Threat Intelligence Analyst

Summary

Join Abnormal Security as a Threat Intelligence Analyst to combat cloud-based threats. You will perform threat hunts in cloud/SaaS environments, extract actionable intelligence, and collaborate with R&D and Engineering teams to improve security. This role requires deep experience in threat intelligence and hunting, focusing on cloud/SaaS threats. You will analyze large datasets, translate threat intelligence into scalable detections, and present complex technical concepts to various audiences. The ideal candidate possesses strong data analysis skills and a collaborative mindset. The position offers the opportunity to contribute to a fast-paced, dynamic security team.

Requirements

• Possess 5+ years of experience in cyber threat intelligence, threat hunting, or security research
• Have 3+ years of experience in threat hunting and threat research within cloud ecosystems
• Possess expertise in cloud security, SaaS-based attacks, and email security threats (ATO, BEC, phishing, MFA bypass, etc.)
• Have strong data analysis skills with experience using SQL, PySpark, or other query languages to investigate large-scale threats
• Possess a deep understanding of MITRE ATT&CK, phishing tactics, and adversary infrastructure analysis
• Have hands-on experience with email security platforms, cloud threat analytics, and security automation
• Possess the ability to work cross-functionally with other departments such as R&D, Engineering, and Operations to achieve comprehensive cybersecurity coverage

Responsibilities

• Perform threat hunting and investigative research in Cloud/SaaS environments, focusing on email security, phishing, and account takeovers
• Identify MFA bypass techniques, phishing infrastructure, and cloud-native attack methods targeting enterprise SaaS environments
• Fuse internal telemetry, OSINT, and third-party intelligence sources to uncover and disrupt evolving threat actor campaigns
• Develop threat models and attack hypotheses to identify new cloud-focused attack vectors
• Conduct incident triage and investigative support for escalated incidents, providing internal teams with expertise on threat actors’ tools, techniques, and procedures (TTPs)
• Collaborate with R&D and Engineering teams to translate threat intelligence into scalable detections and mitigations
• Design and refine cloud threat detection logic, hunting queries, and behavioral analytics to identify attacker activity
• Analyze phishing toolkits, adversary infrastructure, and cloud-native attack methodologies to enhance proactive defenses
• Work with product security teams to improve email security and identity protection mechanisms in Cloud/SaaS platforms
• Track and analyze threat actor groups, phishing campaigns, and cloud-based attack methodologies
• Provide technical intelligence briefings to R&D and Engineering teams to inform security product improvements
• Partner with internal stakeholders to evaluate emerging threats and recommend security enhancements for SaaS environments

Preferred Qualifications

• Possess security certifications (GCTI, GCFA, CISSP, or similar)
• Have experience in security engineering, cloud-native security, or advanced detection development
• Have a background in threat modeling, adversary emulation, or attacker TTP analysis
• Have experience working in high-scale SaaS environments, analyzing large security datasets