Threat Intelligence Analyst - IBM CISO

Introduction At IBM, work is more than a job - it's a calling: To detect. To protect. To contain. To collaborate. To prevent. To outthink threats. Not just to do something better, but to attempt what some would consider impossible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, let's talk. Your role and responsibilities We are seeking an experienced Cyber Threat Intelligence (CTI) Analyst to join our team. As a CTI Analyst within the Office of the IBM CISO you will conduct all-source intelligence operations, which includes Gathering CTI that is relevant and actionable by IBM. * Maintaining relevant, up-to-date and accurate data on threat activity clusters, nexuses, malware, tools, infrastructure, attack patterns and campaigns. * Supporting other cyber defence teams such as Incident Response, Security / Network Operations Centres, Threat Hunting, Vulnerability Response and Engineering. * Overall, your intelligence end products will be used to counter threats to IBM's systems, networks, users and clients. * The ideal candidate will understand the principles, processes and practices of CTI, have a strong analytical mindset and very good communication skills. This includes written report writing. * A technical background in data manipulation (such as extract-transform-load, extract-load-transform), scripting or programming is desirable but not essential. Key Responsibilities: * Threat Intelligence: Collect, process, analyze and disseminate cyber threat intelligence from internal and external sources. Identify patterns and trends to anticipate, detect and mitigate potential threats. * Perform contextualization on data and intelligence materials to determine their relevance and risk to IBM based on business operations, location, technology usage and victimology. * Apply your skills to form hypotheses, critically assess and apply analysis techniques to query, merge, enrich, evaluate, and pivot within data to obtain and share insights with other IBM teams. * Alert and Case Analysis: Analyze and investigate suspicious activities detected by our Security Operations Centre and Cyber Security Incident Response Team to assess the level of threat by correlating intelligence with sightings made within the IBM environment. * Incident Response: Assist Incident Responders by enriching investigations, sightings and alerts with valid, qualified and contextualized intelligence. Vulnerability Assessment: Monitor for Proofs-of-Concept and exploitation of relevant vulnerabilities. * Collaboration: CTI Analysts are expected to collaborate in (virtual) teams and across the CISO organization like SOC, Threat Hunting and CSIRT. At times, they collaborate directly with other IBM functions-such as commercial business units, supply chain, and research-to model, contextualize, assess, detect, and help mitigate specific threats. Required education High School Diploma/GED Preferred education Bachelor's Degree Required technical and professional expertise * Strong cyber security domain knowledge with the ability to speak authoritatively on cyber threat intelligence, including intelligence products (reports, advisories, indicators, attack/behaviour/compromise data) and intelligence lifecycle processes. * Proven, methodical investigative approach with the ability to clearly articulate both findings and investigative methodology. Solid understanding of intelligence analysis principles, including deductive, inductive, and abductive reasoning. * Practical experience with CTI standards and frameworks such as STIX/TAXII, CAPEC, the Cyber Kill Chain, and the CIA triad (or equivalents). Ability to model and analyze cyber threat Tactics, Techniques, and Procedures (TTPs), including decomposition of attack patterns. * Hands-on experience with the MITRE ATT&CK (Enterprise and Mobile) frameworks. * Working knowledge of broader security standards such as CVE and CWE. Strong data handling and manipulation skills to support intelligence collection, processing, analysis, and dissemination (e.g., parsing, decoding, feature extraction). * Experience with enterprise security tools, including Threat Intelligence Platforms (e.g., ThreatConnect, OpenCTI), SIEM, SOAR, EDR, and data visualization tools (e.g., Kibana, Grafana). Advanced user proficiency in Windows, Linux, or macOS environments, with a solid understanding of networking, cloud, and enterprise IT technologies. * Excellent interpersonal skills with strong written and verbal English communication. * Demonstrated passion for continuous learning and professional development. Ability to support and mentor colleagues, contributing to team development and the ongoing maturity of CTI capabilities while pursuing personal growth. Preferred technical and professional experience * Additional language skills besides English. * Practical experience managing intelligence datasets in OpenCTI. * Knowledge of query languages such as SQL (and variants), KQL (Kibana QL), XQL (Cortex QL). * Experience using Artificial Intelligence (AI) within CTI roles and environments. * Experience applying automation techniques to CTI problems. Experience working with Threat Hunting teams - specifically, providing intelligence to support their work and extracting intelligence from their findings. * Experience working in large, complicated organisations that require collaboration with multi-disciplinary teams. * Experience working with global teams - specifically spanning North America, Europe and Asia-Pacific * Industry-recognised courses and certifications - such as GIAC and CREST. * Undergraduate degree or equivalent in a relevant field - such as cyber security, computing, networking or engineering. ABOUT BUSINESS UNIT IBM Systems helps IT leaders think differently about their infrastructure. IBM servers and storage are no longer inanimate - they can understand, reason, and learn so our clients can innovate while avoiding IT issues. Our systems power the world's most important industries and our clients are the architects of the future. Join us to help build our leading-edge technology portfolio designed for cognitive business and optimized for cloud computing. YOUR LIFE @ IBM In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better. Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background. Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do. Are you ready to be an IBMer? ABOUT IBM IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world. Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world. IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. OTHER RELEVANT JOB DETAILS IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to: * Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being * Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs * Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law * Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals * Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences We consider qualified applicants with criminal histories, consistent with applicable law. This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role. IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship. The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.