Job Title CityApply
Threat Intelligence Analyst

The Retail and Hospitality ISAC (RH-ISAC) is the trusted cybersecurity community for retail and consumer-facing industries with a mission to mitigate cyber risk by establishing trust, expanding knowledge and maturing capability through information and intelligence sharing. With the shared information of worldwide leading brands – including traditional retailers, online commerce, QSRs, drug stores, convenience stores, gaming casinos, lodging, consumer product and more – the RH-ISAC helps companies build better security through collaboration. The Cyber Threat Intelligence Analyst is responsible for supporting RH-ISAC member organizations through the tactical analysis of ongoing attacks and threat hunting operations. In this role, the analyst will support data analysis, investigative analysis and research on existing and emerging cyber threats, particularly those directed against the retail and hospitality sectors.  The Cyber Threat Intelligence Analyst reports to the Vice President of Intelligence and works to support the RH-ISAC’s vision to help reduce cyber threats


  • Support member organizations in threat hunting operations leveraging your understanding of the tactics, techniques and procedures employed by advanced threats, combined with intelligence from multiple sources.
  • Analyze indicators to generate actionable intelligence and insight into current threats. Help enhance member capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities.
  • Demonstrate a deep understanding of current APT actors and their TTPs.
  • Have a solid understanding of network and host based indicators Maintain trusted relationships with member CTI, IR, SOC and cyber security teams, providing tactical subject matter expertise, reporting and briefings to other teams and leadership in order to maintain appropriate levels of situational awareness, and contribute to technical innovation to further evolve member organization’s defensive capabilities and methodologies.
  • Provide RH-ISAC member organizations with actionable intelligence and serve as the tactical dissemination hub for the RH-ISAC community.
  • Work with industry partners to gather and share intelligence. Apply intelligence to member attack vectors and systems to proactively identify potential cyber threats.
  • Identify and evaluate new sources of intelligence and integrate numerous types of cybersecurity data sources into cyber threat analysis products.
  • Support the development and execution of custom scripts to identify host-based indicators of compromise
  • Proactively research emerging cyber threats. Apply analytical understanding of attacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
  • Produce tactical threat intelligence reports and briefings, that provide situational awareness of cyber threats impacting the RH-ISAC and member organizations.
  • Support threat hunt operations for RH-ISAC members using known adversary tactics, techniques and procedures, as well as indicators of attack.
  • Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals.
  • Stay abreast of world-wide events that are indicators of developing trends for situational awareness.
  • Mentor and guide less experienced CTI team members.
  • Experience performing "deep dive" analysis and correlation of log data from multiple sources including PCAP and forensic artifacts.
  • Experience with cyber threat analysis and retail sector threats.
  • Strong skills in tactical cyber threat intelligence
  • Experience with vulnerability research, exploit and/or malware investigation.
  • Understanding of behavioral-based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
  • Experience with Threat Intel Platforms and SIEM-type platforms
  • Capable and comfortable communicating actionable threat intelligence to both technical and operational-level stakeholders.
  • Familiarity with common languages (like Perl and Python) to parse logs, automate processes, and integrate systems.
  • Previous experience as a Cyber Threat Intel Analyst.
  • A deep understanding of advanced cyber threats targeting enterprises, along with the tools, tactics, and procedures used by those threats.
  • Minimum of 3 – 5 years of experience in cyber threat Intelligence and tactical analysis.
  • Preferred key industry certifications such as CISSP, CEH or GCIH.
This is a remote position, but candidates are expected to travel within the U.S. and/or Canada for various client visits and events four or more times per year.   Interested? Submit your application at

Learn More