Position Details

Salary $100K – $185K USD / year

Type Not Specified

Experience mid

Exp. Years Not specified

Education Not specified

Category Cybersecurity

About this role

This role is for a Senior CIRT / Threat Intel Analyst within S&P Global’s Cyber Defence team. You will coordinate and triage cybersecurity events, enrich investigations with threat intelligence, and tune detections across SIEM/SOAR/EDR to improve proactive defenses.

Key Responsibilities

Coordinate and triage response and conduct forensic analysis
Integrate threat intelligence into investigations (enrich IOCs, map to MITRE ATT&CK, identify TTPs)
Develop and operationalize incident response playbooks and SOPs (including PIRs and collection plans)
Work with the SOC to investigate incidents and deliver containment, remediation, and root cause analysis
Create and tune detections in SIEM/SOAR/EDR using intelligence signals (YARA/Sigma where applicable)

Technical Overview

You will perform forensic analysis across endpoints, networks, cloud, and SaaS, then integrate threat intelligence into investigations using IOC enrichment and MITRE ATT&CK mapping for TTP identification. The role also requires operationalizing incident response playbooks and SOPs (including PIRs and collection plans) and creating/tuning detections using intelligence signals, including YARA and Sigma where applicable.

Ideal Candidate

The ideal candidate is a Cyber Incident Response Analyst / Threat Intel Analyst who can coordinate triage and conduct forensic analysis across endpoints, networks, cloud, and SaaS. They can integrate threat intelligence into investigations by enriching IOCs and mapping activity to MITRE ATT&CK with clear TTP articulation. They also build and operationalize incident response playbooks, tune SIEM/SOAR/EDR detections using intelligence signals (including YARA and Sigma where applicable), and produce executive-ready incident intelligence outputs.

Must-Have Skills

working knowledge of common cyber attacksmapping activity to MITRE ATT&CKability to articulate likely TTPscoordinate and triage response to cybersecurity eventsforensic analysis across endpointsnetworkscloudand SaaSintegrate threat intelligence into investigationsenrich IOCsincident response lifecycledevelopmaintainand operationalize incident response playbooks and SOPsproduce high-quality intel-informed incident reportscreate and tune detections using intelligence signalsfollow end-to-end incident response lifecyclefollow TLP and legal/compliance requirements

Nice-to-Have Skills

experience applying threat intelligence to investigations and to improve detectionsexperience with industry peersFS-ISACtrust groupsand commercial/open-source intelligence

Tools & Platforms

SIEM (Security Information and Event Management)SOAR (Security OrchestrationAutomation and Response)EDR (Endpoint Detection and Response)YARASigmaMITRE ATT&CKTLP (Traffic Light Protocol)

Required Skills

Incident Responsethreat intelligence integrationMITRE ATT&CKIOC enrichmentSIEMSOAREDRYARASigmaforensic analysiscontainmentremediationroot cause analysisvulnerability surfacingCVEsTLPFS-ISACplaybooks and SOPsPriority Intelligence Requirements (PIRs)

Hard Skills

cybersecurity event triageforensic analysisendpointsnetworkscloudSaaSthreat intelligence integrationIOC enrichmentMITRE ATT&CKthreat actors/TTPsincident response playbooksSOPs (Standard Operating Procedures)Priority Intelligence Requirements (PIRs)collection plansfeedback loops to refine detectionsSOC (Security Operations Center)containmentremediationroot cause analysisincident reportsSIEM (Security Information and Event Management)SOAR (Security OrchestrationAutomation and Response)EDR (Endpoint Detection and Response)intelligence signalsYARASigmavulnerability/threat surfacingemerging CVEsexploit trendsrisk-based prioritizationincident and hunting metricsdetection coverage assessmentinformation-sharingTLP (Traffic Light Protocol)legal/compliance requirementsattacker tacticstechniquesand procedures (TTPs)

Soft Skills

detail-orientedcritical thinkingdecisively respond to security incidentscollaboration with Security Operations and Threat Intelligencecollaboration with industry peerscommunication to technical and non-technical stakeholdersproduce and present consumable intelligence outputsaccountability across incident response lifecycleanalytical thinkingsharing information in line with legal/compliance requirements

Industry & Role

Industry Defense

Job Function Detect, analyze, and respond to cyber incidents using threat intelligence and detection engineering.

Role Subtype Incident Responder

Tech Domains Cybersecurity, Networking / TCP-IP

Keywords for Your Resume

Senior CIRT / Threat Intel AnalystCyber Incident Response AnalystCyber DefenceThreat IntelligenceSecurity OperationsIncident Responseforensic analysisendpointsnetworkscloudSaaSattacker tactics techniques and procedures (TTPs)TTPsMITRE ATT&CKIndicator of Compromise (IOC)IOC enrichmentIncident Response playbooksSOPsPriority Intelligence Requirements (PIRs)collection plansfeedback loopsSOCcontainmentremediationroot cause analysisIncident reportsSIEMSecurity Information and Event Management (SIEM)SOARSecurity OrchestrationAutomation and Response (SOAR)EDREndpoint Detection and Response (EDR)YARASigmaTLPTraffic Light Protocol (TLP)FS-ISACvulnerabilityCVEsSIEM (Security Information and Event Management)SOAR (Security OrchestrationAutomation and Response)EDR (Endpoint Detection and Response)

Deal Breakers

Working knowledge of common cyber attacks and attacker tradecraft, Ability to map activity to MITRE ATT&CK and articulate likely TTPs, Experience coordinating and triaging cybersecurity events and performing forensic analysis across endpoints, networks, cloud, and SaaS, Ability to follow the end-to-end incident response lifecycle and operationalize playbooks and SOPs

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile