Lead Cyber Threat Intelligence Analyst

Become a part of our caring community and help us put health first

The Lead Cyber Threat Intelligence (CTI) Analyst operates with expanded scope, autonomy, and accountability to guide and mature the execution of the cyber threat intelligence lifecycle across the enterprise. The Lead is responsible for optimizing how CTI operates, ensuring intelligence activities are consistent, scalable, and aligned to enterprise objectives. Additionally, the Lead influences outcomes beyond individual execution, establishes standards and expectations for intelligence delivery, and enables effective, repeatable intelligence practices that support threat-informed decision making.

This role acts as the primary liaison between CTI and threat management operations, ensuring CTI delivers timely, relevant, and actionable intelligence that directly supports operational threat management functions. In support of this objective, the Lead advances CTI maturity by emphasizing adversary behavior, tactics, and techniques over indicator-only intelligence, enabling intelligence outputs that better inform detection priorities, security control posture, and operational prioritization, while contributing to the establishment and maintenance of intelligence requirements for CTI stakeholders.

• Drive the structuring and alignment of intelligence outputs to ensure they deliver intelligence driven operational outcomes, support threat-informed security operations, investigations, and remediation decision-making without requiring direct analyst rework.

• Direct the development and implementation of operational intelligence strategies to proactively address emerging threats and support enterprise objectives.

• Enable consistent production of timely intelligence products focused on relevant and active threats to support enterprise threat management operations.

• Drive cross-functional collaboration, facilitating integration of threat intelligence with risk management, incident response, and security operations.

• Establish and maintain stakeholder engagement models, including onboarding, stakeholder profiling, intelligence requirement intake, and feedback mechanisms, to ensure intelligence outputs are aligned to evolving enterprise and business needs.

• Direct intelligence collection planning and prioritization to ensure effective coverage of priority and emerging threats while minimizing duplicative or ad hoc collection efforts.

• Evaluate and recommend enhancements to intelligence tools, processes, and frameworks to optimize operational efficiency and effectiveness.

• Perform threat actor and infrastructure analysis, including research and data pivoting, to identify malicious campaigns and emerging threat activity.

• Leverage threat intelligence frameworks to assess threat coverage and identify gaps in visibility or control effectiveness.

• Lead the analysis of threats to the enterprise and the production of finished intelligence that integrates tactical and operational insights and provides direction on threat-driven prioritization.

• Enhance tactical and operational intelligence deliverables by applying adversary behavior and TTP-based analysis that informs detection priorities, security control posture, and response actions.

• Set clear goals and measure performance against established KPIs, using data-driven insights to inform decisions and program improvements.

• Incorporate stakeholder feedback and performance insights to drive continuous improvement of intelligence relevance, delivery efficiency, and measurable program outcomes.

• Apply data analysis and threat intelligence frameworks to assess adversary activity, intelligence coverage, and defensive alignment over time.

• Represent the CTI function in strategic forums, influencing enterprise security strategy and risk prioritization through actionable intelligence.

• Effectively communicate and report CTI program metrics and KPIs to technical leaders, senior leaders, and executives to…