Cyber Threat Intelligence (CTI) Analyst.

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers. サイバーセキュリティの 役割とキャリア カテゴリに属します。

A specialist who collects, structures, and disseminates intelligence about threat actors, campaigns, and TTPs — at strategic, operational, and tactical tiers — to inform defenders, IR teams, and executive decision-makers.

A Cyber Threat Intelligence (CTI) analyst produces and curates the actionable intelligence layer that sits between raw threat data and security decisions. The role splits along three classical tiers. Strategic CTI summarizes adversary motivations, geopolitical context, and long-term trends for executives and board audiences. Operational CTI characterizes specific named threat actors and campaigns (TTPs, infrastructure, victimology, targeting) for SOCs, hunt teams, and IR. Tactical CTI is the day-to-day stream of IOCs, YARA/Sigma rules, ATT&CK mappings, and feed entries that detection engineering consumes. Workflow combines OSINT, paid feeds (Mandiant, CrowdStrike Falcon Intelligence, Recorded Future, Intel 471), criminal-forum monitoring, sample collection (MalwareBazaar, VirusTotal Intelligence), and internal SOC telemetry, structured using frameworks such as MITRE ATT&CK, STIX/TAXII, Diamond Model, the Pyramid of Pain, and TLP. Outputs are written reports, intelligence briefings, IOC feeds, ATT&CK navigator layers, and pre-incident hunt packages. CTI analysts often hold GIAC GCTI, SANS FOR-578, eLearnSecurity eCTHP, or Mandiant-style certifications.

Cyber Threat Intelligence (CTI) Analyst に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Threat intelligence analyst, CTI researcher。