April 12, 2019 • The Recorded Future Team
There are plenty of good reasons why you might be looking to hire your first threat intelligence analyst.
However, hiring your first threat intelligence analyst can be daunting.
Since you don’t already have a threat intelligence function in place, you don’t have the luxury of experienced practitioners to help you craft a job description and train up new recruits. To help get your fledgling threat intelligence function off the ground, we’ve put together a sample job description that you can use to find qualified candidates.
The threat intelligence analyst will work as part of the [TEAM NAME] team. This team is responsible for [RESPONSIBILITIES].
The successful applicant should be expected to identify potential cyber threats, determine levels of risk, and produce analytical reports for a variety of audiences. You will occasionally be required to present your findings in front of senior executives, so the ability to translate technical indicators into layperson’s terms is vital.
Outstanding problem-solving skills are essential. When serious threats are identified, you will work closely with other areas of the security team to identify appropriate solutions. You must be passionate about technology, and able to learn the ropes of new security solutions rapidly.
Cybersecurity is an area of growing concern for [ORGANIZATION NAME] and we expect that our threat intelligence function will grow over time. We are ideally looking for somebody who can develop in the threat intelligence analyst role, and take on additional responsibilities over time.
As this will be our first pure threat intelligence hire, some real-world experience in a threat intelligence analyst role is essential.
Now that you’ve seen what a sensible job description looks like, let’s take a closer look at the requirements.
A degree or industry-recognized certification in intelligence or cybersecurity, or equivalent experience.
Since cybersecurity is still a developing field, many practitioners do not have cybersecurity- or intelligence-specific degrees. As with most careers, however, real-world experience is a more telling indicator of competence than qualifications, so don’t be too focused on an applicant’s education record.
At least one year of experience as a threat intelligence analyst.
As an organization looking to hire your first threat intelligence analyst, you don’t have the luxury of experienced professionals to coach a newbie through the early stages of their development. Ideally, what you need is an applicant who already has some experience in the field and wants to take on a position with more autonomy.
Proven analytical and report-writing abilities.
Whoever you hire is going to be your only threat intelligence analyst — at least to start with — so they’ll need to be able to write actionable reports that can be used to demonstrate the need for change or investment. Analytical and report-writing abilities are always essential qualities in a threat intelligence analyst, but they are doubly important when you only have one analyst to rely on.
Comfortable speaking technically with analysts and strategically with senior executives.
Whoever you hire will be your go-to person for threat intelligence. Most analysts are comfortable communicating in a technical manner with their contemporaries and immediate superiors, but many struggle to explain technical concepts to non-technical executives. This is a skill that can be developed, but some aptitude is essential.
Strong presentation and interpersonal skills.
Again, threat intelligence analysts must be able to communicate their findings to a wide range of audiences. Having an analyst who can stand in front of senior executives and explain the trends they’re seeing is a huge advantage.
Able to manage competing priorities and work efficiently under pressure.
There are many variables in threat intelligence, so analysts must be able to manage their workload effectively and adapt to shifting priorities. The ability to work with a sense of focus and urgency under pressure is also essential.
Inquisitive, high energy, and eager to win.
Being a threat intelligence analyst is fun, but it’s also a lot of work. You need somebody who can stay attentive and focused in the face of a high workload, and not be discouraged by chasing down false positives.
Coding experience a plus, comfort with new technology a must.
While not essential, coding skills and experience are extremely valuable in a threat intelligence analyst. Having at least a basic understanding of coding helps an analyst determine the real-world impact of potential threats, and may also help them determine possible response strategies.
Multiple languages are a plus.
The internet is not exclusively in English. Many threat groups and sources of valuable intelligence communicate in other languages, so finding an applicant who is multilingual is a clear advantage.
Hiring your first threat intelligence analyst is a huge step in the development of your cybersecurity program. In most cases, you’ll be moving from a position of reactivity into one where you aim to identify threats in advance and implement the necessary controls to keep your organization out of the firing line.
Since this is your first step, the decision of which applicant to hire is a crucial one. It may be the difference between a threat intelligence program that flourishes, and one that fails to evidence a sufficient ROI.
So when you’re making hiring decisions, keep in mind that if you decide to expand your threat intelligence program in the future, the person you hire could ultimately take on a more senior role — perhaps as a senior analyst or team leader.
Ideally, then, you don’t just want somebody who can do the job as it stands right now. You want somebody who can understand how threat intelligence fits into your organization’s business and security priorities. Most of all, you need someone who can develop into an experienced practitioner that can help grow your organization’s threat intelligence function in the years to come.
To learn more about how threat intelligence can significantly improve your organization’s security function, request a personalized demo today.