Cyber Threat Intelligence (CTI) Analyst.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers. Es gehört zur Kategorie Rollen und Karriere der Cybersicherheit.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers.

A Cyber Threat Intelligence (CTI) analyst produces and curates the actionable intelligence layer that sits between raw threat data and security decisions. The role splits along three classical tiers. Strategic CTI summarizes adversary motivations, geopolitical context, and long-term trends for executives and board audiences. Operational CTI characterizes specific named threat actors and campaigns (TTPs, infrastructure, victimology, targeting) for SOCs, hunt teams, and IR. Tactical CTI is the day-to-day stream of IOCs, YARA/Sigma rules, ATT&CK mappings, and feed entries that detection engineering consumes. Workflow combines OSINT, paid feeds (Mandiant, CrowdStrike Falcon Intelligence, Recorded Future, Intel 471), criminal-forum monitoring, sample collection (MalwareBazaar, VirusTotal Intelligence), and internal SOC telemetry, structured using frameworks such as MITRE ATT&CK, STIX/TAXII, Diamond Model, the Pyramid of Pain, and TLP. Outputs are written reports, intelligence briefings, IOC feeds, ATT&CK navigator layers, and pre-incident hunt packages. CTI analysts often hold GIAC GCTI, SANS FOR-578, eLearnSecurity eCTHP, or Mandiant-style certifications.

Schutzmaßnahmen gegen Cyber Threat Intelligence (CTI) Analyst kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Threat intelligence analyst, CTI researcher.