Cyber Threat Intelligence (CTI) Analyst.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers. Pertenece a la categoría de Roles y carreras en ciberseguridad.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers.

A Cyber Threat Intelligence (CTI) analyst produces and curates the actionable intelligence layer that sits between raw threat data and security decisions. The role splits along three classical tiers. Strategic CTI summarizes adversary motivations, geopolitical context, and long-term trends for executives and board audiences. Operational CTI characterizes specific named threat actors and campaigns (TTPs, infrastructure, victimology, targeting) for SOCs, hunt teams, and IR. Tactical CTI is the day-to-day stream of IOCs, YARA/Sigma rules, ATT&CK mappings, and feed entries that detection engineering consumes. Workflow combines OSINT, paid feeds (Mandiant, CrowdStrike Falcon Intelligence, Recorded Future, Intel 471), criminal-forum monitoring, sample collection (MalwareBazaar, VirusTotal Intelligence), and internal SOC telemetry, structured using frameworks such as MITRE ATT&CK, STIX/TAXII, Diamond Model, the Pyramid of Pain, and TLP. Outputs are written reports, intelligence briefings, IOC feeds, ATT&CK navigator layers, and pre-incident hunt packages. CTI analysts often hold GIAC GCTI, SANS FOR-578, eLearnSecurity eCTHP, or Mandiant-style certifications.

Las defensas contra Cyber Threat Intelligence (CTI) Analyst combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.

Nombres alternativos comunes: Threat intelligence analyst, CTI researcher.