Cyber Threat Intelligence (CTI) Analyst

The Cyber Threat Intelligence (CTI) Analyst is responsible for collecting, analyzing, enriching, and producing actionable cyber threat intelligence to support security operations, incident response, and executive decision-making.

Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time

Key Responsibilities:

• Collect, enrich, and analyze threat intelligence from OSINT, deep/dark web, commercial feeds, internal sensors, and regulatory sources.
• Produce strategic, operational, tactical, sector-specific, and vulnerability intelligence reports.
• Deliver Indicators of Compromise (IoCs), Indicators of Behavior (IoBs), Tactics, Techniques, and Procedures (TTPs), YARA/Sigma rules, and threat hunting packages to SOC/DFIR teams.
• Track and profile threat actors, malware families, campaigns, and emerging threats.
• Support incident response with contextual intelligence, attribution insights, and enrichment.
• Respond to Request for Intelligence (RFI) submissions with tailored, actionable outputs.
• Maintain and update Intelligence Requirements (IRs), Priority Intelligence Requirements (PIRs), and collection management frameworks.
• Continuously monitor the global and sector-specific threat landscape (24/7/365 service context).

Required Skills:

• Strong understanding of MITRE ATT&CK, Diamond Model, and threat actor lifecycle.
• Skilled in researching and enriching IoCs, IoBs, and malware indicators.
• Experience with threat intelligence platforms, OSINT tools, and dark web monitoring.
• Ability to transform raw data into actionable intelligence for SOC, DFIR, and leadership.
• Strong written communication skills for both technical and executive-level reporting.

Preferred Experience & Certifications:

• 2-6 years of experience in CTI, SOC, DFIR, or security analysis roles.
• Certifications such as GCTI, FOR578, CySA+, CISSP, or equivalent.

Language Requirements: Only Saudi Nationalities.