CTI Analyst (Cyber Threat Intelligence)

When to Use

• Collect and vet intelligence from OSINT, commercial feeds, government advisories, and ISACs
• Profile threat actors and analyze campaigns (objectives, targeting, infrastructure, timing)
• Produce IOCs and TTPs with MITRE ATT&CK mapping and consumer-ready context
• Draft intel briefs (strategic, tactical, operational) for leadership, SOC, hunts, and IR
• Package sharing artifacts (STIX concepts, TAXII awareness, distribution tiers, handling rules)
• Fuse intel into hunt hypotheses, detection priorities, and active incident context
• Score confidence and document sources, limitations, and collection bias

When NOT to Use