Threat Intelligence Analyst

Part of the Cybersecurity Career Guide — This article is one deep-dive in our complete guide series.

By HADESS Team | February 28, 2026 | Updated: February 28, 2026 | 5 min read

You study adversaries. You track threat groups, analyze their tools and techniques, monitor underground forums, and produce intelligence that helps your organization defend against specific threats. Your job is to answer the question: who is targeting us, how do they operate, and what should we do about it?

What You Will Do

Threat intelligence sits at the intersection of analysis, research, and communication. You gather raw data from multiple sources and turn it into actionable intelligence that SOC analysts, incident responders, and leadership can use.

Your daily work includes:

• Collecting and processing indicators of compromise (IOCs) from open-source and commercial feeds
• Tracking threat actor groups — their TTPs, infrastructure, and targeting patterns
• Monitoring dark web forums, paste sites, and Telegram channels for relevant threats
• Analyzing malware samples to extract infrastructure and behavioral indicators
• Mapping adversary behavior to the MITRE ATT&CK framework
• Producing tactical intelligence reports for SOC and IR teams
• Writing strategic intelligence briefings for executive leadership
• Collaborating with industry peers through ISACs and threat sharing communities
• Enriching alerts with context — turning raw IOCs into meaningful threat assessments
• Building and maintaining threat intelligence platforms (MISP, OpenCTI, ThreatConnect)
• Providing intelligence support during active incidents

You need to think like an analyst, not just a technician. Pattern recognition, critical thinking, and the ability to separate signal from noise are what make a good threat intel analyst.

Skills You Need

Threat intelligence requires a unique blend of analytical thinking and technical skills.

Focus areas:

• MITRE ATT&CK framework — the common language for describing adversary behavior
• OSINT techniques — open-source intelligence gathering and analysis
• Malware analysis basics — understanding what adversary tools can do
• Threat intelligence platforms — MISP, OpenCTI, ThreatConnect
• Intelligence analysis methods — structured analytical techniques, competing hypotheses
• Indicator management — IOC lifecycle, confidence scoring, sharing standards (STIX/TAXII)
• Dark web monitoring — monitoring underground forums and marketplaces
• Report writing — clear, actionable intelligence products for different audiences

Develop these in the skills library and explore related roles in the career path explorer.

Certifications

Threat intelligence certifications are specialized but highly valued:

• GCTI — GIAC Cyber Threat Intelligence, the primary certification for this role
• FOR578 — SANS Cyber Threat Intelligence course (leads to GCTI)
• CTIA — Certified Threat Intelligence Analyst from EC-Council

Map out your certification plan with the certification roadmap planner.

Salary Range

Threat intelligence analysts earn between $50K and $120K. Analysts in financial services, defense contracting, and large tech companies earn toward the upper end. Senior analysts who produce strategic intelligence and brief executive leadership command the highest compensation.

Check your market position with the salary calculator.

How to Get Started

1. Build a foundation in security operations — SOC or IR experience helps you understand what intel consumers need 2. Study the MITRE ATT&CK framework thoroughly — it is the backbone of modern threat intel 3. Take the skills assessment to identify gaps in your analytical skills 4. Practice threat research in the labs — analyze real malware campaigns and map TTPs 5. Set up a personal threat intel workflow — RSS feeds, Twitter lists, threat feeds, MISP 6. Learn OSINT tools — Maltego, SpiderFoot, Shodan for infrastructure analysis 7. Work toward GCTI — plan your path with the certification planner 8. Write intelligence reports — even practice ones demonstrate analytical ability on your resume 9. Apply for threat intel or security analyst roles on the job board

If you have an analytical background (military intelligence, journalism, research) and want to apply it to cybersecurity, the career coach can help you map your transferable skills.

Related Guides in This Series

• Malware Analyst: Reverse Engineer the Weapons Attackers Use — HADESS | 2026
• Threat Hunter: Find What Automated Defenses Miss — HADESS | 2026

Take the Next Step

Start your career assessment. Go to the start your career assessment on HADESS.

Explore career paths. Check out the explore career paths.

Get started free — Create your HADESS account and access all career tools.

Frequently Asked Questions

What certifications do I need for this role?

Certification requirements vary by employer and seniority level. Use the certification roadmap planner to build a sequence based on your target role and current qualifications.

What is the salary range for this role?

Salaries vary significantly by location, experience, and employer type. Use the salary calculator for your specific market rate.

How do I transition into this career path?

Take the skills assessment to identify your current strengths and gaps relative to this role. The assessment generates a personalized learning plan to close the gap.

—

HADESS Team consists of cybersecurity practitioners, hiring managers, and career strategists who have collectively spent 50+ years in the field.