Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy, and consent to receive emails from Rise
Jobs / Job page
Threat Intelligence Analyst image - Rise Careers
Job details

Threat Intelligence Analyst

About the Role

Abnormal Security is looking for a Threat Intelligence Analyst with expertise in threat hunting, detection engineering, and operational intelligence to combat cloud-based phishing attacks, account takeovers (ATO), and business email compromise (BEC). In this role, you will perform threat hunts in Cloud/SaaS environments, extract actionable intelligence, and collaborate with R&D and Engineering teams to enhance security detections and counter evolving adversary tactics.

Who you are

  • Deeply experienced in Threat Intelligence & Threat Hunting, with a focus on Cloud/SaaS threats.
  • Strong understanding of phishing, cloud-native threats, and adversary TTPs targeting identity and email security.
  • Data-driven mindset, with experience analyzing large datasets using SQL, PySpark, and other query-based analysis tools.
  • Skilled at bridging threat intelligence with engineering teams, ensuring insights translate into effective security controls.
  • Comfortable working in agile, cross-functional teams, driving threat research into practical security improvements.
  • Proven ability to present complex technical concepts to both technical and non-technical audiences.
  • Results-driven, highly collaborative, self-motivated, and adaptable in fast-paced environments.

What you will do

Threat Hunting & Threat Intelligence

  • Perform threat hunting and investigative research in Cloud/SaaS environments, focusing on email security, phishing, and account takeovers.
  • Identify MFA bypass techniques, phishing infrastructure, and cloud-native attack methods targeting enterprise SaaS environments.
  • Fuse internal telemetry, OSINT, and third-party intelligence sources to uncover and disrupt evolving threat actor campaigns.
  • Develop threat models and attack hypotheses to identify new cloud-focused attack vectors.
  • Conduct incident triage and investigative support for escalated incidents, providing internal teams with expertise on threat actors’ tools, techniques, and procedures (TTPs).

Detection Engineering

  • Collaborate with R&D and Engineering teams to translate threat intelligence into scalable detections and mitigations.
  • Design and refine cloud threat detection logic, hunting queries, and behavioral analytics to identify attacker activity.
  • Analyze phishing toolkits, adversary infrastructure, and cloud-native attack methodologies to enhance proactive defenses.
  • Work with product security teams to improve email security and identity protection mechanisms in Cloud/SaaS platforms.

Security Research

  • Track and analyze threat actor groups, phishing campaigns, and cloud-based attack methodologies.
  • Provide technical intelligence briefings to R&D and Engineering teams to inform security product improvements.
  • Partner with internal stakeholders to evaluate emerging threats and recommend security enhancements for SaaS environments.

Must Haves 

  • Deep Expertise: 5+ years in cyber threat intelligence, threat hunting, or security research.
  • 3+ years of experience in threat hunting and threat research within cloud ecosystems.
  • Expertise in cloud security, SaaS-based attacks, and email security threats (ATO, BEC, phishing, MFA bypass, etc.).
  • Strong data analysis skills with experience using SQL, PySpark, or other query languages to investigate large-scale threats.
  • Deep understanding of MITRE ATT&CK, phishing tactics, and adversary infrastructure analysis.
  • Hands-on experience with email security platforms, cloud threat analytics, and security automation
  • Collaborative Mindset: Ability to work cross-functionally with other departments such as R&D, Engineering, and Operations to achieve comprehensive cybersecurity coverage.

Nice to Have 

  • Security certifications (GCTI, GCFA, CISSP, or similar).
  • Experience in security engineering, cloud-native security, or advanced detection development.
  • Background in threat modeling, adversary emulation, or attacker TTP analysis.
  • Experience working in high-scale SaaS environments, analyzing large security datasets.

 

#LI-LB3

Abnormal Security Glassdoor Company Review
4.9 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
Abnormal Security DE&I Review
4.7 Glassdoor star iconGlassdoor star iconGlassdoor star iconGlassdoor star icon Glassdoor star icon
CEO of Abnormal Security
Abnormal Security CEO photo
Evan Reiser
Approve of CEO
by Abnormal Security on Glassdoor

Average salary estimate

$100000 / YEARLY (est.)
min
max
$80000K
$120000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Threat Intelligence Analyst, Abnormal Security

Are you ready to take the lead in revolutionizing cybersecurity? Abnormal Security is on the hunt for a passionate Threat Intelligence Analyst who will be instrumental in tackling cloud-based phishing attacks, account takeovers, and business email compromise. This remote position based in the UK allows you to unleash your expertise in threat hunting and detection engineering. You'll dive into threat analyses within Cloud/SaaS environments, extracting actionable insights to combat evolving adversaries. Collaborating closely with our talented R&D and Engineering teams, your role focuses on enhancing security detections and driving impactful, tactical improvements. If you thrive in fast-paced, agile environments and love bridging the gap between threat intelligence and engineering, this is your opportunity to shine. You’ll be responsible for conducting in-depth investigations, identifying MFA bypass techniques, and designing detection logic that scales. Bringing insights derived from large datasets using SQL and PySpark will be essential in preventing sophisticated attacks. The position not only demands a data-driven mindset but also requires you to present complex concepts clearly to different audiences. Are you ready to join a team that is at the forefront of cybersecurity innovation? If you have over five years of experience in cyber threat intelligence and a collaborative spirit, we would love to hear from you!

Frequently Asked Questions (FAQs) for Threat Intelligence Analyst Role at Abnormal Security
What are the main responsibilities of a Threat Intelligence Analyst at Abnormal Security?

As a Threat Intelligence Analyst at Abnormal Security, your primary responsibilities will include performing threat hunting and investigative research focused on email security in Cloud/SaaS environments. You'll also identify attack techniques, conduct incident triage, and collaborate with R&D and Engineering teams to refine threat detection mechanisms.

Join Rise to see the full answer
What qualifications do I need to become a Threat Intelligence Analyst at Abnormal Security?

To qualify for the Threat Intelligence Analyst position at Abnormal Security, you should have at least 5 years of experience in cyber threat intelligence and threat hunting, along with strong skills in data analysis using SQL or PySpark. Familiarity with cloud security, phishing tactics, and a collaborative mindset are essential.

Join Rise to see the full answer
Which skills are essential for a Threat Intelligence Analyst at Abnormal Security?

Essential skills for a Threat Intelligence Analyst at Abnormal Security include expertise in threat hunting and intelligence, data analysis, and understanding adversary tactics. Additionally, experience with cloud-native security and the ability to communicate complex information effectively are also crucial.

Join Rise to see the full answer
How does the Threat Intelligence Analyst role contribute to overall cybersecurity at Abnormal Security?

The Threat Intelligence Analyst plays a vital role in enhancing cybersecurity at Abnormal Security by identifying emerging threats, contributing to the design of scalable detections, and providing actionable insights that influence product security improvements and mitigate risks.

Join Rise to see the full answer
What is the work environment like for a Threat Intelligence Analyst at Abnormal Security?

As a Threat Intelligence Analyst at Abnormal Security, you will work in a dynamic, remote environment that emphasizes collaboration and agility. You will engage with cross-functional teams to drive innovation and apply your expertise to improving the company's cybersecurity landscape.

Join Rise to see the full answer
Common Interview Questions for Threat Intelligence Analyst
Can you describe your experience with threat hunting in Cloud/SaaS environments?

When answering this question, focus on specific examples from your past experience where you applied threat hunting methodologies in Cloud/SaaS settings. Highlight your approach to identifying and mitigating threats, and how you leveraged tools or data analytics in your investigations.

Join Rise to see the full answer
What techniques do you use to analyze large datasets for threat detection?

Discuss the specific tools and query languages you are familiar with, such as SQL or PySpark, and provide examples of how you've utilized them to identify patterns or anomalies in large datasets. Emphasize your data-driven approach to uncover actionable intelligence.

Join Rise to see the full answer
How do you stay updated with current phishing tactics and cloud-native threats?

Share your methods for ongoing education, such as following industry blogs, participating in webinars, or engaging with professional communities. Mention any specific resources you rely on to keep abreast of the latest trends and tactics in the cybersecurity field.

Join Rise to see the full answer
Can you explain a time when you collaborated with engineering teams to improve security measures?

Provide a concrete example of a project where you worked closely with engineering teams. Highlight your contributions to enhancing security controls based on threat intelligence and how that collaboration led to improved defenses against specific threats.

Join Rise to see the full answer
What is your approach to incident triage and investigative support?

Describe your systematic approach to incident triage, including how you prioritize incidents based on severity, the steps you take to analyze threats, and how you communicate findings to internal stakeholders. Showcase your analytical skills and decision-making process.

Join Rise to see the full answer
How do you develop threat models and attack hypotheses?

Explain your methodology for creating threat models, including the factors you consider, such as prior incidents, existing vulnerabilities, and emerging trends. Discuss how you validate your hypotheses through research and data analysis.

Join Rise to see the full answer
What experience do you have with email security platforms?

Talk about your hands-on experience with various email security platforms, the features you utilized, and specific instances where you improved security protocols or mitigated phishing campaigns using those platforms.

Join Rise to see the full answer
Can you provide an example of how you've used MITRE ATT&CK in your work?

Discuss a specific case where you applied the MITRE ATT&CK framework to understand adversary tactics, techniques, and procedures. Explain how this framework influenced your threat hunting strategies or security recommendations.

Join Rise to see the full answer
What do you think are the biggest challenges facing cloud security today?

Articulate your understanding of the current landscape by identifying challenges such as maintaining effective identity management, combating phishing, and securing cloud-native applications. Discuss potential solutions or proactive measures that organizations can take.

Join Rise to see the full answer
How would you present technical findings to a non-technical audience?

Highlight your communication strategies for translating complex technical information into layman's terms. Provide examples of how you’ve effectively communicated security issues to diverse audiences and the importance of engaging stakeholders in cybersecurity discussions.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Snowrelic Remote United States
VIEW
Posted 12 days ago

Seeking an experienced SAP Lead for a remote position to oversee enterprise integration initiatives.

I
Information Technology Strategies, LLC Hybrid North Chesterfield
VIEW
Posted 11 days ago

We are looking for a Cybersecurity Lead to enhance our Oracle EBS solutions and provide expert support in cybersecurity challenges.

Photo of the Rise User
Shield AI Hybrid Washington DC Metro Area
VIEW
Posted 7 days ago

Join Shield AI as a Systems Administrator where you will maintain and troubleshoot IT hardware and software in support of our mission to protect service members and civilians.

Photo of the Rise User
Strategic Data Systems Hybrid Corona, CA
VIEW
Posted 3 days ago

Join SDS as a ServiceNow Developer/Senior Systems Administrator to support NSWC Corona in handling complex IT challenges.

a
aah Remote Remote
VIEW
Posted 12 days ago

Join Advocate Health as an IT Enterprise Data Architect to lead the development of robust data management systems supporting critical health data.

Photo of the Rise User
Aetos Systems Remote No location specified
VIEW
Posted 14 days ago

Join Aetos Systems, Inc. as a Cloud Developer to contribute to cloud architecture solutions while being a valued part of a dynamic company culture.

Photo of the Rise User
Stitch Fix Remote Remote, USA
VIEW
Posted 12 days ago

Lead the Technology Shared Services team at Stitch Fix, ensuring strategic alignment and operational excellence through innovative technology solutions.

Photo of the Rise User
Informa Group Plc. Hybrid Cairo Festival City Business Park, New Cairo, Cairo, Egypt
VIEW
Posted 2 days ago

Join Informa Global Support as a Technology Services Administrator and play a crucial role in managing technology procurement and support activities.

Photo of the Rise User
Walt Disney Company Remote Burbank, CA, USA
VIEW
Posted last month
Photo of the Rise User
Netflix Remote Los Gatos, CA, USA
VIEW
Posted last month
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Work/Life Harmony
Customer-Centric
Fast-Paced
Growth & Learning
Medical Insurance
Dental Insurance
401K Matching
Paid Time-Off
Maternity Leave
Paternity Leave
Mental Health Resources
Flex-Friendly
Photo of the Rise User
Delta Air Lines Remote United States
VIEW
Posted 8 months ago
Photo of the Rise User
Amazon Remote India
VIEW
Posted 9 days ago
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Work/Life Harmony
Transparent & Candid
Growth & Learning
Fast-Paced
Collaboration over Competition
Take Risks
Friends Outside of Work
Passion for Exploration
Customer-Centric
Reward & Recognition
Feedback Forward
Rapid Growth
Medical Insurance
Paid Time-Off
Maternity Leave
Mental Health Resources
Equity
Paternity Leave
Fully Distributed
Flex-Friendly
Some Meals Provided
Snacks
Social Gatherings
Pet Friendly
Company Retreats
Dental Insurance
Life insurance
Health Savings Account (HSA)
Photo of the Rise User
Amazon Remote Georgia
VIEW
Posted 10 months ago
Inclusive & Diverse
Rise from Within
Mission Driven
Diversity of Opinions
Work/Life Harmony
Transparent & Candid
Growth & Learning
Fast-Paced
Collaboration over Competition
Take Risks
Friends Outside of Work
Passion for Exploration
Customer-Centric
Reward & Recognition
Feedback Forward
Rapid Growth
Medical Insurance
Paid Time-Off
Maternity Leave
Mental Health Resources
Equity
Paternity Leave
Fully Distributed
Flex-Friendly
Some Meals Provided
Snacks
Social Gatherings
Pet Friendly
Company Retreats
Dental Insurance
Life insurance
Health Savings Account (HSA)
Photo of the Rise User Abnormal Security

Abnormal Security's Mission is to make the world a safer place through new applications of Machine Learning and AI technologies. We have started with email security, but that is just the beginning.

105 jobs
MATCH
Calculating your matching score...
BENEFITS & PERKS
Dental Insurance
Disability Insurance
Flexible Spending Account (FSA)
Vision Insurance
Performance Bonus
Family Medical Leave
Paid Holidays
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
INDUSTRY
TEAM SIZE
HQ LOCATION
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
February 20, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
LATEST ACTIVITY
Photo of the Rise User
Someone from OH, Cleveland just viewed Company Expansion- Hiring remote work from home positions at Global Elite
Photo of the Rise User
Someone from OH, Toledo just viewed Registered Nurse (Part-time) at Calibrate
Photo of the Rise User
Someone from OH, Cincinnati just viewed Department Support Assistant, Congestive Heart Failure Clinic at UofL Health
Photo of the Rise User
Someone from OH, Toledo just viewed Clinical Research Associate II at Alimentiv
Photo of the Rise User
Someone from OH, Toledo just viewed Clinical Research Associate II at Precision for Medicine
Photo of the Rise User
Someone from OH, Cleveland just viewed IT Support Engineer at Level AI
Photo of the Rise User
Someone from OH, Dayton just viewed Customer Content Specialist at Cision
Photo of the Rise User
Someone from OH, Cuyahoga Falls just viewed Senior Corporate Communications Manager at Bumble Inc.
Photo of the Rise User
39 people applied to Cybersecurity Risk Analyst ( Remote ) at CVS Health
Photo of the Rise User
Someone from OH, Cincinnati just viewed Senior Financial Analyst at Workday
Photo of the Rise User
Someone from OH, Cincinnati just viewed Financial Planning and Analysis Lead at JLL
Photo of the Rise User
Someone from OH, Cincinnati just viewed Senior Financial Analyst at American Express
Photo of the Rise User
Someone from OH, Cincinnati just viewed Senior Analyst, Operations at American Express
Photo of the Rise User
Someone from OH, Cincinnati just viewed Strategic Finance Analyst, Corporate at Benchling
Photo of the Rise User
Someone from OH, Cincinnati just viewed Senior Analyst, Project Finance at Apex Clean Energy
Photo of the Rise User
Someone from OH, Cincinnati just viewed Senior FP&A Analyst, Sales at GitLab
Photo of the Rise User
Someone from OH, Cincinnati just viewed FP&A Analyst at Lithic
Photo of the Rise User
100+ people applied to Junior IT & InfoSec Specialist at Improvado
Photo of the Rise User
89 people applied to Cyber Security Analyst at CPSI Consulting
Photo of the Rise User
15 people applied to Junior Security Engineer at Epic
Photo of the Rise User
100+ people applied to Associate Technical Business Analyst, New College Grad - 2025 at Visa
Photo of the Rise User
Someone from OH, Cincinnati just viewed Financial Advisor Development Program Internship at Northwestern Mutual
Photo of the Rise User
Someone from OH, Westerville just viewed Summer Internship - Public Health Data Science at Cotiviti
Photo of the Rise User
7 people applied to System Administrator Specialist at Devsinc
V
Someone from OH, Cincinnati just viewed Part-Time Executive/Personal Assistant at VirtuHire
Photo of the Rise User
Someone from OH, Chillicothe just viewed Area Manager at The Hemp Co by Curaleaf at Curaleaf
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok