✦ Luna Orbit — Cybersecurity

Senior CIRT / Threat Intel Analyst

at S&P Global

📍 4 Locations Hybrid Posted April 18, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Full-Time
Experience senior
Exp. Years Not specified
Education Not specified
Category Cybersecurity

About this role

S&P Global is seeking a Senior CIRT / Threat Intel Analyst to support cyber incident response and threat intelligence needs. The role coordinates incident triage and forensic analysis, enriches investigations with intelligence aligned to MITRE ATT&CK, and helps improve detections and reporting.

Key Responsibilities

  • Coordinate and triage response and conduct forensic analysis across endpoints, networks, cloud, and SaaS
  • Integrate threat intelligence into investigations (IOC enrichment, MITRE ATT&CK, threat actors/TTPs, impact)
  • Develop and operationalize incident response playbooks and SOPs (PIRs, collection plans, feedback loops)
  • Work with SOC on investigation, containment, remediation, and root cause analysis; produce intel-informed incident reports
  • Create and tune detections using intelligence signals (SIEM/SOAR, EDR; YARA/Sigma); deliver metrics and lessons learned

Technical Overview

You will run incident response across endpoints, networks, cloud, and SaaS, integrate threat intelligence through IOC enrichment and MITRE ATT&CK mapping, and tune detection logic using SIEM/SOAR and EDR with YARA/Sigma where applicable. You will also produce executive and technical intelligence outputs and support information-sharing via FS-ISAC under TLP/compliance requirements.

Ideal Candidate

The ideal candidate is a senior cyber incident response and threat intelligence professional with strong attacker tradecraft knowledge and hands-on experience mapping activity to MITRE ATT&CK. They have conducted forensic analysis across endpoints, networks, cloud, and SaaS, and they enrich investigations with IOCs and intelligence-driven incident reporting and detection improvements.

Must-Have Skills

Working knowledge of common cyber attackstoolsand attacker tradecraftability to map activity to MITRE ATT&CKability to articulate likely TTPscyber incident responseforensic analysis

Nice-to-Have Skills

Experience applying threat intelligence to investigationsimprove detections

Tools & Platforms

SIEM/SOAREDRYARASigmaFS-ISAC (Financial Services Information Sharing and Analysis Center)MITRE ATT&CK

Required Skills

cyber incident responseforensic analysisthreat intelligence integrationIOC enrichmentMITRE ATT&CK mappingSIEM/SOAREDRYARASigmaincident response playbooksSOPsPIRsFS-ISAC submissionsTLP

Hard Skills

cyber incident responseforensic analysisendpoint forensicsnetwork forensicscloud forensicsSaaS forensicsthreat intelligence integrationIOC enrichmentMITRE ATT&CK mappingthreat actor identificationTTP identificationimpact assessmentincident response playbooksSOPsPriority Intelligence Requirements (PIRs)collection plansfeedback loopscontainmentremediationroot cause analysisincident reportingSIEMSOAREDRintelligence signalsYARASigmavulnerability threat surfacingemerging CVEsexploit trendsrisk-based prioritizationincident response lifecyclepost-incident lessons learnedinformation-sharingFS-ISAC submissionsTLPlegal/compliance requirementsthreat overviewsexecutive briefsflash alerts

Soft Skills

detail-orientedcritical thinkingdecisive responsecross-functional collaborationcommunication with technical and non-technical stakeholdersstakeholder managementindependent judgmentcalm under pressure

Industry & Role

Industry Fintech
Job Function Lead cyber incident response and threat intelligence enrichment to improve detection, reporting, and proactive defense.
Role Subtype Incident Responder
Tech Domains Cybersecurity

Keywords for Your Resume

Senior CIRT / Threat Intel AnalystCyber Incident Response AnalystCIRTThreat IntelligenceThreat Intelligence integrationforensic analysisendpointsnetworkscloudSaaSIOC enrichmentMITRE ATT&CKTTPsincident response playbooksSOPsPriority Intelligence RequirementsPIRsSIEMSOAREDRYARASigmaFS-ISACTLPCyber Incident Response

Deal Breakers

Must have working knowledge of common cyber attacks, tools, and attacker tradecraft, Must be able to map activity to MITRE ATT&CK, Must be able to articulate likely TTPs

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile