Senior Cyber Threat Intelligence Analyst

Role Overview

We are seeking a Senior Cyber Threat Intelligence Analyst to lead and drive CTI operations while remaining actively hands-on in intelligence analysis. This role is responsible for delivering high-quality intelligence outputs, actionable advisories, and SLA-driven services to clients, while ensuring effective collaboration with SOC teams and customer. The ideal candidate combines strong technical expertise, operational leadership, and client-facing communication skills.

Key Responsibilities

Threat Intelligence Operations (Hands-On)

· Lead and perform end-to-end CTI activities across the intelligence lifecycle (planning, collection, analysis, dissemination).

· Monitor, triage, and investigate threats including:

o  Phishing campaigns, malicious domains, and threat infrastructure

o  Credential leaks, stealer logs, and dark web exposure

o  Malware campaigns and threat actor activities

· Conduct Attack Surface Management (ASM) to identify exposed assets, misconfigurations, and external risks.

· Perform dark web monitoring to detect data leaks and threat actor discussions impacting clients.

· Perform deep-dive investigations using OSINT and intelligence platforms to assess threat impact.

· Apply and validate MITRE ATT&CK mapping for accurate threat classification and detection alignment.

· Stay continuously updated on global and regional threats, vulnerabilities, and campaigns relevant to client environments.

Intelligence Production, Advisory & SLA Management

· Own quality assurance (QA) for all CTI deliverables prior to client submission.

· Ensure all deliverables are accurate, actionable, and delivered within SLA, including:

o  Daily intelligence updates

o  Weekly and monthly reports

o  Quarterly Business Reviews (QBR)

o  Requests for Information (RFI)

o  Threat advisories and incident notifications

o  ETLM outputs (ASM findings, exposure tracking, vulnerability insights)

· Lead the development and delivery of CTI advisories and threat notifications, translating intelligence into clear, business-relevant recommendations for clients.

· Track team outputs to ensure timeliness, consistency, and quality standards are met.

· Identify gaps and drive continuous improvement in reporting and intelligence workflows.

Client Engagement & Customer Management

· Act as the primary CTI point of contact for clients.

· Present intelligence findings through reports, briefings, and QBR sessions.

· Translate technical intelligence into business-focused insights and recommendations.

· Attend client meetings or on-site engagements when required.

Threat Response & Proactive Defense

· Conduct threat modelling and intelligence-driven risk assessments.

· Lead and coordinate takedown operations for phishing sites, brand impersonation, and malicious domains.

· Support investigations involving credential leaks, phishing incidents, and external threat exposure.

· Provide actionable recommendations to strengthen client security posture and resilience.

SOC Collaboration & Threat Integration

· Work closely with SOC and Engineering teams to enhance detection use cases, support threat hunting activities, and improve alert tuning and incident response

· Provide intelligence enrichment for investigations and detection logic.

· Participate in internal discussions to keep SOC teams updated on emerging threats and attacker trends.

Leadership & Continuous Improvement

· Lead and organize monthly tabletop exercises for SOC and security teams.

· Mentor junior CTI analysts and guide investigation and reporting quality.

· Improve CTI processes, playbooks, and intelligence standards.

Incident Support

· Provide CTI support during critical or high-priority incidents.

· Be available for after-hours standby when required.

Qualifications and Requirements

· Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.

· Minimum 4–5 years of experience in cybersecurity, with strong CTI and SOC exposure.

· Hands-on experience in:

o  Threat intelligence analysis and investigations

o  OSINT and dark web monitoring

o  Threat actor profiling and IOC enrichment

o  Phishing analysis and external threat monitoring

· Strong expertise in MITRE ATT&CK framework and mapping.

· Experience with SIEM, EDR, and CTI platforms.

· Strong analytical, problem-solving, and decision-making skills.

· Excellent communication skills with the ability to engage both technical and business stakeholders.

· Ability to lead while remaining hands-on operationally.

· Fluent in English and Malay.

Certifications (Preferred)

· CySA+, Security+, GCIA, GCTI, GCIH, CTI, CEH, or any equivalent certifications.