Senior CTI Analyst

Tesserent is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets. With offices across Australia and New Zealand, we partner with clients to provide a full suite of cybersecurity services. Our mission is to be the sovereign cybersecurity provider of choice for the protection of Australia and New Zealand’s digital assets. 

The Senior Cyber Threat Intelligence Analyst position is responsible for undertaking CTI processes for identification, collection, parsing, correlation, analysis, and production of actionable intelligence for Tesserent and our customers. The Senior CTI Analyst will regularly interact with customers, cybersecurity stakeholders and internal security functions such as SOC analytics, threat hunting, detection engineering and DevSecOps to coordinate the CTI lifecycle. A successful Senior CTI Analyst will have a broad understanding of cybersecurity and general IT knowledge areas which may include digital forensics, incident response, offensive security, GRC, threat hunting and analytics. They will be capable of identifying trends and patterns in data, and applying this knowledge to create and manage correlation logic – which will generate alerts related to potential CTI for our customers. This will require pivoting between CTI platforms (OpenCTI and MISP), employing programming and scripting languages (python, bash, Golang), applying machine learning models and statistical analysis, querying security and log analytic platforms (MS Sentinel, Splunk, Google Chronicle) and customer threat models and attack surface data including vulnerability management solutions such as Nessus. 

Accountabilities 

• Staying up to date with the latest cyber threats, techniques, tools and campaigns. 

• Creating and managing threat models from customer’s attack surface information to determine Cyber Threat Intelligence collection and processing requirements. 

• Translating threat hunting output and research into viable, complete and high-fidelity detection logic. 

• Assist with the selection of threat hunting topics and assist threat hunting staff with information collection and research 

• Analysis of emerging threats including active exploitation and critical vulnerabilities – production of vulnerability advisories 

• Creation and delivery of presentations including threat landscape, daily reports for analysts 

• Participate in CTI networking including Thales global CTI and external groups such as CTA 

• Manage breached credential and dark web monitoring solutions 

• Documenting and maintaining CTI process, procedures and platforms. 

• Management of CTI sharing including internally and to customers platforms using OpenCTI and STIX/TAXII. 

• Exploration, scraping and parsing of various sources including SOCMINT, dark, deep and clear web. 

• Planning, prototyping, and assisting with the development of tools, technologies and automations to integrate CTI with other SecOps functions such as detection engineering, vulnerability management, threat hunting, and analytics to create efficiencies and ensure Tesserent delivers a world class solution. 

 

Competencies 

Technical Skills 

• Thorough understanding of cybersecurity concepts, including offensive and defensive. 

• Experience with security analytics data sets and log sources including device, appliance, application, cloud, SaaS and identity. 

• Experience with SIEM, SOAR, Log Management and CTI platforms is highly favourable – Sentinel, Splunk,  

• Querying, scripting and or programming skills are favourable but not mandatory – may include SPL, KQL, SQL, FQL, R, python, bash, Golang, Rust. 

• Demonstrated knowledge of headless browser and automation tooling such as puppeteer, playwright and selenium is favoured. 

• Understanding of vulnerabilities and attack types – including OWASP. 

• Understanding of technical frameworks and kill chains such as MITRE ATT&CK. 

• Knowledge and use of CTI frameworks and standards such as STIX2 including processing and collection is highly favoured. 

• Understanding of cybersecurity frameworks such as ISM, essential 8, ISO27001. 

• Demonstrated intelligence experience (not limited to cyber threat intelligence) is highly favoured. 

• Experience with digital forensics, incident response, or SOC analysis is highly favoured. 

• Experience with reverse engineering, malware analysis and packet analysis is highly favoured. 

 

Business Skills 

• Excellent written and verbal skills to clearly explain concepts to diverse stakeholders. 

• Solid ability to adapt and learn to identify unique CTI use cases for customers from a wide range of industry verticals. 

• Understanding of customer’s unique cybersecurity needs and risks and ability to adapt solutions to match requirements. 

• Ability to demonstrate value and effectiveness of CTI to various stakeholders including internal and customers. 

• Project management and documentation skills. 

 

Interpersonal & Intrapersonal Skills 

• Ability to speak about cyber threat intelligence confidently and accurately, and to recommend security controls to experienced security professionals and executives. 

• Ability to work as a team with decisions made to support moving toward common goals. 

• Flexibility and motivation to work across several types of engagements. 

• Motivation to continuous learning and interaction with the cyber threat landscape for tracking and analysing adversary behaviour. 

 

Knowledge & Experience  

• A Bachelor's degree in Information Security, Computer Science, Forensics, Intelligence or a related field is preferred but not essential. 

• Minimum of 2 years’ experience in cyber security or intelligence. 

• Minimum of 5 years’ experience in IT industry. 

• Experience with the application of CTI within security teams. 

• Experience with Cyber Threat Intelligence platforms is preferred but not essential. 

• Ability to articulate business implications and risks in relation to the business. 

• Strong written and verbal communication skills to clearly explain concepts. 

• Open-minded and forward-thinking in terms of vision for the business and team culture. 

Benefits 

• Opportunities to undertake technical training and secure industry recognised certifications 

• Flexible working arrangements with a mix of remote and in-person work 

• Opportunities to work with some of the best cybersecurity professionals in the region and to grow and develop your career.

• Extra leave day per year for your birthday.