's Degree

Required technical and professional expertise

• Strong cyber security domain knowledge with the ability to speak authoritatively on cyber threat intelligence, including intelligence products (reports, advisories, indicators, attack/behaviour/compromise data) and intelligence lifecycle processes.
• Proven, methodical investigative approach with the ability to clearly articulate both findings and investigative methodology. Solid understanding of intelligence analysis principles, including deductive, inductive, and abductive reasoning.
• Practical experience with CTI standards and frameworks such as STIX/TAXII, CAPEC, the Cyber Kill Chain, and the CIA triad (or equivalents). Ability to model and analyze cyber threat Tactics, Techniques, and Procedures (TTPs), including decomposition of attack patterns.
• Hands-on experience with the MITRE ATT&CK (Enterprise and Mobile) frameworks.
• Working knowledge of broader security standards such as CVE and CWE. Strong data handling and manipulation skills to support intelligence collection, processing, analysis, and dissemination (e.g., parsing, decoding, feature extraction).
• Experience with enterprise security tools, including Threat Intelligence Platforms (e.g., ThreatConnect, OpenCTI), SIEM, SOAR, EDR, and data visualization tools (e.g., Kibana, Grafana). Advanced user proficiency in Windows, Linux, or macOS environments, with a solid understanding of networking, cloud, and enterprise IT technologies.
• Excellent interpersonal skills with strong written and verbal English communication.
• Demonstrated passion for continuous learning and professional development. Ability to support and mentor colleagues, contributing to team development and the ongoing maturity of CTI capabilities while pursuing personal growth.

Preferred technical and professional experience

• Additional language skills besides English.
• Practical experience managing intelligence datasets in OpenCTI.
• Knowledge of query languages such as SQL (and variants), KQL (Kibana QL), XQL (Cortex QL).
• Experience using Artificial Intelligence (AI) within CTI roles and environments.
• Experience applying automation techniques to CTI problems.
  Experience working with Threat Hunting teams - specifically, providing intelligence to support their work and extracting intelligence from their findings.
• Experience working in large, complicated organisations that require collaboration with multi-disciplinary teams.
• Experience working with global teams - specifically spanning North America, Europe and Asia-Pacific
• Industry-recognised courses and certifications - such as GIAC and CREST.
• Undergraduate degree or equivalent in a relevant field - such as cyber security, computing, networking or engineering.