Armor’s Threat Resistance Unit has an opening for a Threat Intelligence Analyst to help build and grow an organization that is dedicated to the timely collection, analysis, and dissemination of relevant information to support the Security Operations mission. The Threat Intelligence Analyst will be responsible for performing cyber intelligence reporting and threat analysis, including nation-state sponsored threats and active cyber criminal organizations. This role will actively provide in-depth incident analysis and evaluate security incidents and perform research. The ideal candidate will be able to seamlessly transition between various technical and non-technical responsibilities, meeting the demands of an ever-evolving, world-class, Security Operations organization.

Essential Duties and Responsibilities (Additional duties may be assigned as required.)

  • Interacts with various teams daily, including: Indications & Warning, Incident Response & Forensics, Vulnerability & Threat Management, and Security Infrastructure.
  • Provides correlation and trending of cyber incident activity.
  • Conducts research on emerging security threats.
  • Analyzes event data for indicators that may yield detection/prevention content.
  • Provides expert quality network traffic (PCAP) and Net Flow analysis.
  • Supports SOC analysis and incident response as needed.
  • Performs periodic compilation of data and reporting from various sources, as needed.
  • Can develop custom software tools and/or processes to connect various sources of data to enable intelligence gathering and dissemination.
  • Review threat data from various sources; coordinates with SOC leadership, as well as possible interactions with government agencies to provide reporting and situational awareness.
  • Review, maintain, and develop processes and procedures for information collection, analysis, and dissemination.

Required Skills

  • Self-motivated and able to work independently, but function well within a team
  • Must be effective in managing time and prioritizing tasks between a diverse set of assigned duties.
  • Thorough understanding of Operating Systems [Win/Nix], Networking, and Information Security
  • Technically proficient in network communication using IP protocols, system administration knowledge of computer network defense operations (proxy, firewall, IDS/IPS, route/switch)
  • Skilled in Incident Response and network security monitoring
  • Intermediate programming and/or scripting abilities in one of more of the following languages: C, C++, Java, C#, PHP, Bash, PowerShell, Python, Perl, Ruby, etc. Go is highly desirable.
  • Able to handle private and confidential information with physical and ethical care
  • Experience with PCAP data, Wireshark/tcpdump; Firewall bypass techniques and tunneling methods.
  • Consistently leads with a curious mind to stay abreast of emerging trends, tactics, and an ever-changing technological landscape to enhance Armor’s Security Posture.


To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the tools in our environment today, but this list will change and grow:

  • Prior SOC experience
  • Industry connections with peer organizations. [ Infragard, SANS, etc. ]
  • Prior military, government, or intelligence experience not required but a plus.
  • Some digital forensic and malware analysis skills.
  • Excellent communication skills (written and oral)
  • Ability to work in a team environment
  • Ability to think as both an attacker and defender.

Education and/or Experience

  • Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience
  • 2-5 years of direct experience in the field of Information Security required
  • Desirable certifications include GCIH, GCIA, GCFE, GREM, FCFA, GSEC, Security+, CEG, CISSP and CCNA (Security)

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. The noise level in the work environment is usually low to moderate. The work environment may be in either an office setting or at the company’s data center.


Leave a Reply