Senior Cyber Threat Intelligence Specialist

TL;DR

Senior Cyber Threat Intelligence Specialist (Cybersecurity): Own and improve the cyber threat intelligence pipeline, tooling, and automations to deliver actionable intelligence that drives SOC and DFIR operations. With an accent on MITRE ATT&CK mapping, TIP/TAXII platform management, and automation scripting. Focus on producing high-quality reports, integrating intel into security tools, and collaborating closely with detection engineering and incident response teams.

Location: Remote within the USA in specified states (CA, CO, CT, FL, GA, IL, KS, MA, MD, ME, NJ, NC, NY, OR, TN, TX, VA, WA) with hybrid options in Austin, TX and Tampa, FL. U.S. citizenship or lawful permanent residency required. No visa sponsorship. Chicago city limits excluded.

Salary: $140,000–$210,000 per year depending on location and experience.

Company

hirify.global automates IT endpoint management and security for over 30,000 customers, delivering scalable cloud services with a focus on customer success and operational excellence.

What you will do

• Operate and enhance the CTI pipeline by aggregating, normalizing, and enriching threat intelligence from multiple sources.
• Manage TIP/TAXII platforms and build automation for ETL, enrichment, and integration with SOC tools like SIEM, EDR, and SOAR.
• Produce actionable intelligence reports and hunt packages that directly support SOC and DFIR activities.
• Collaborate with detection engineering and incident response teams to translate adversary tactics into detection content.
• Maintain intelligence sharing governance and track the impact of intelligence on security operations.

Requirements

• Must be located in the USA within specified states or willing to work remotely from these states.
• U.S. citizen or lawful permanent resident; no visa sponsorship available.
• Proven experience producing actionable cyber threat intelligence tied to SOC/DFIR outcomes.
• Strong knowledge of MITRE ATT&CK and TIP/TAXII platforms (MISP/OpenCTI).
• Proficiency in Python scripting, SQL/log querying, and automation of intelligence workflows.
• Near-fluent English (C1+) with excellent communication and writing skills.

Nice to have

• Experience translating TTPs into Sigma, SPL, KQL, YARA, or EDR detection rules.
• Familiarity with sandboxing, malware triage, and interpreting network/endpoint artifacts.
• Cloud security experience, especially with AWS and security logs.
• Relevant certifications such as GCTI, GOSI, GCIA, GCFA, AWS Security, SSCP, or CISSP.

Culture & Benefits

• Collaborative, kind, and curious community culture.
• Flexible full-time hybrid remote work options.
• Comprehensive benefits including medical, dental, vision insurance, and 401(k) plan.
• Unlimited PTO to support work-life balance.
• Opportunities for growth and advancement.

Hiring process

• Structured evaluation including technical assessments and communication skills.
• Focus on cross-functional collaboration and operational mindset.