G42
Threat Intelligence Analyst (CPX)
- Permanent
- Abu Dhabi, United Arab Emirates
- Experience 5 - 10 yrs
- Urgent
Job expiry date: 19/12/2025
Job overview
Date posted
04/11/2025
Location
Abu Dhabi, United Arab Emirates
Salary
Undisclosed
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
19/12/2025
Job description
The Threat Intelligence Analyst at CPX plays a critical role in defending national and enterprise-level infrastructure from advanced cyber threats. Working within the Threat Intelligence Center, this position involves identifying and analyzing malicious activity, tracking threat actors across surface, deep, and dark web environments, and producing actionable intelligence reports that enhance proactive and reactive defense capabilities. The ideal candidate combines deep technical expertise in malware analysis and intrusion detection with strategic analytical skills to transform raw data into intelligence-driven security operations. This role is ideal for a seasoned cyber professional who thrives at the intersection of technical analysis, intelligence synthesis, and operational impact.
Required skills
Key responsibilities
- Conduct in-depth analysis of network telemetry, endpoint logs, and other data sources to detect and profile malicious activity.
- Correlate IOCs, TTPs, and behavioral indicators to attribute attacks to known threat groups or campaigns.
- Support incident response teams by providing context, attribution, and post-incident threat intelligence.
- Perform static and dynamic analysis of malware samples to extract payloads, persistence mechanisms, and C2 infrastructure.
- Develop and maintain YARA rules, Snort signatures, and detection logic to identify evolving malware and intrusion patterns.
- Monitor surface, deep, and dark web platforms for emerging threats, data leaks, and chatter relevant to critical assets.
- Leverage TOR, I2P, and specialized tools to collect and analyze intelligence from underground forums and marketplaces.
- Produce comprehensive intelligence products including adversary profiles, tactical reports, and strategic threat assessments.
- Integrate intelligence feeds into SIEM, SOAR, and detection pipelines to improve SOC readiness.
- Develop threat models using frameworks like MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain.
- Collaborate with law enforcement and global threat intelligence communities on joint investigations or intelligence-sharing initiatives.
- Automate enrichment, data collection, and reporting processes through Python, PowerShell, or Bash scripting.
Experience & skills
- Minimum of 7 years of experience in threat intelligence, malware analysis, or intrusion detection within enterprise, defense, or government settings.
- Proficient with malware analysis tools (Ghidra, IDA Pro, x64dbg, Cuckoo Sandbox) and packet analysis utilities (Wireshark, tcpdump).
- Strong understanding of APT operations, threat actor ecosystems, and global cybercrime trends.
- Experience using threat intelligence platforms (MISP, ThreatConnect, Recorded Future) and SIEM systems (Splunk, QRadar, Elastic).
- Advanced scripting ability in Python, PowerShell, or Bash for threat enrichment and automation tasks.
- Familiarity with STIX/TAXII, YARA, OpenIOC, and other structured intelligence sharing formats.
- Solid grasp of MITRE ATT&CK, Cyber Kill Chain, and Diamond Model frameworks for adversary mapping.
- Ability to transform technical findings into executive-level intelligence reports and visualizations.
- Certifications such as GREM, GCTI, GCIH, or CISSP are highly desirable.
- Strong analytical thinking, situational awareness, and attention to detail under pressure.
- Experience collaborating with SOC, digital forensics, and incident response teams.
