Cyber Threat Intelligence (CTI) Analyst.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers. Cette notion relève de la catégorie Rôles et carrières en cybersécurité.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers.

A Cyber Threat Intelligence (CTI) analyst produces and curates the actionable intelligence layer that sits between raw threat data and security decisions. The role splits along three classical tiers. Strategic CTI summarizes adversary motivations, geopolitical context, and long-term trends for executives and board audiences. Operational CTI characterizes specific named threat actors and campaigns (TTPs, infrastructure, victimology, targeting) for SOCs, hunt teams, and IR. Tactical CTI is the day-to-day stream of IOCs, YARA/Sigma rules, ATT&CK mappings, and feed entries that detection engineering consumes. Workflow combines OSINT, paid feeds (Mandiant, CrowdStrike Falcon Intelligence, Recorded Future, Intel 471), criminal-forum monitoring, sample collection (MalwareBazaar, VirusTotal Intelligence), and internal SOC telemetry, structured using frameworks such as MITRE ATT&CK, STIX/TAXII, Diamond Model, the Pyramid of Pain, and TLP. Outputs are written reports, intelligence briefings, IOC feeds, ATT&CK navigator layers, and pre-incident hunt packages. CTI analysts often hold GIAC GCTI, SANS FOR-578, eLearnSecurity eCTHP, or Mandiant-style certifications.

Les défenses contre Cyber Threat Intelligence (CTI) Analyst combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : Threat intelligence analyst, CTI researcher.