FS-ISAC logo
FS-ISAC

The only global cyber intelligence sharing community solely focused on financial services.

Threat Intelligence Analyst – Senior

Security AnalystSecurity AnalystFull TimeRemoteLeadTeam 51-200Since 1999H1B No SponsorCompany SiteLinkedIn

Location

Virginia

Posted

1 day ago

Salary

$110K - $165K / year

Seniority

Lead

Bachelor Degree8 yrs expEnglishCyber SecurityTypeScript

Job Description

Threat Intelligence Analyst – Senior

FS-ISAC

• Lead complex intelligence investigations involving cyber threat actors, ransomware operations, nation-state activity, vulnerabilities, and emerging threats • Collect, correlate, and analyze intelligence from technical and non-technical sources • Produce tactical, operational, and strategic intelligence assessments for members and stakeholders • Analyze adversary tactics, techniques, and procedures (TTPs) and map findings to frameworks such as MITRE ATT&CK • Assess the impact of cyber incidents, geopolitical developments, technology trends, and systemic risks affecting the financial sector • Author intelligence reports, threat assessments, alerts, white papers, and executive briefings • Present intelligence findings and risk recommendations to executives, members, and external partners • Translate technical intelligence into actionable business and risk-management insights • Lead information-sharing initiatives, intelligence exchanges, and member engagement activities • Build and maintain relationships with financial institutions, government agencies, law enforcement, and industry partners • Represent the organization at conferences, webinars, and industry forums • Leverages AI to enhance analysis, decision-making, productivity, and innovation • Maintains awareness of emerging AI technologies, threats, and risks • Contribute to intelligence strategy, collection priorities, and analytical standards • Identify opportunities to improve intelligence methodologies, workflows, automation, and reporting capabilities • Lead cross-functional projects and support organizational cyber resilience initiatives • Mentor Threat Intelligence Analyst I and II team members and provide analytical coaching and product reviews • Promote best practices in intelligence collection, analysis, reporting, and information sharing

Job Requirements

  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Intelligence Studies, International Affairs, Criminal Justice, or a related field required
  • A minimum of eight years of experience in cyber threat intelligence, intelligence analysis, cybersecurity, incident response, threat hunting, or related disciplines required
  • Experience supporting financial services, critical infrastructure, government, military, intelligence, or cybersecurity organizations preferred
  • Experience leading intelligence projects and presenting to executive audiences preferred
  • Must be able to obtain and maintain a Top Secret (TS/SCI) security clearance required
  • Advanced knowledge of cyber threat intelligence methodologies and intelligence lifecycle management
  • Deep understanding of threat actors, cybercrime ecosystems, nation-state operations, malware, ransomware, vulnerabilities, and threat hunting concepts
  • Demonstrates advanced knowledge of AI-enabled tools and technologies relevant to the role

Benefits

  • Medical, dental, vision, life insurance, disability coverage and accident insurance
  • 401(k) with employer match
  • Paid time off
  • Paid holidays
  • Parental leave
  • Professional development opportunities

Related Job Pages

More Security Analyst Jobs

Full TimeRemoteTeam 201-500Since 2019H1B Sponsor

Role Description Security failures are rarely caused by a single technical mistake. More often, they stem from gaps in governance, risk management, operational discipline, and accountability. Strong GRC programs help prevent those failures by making security a business priority, not just a technical concern. Mercury is growing rapidly, and as we scale, we need to continue building resilience, strengthening governance, and improving the way we manage risk across the company. We have a strong foundation today, but the next phase of growth will require scalable programs, thoughtful controls, and cross functional partnerships that allow Mercury to move quickly without sacrificing security. We are looking for an Information Security GRC Analyst to help mature Mercury’s security, risk, and compliance programs. This is not a traditional compliance role focused only on audits and evidence collection. You will help build the systems, processes, and guardrails that support business continuity, customer trust, and long term resilience. In this role, you will: - Lead and support security risk assessments across products, systems, vendors, and business initiatives. - Partner with Engineering, Product, IT, Legal, Operations, and other teams to identify, evaluate, and mitigate risk. - Drive audit readiness and compliance initiatives across frameworks such as SOC 2, PCI DSS, NIST, CIS, and ISO 27001. - Conduct gap assessments against security and compliance frameworks, then build practical plans to close those gaps. - Design, implement, and mature scalable governance processes and security controls. - Help improve Mercury’s business continuity, resilience, and third party risk management programs. - Translate compliance and risk requirements into clear, actionable guidance for technical and non-technical stakeholders. - Identify opportunities to automate controls, evidence collection, and recurring GRC workflows. - Help ensure Mercury’s security program remains strong, efficient, and aligned with the speed of the business. Qualifications - Have experience scaling security, risk, compliance, or governance programs in a high growth SaaS, fintech, or cloud native environment. - Understand security frameworks such as SOC 2, PCI DSS, NIST, CIS, and ISO 27001, and can translate them into practical controls. - Bring strong ownership and project management skills, with a track record of driving cross functional initiatives from concept to completion. - Are comfortable creating structure from ambiguity and building programs or processes from scratch. - Take a risk based approach to decision making and can distinguish between theoretical risk and material business risk. - Communicate clearly with technical and non-technical stakeholders. - Have enough technical depth to partner effectively with engineers and evaluate security controls in cloud native environments. - Care about building security programs that enable the business rather than slow it down. Requirements - Tools and technologies you may work with: - AWS Config and AWS Audit Manager - GitHub - Vanta - GRC platforms and workflow tools - Cloud native security and compliance tooling Benefits - The total rewards package at Mercury includes base salary, equity, and benefits. - Our salary and equity ranges are highly competitive within the SaaS and fintech industry and are updated regularly using reliable compensation survey data. - New hire offers are made based on a candidate’s experience, expertise, geographic location, and internal pay equity relative to peers. - Our target new hire base salary ranges for this role are: - US employees in New York City, Los Angeles, Seattle, or the San Francisco Bay Area: $153,400 to $191,800 - US employees outside of New York City, Los Angeles, Seattle, or the San Francisco Bay Area: $138,100 to $172,600 - Canadian employees, any location: CAD 145,000 to CAD 181,300 Company Description Mercury is a fintech company, not an FDIC-insured bank. Banking services provided through Choice Financial Group and Column N.A., Members FDIC. Mercury values diversity & belonging and is proud to be an Equal Employment Opportunity employer. All individuals seeking employment at Mercury are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected characteristic. We are committed to providing reasonable accommodations throughout the recruitment process for applicants with disabilities or special needs. If you need assistance, or an accommodation, please let your recruiter know once you are contacted about a role.

United States + 1 moreAll locations: United States | Canada
$138.1K - $191.8K / year
Job Closed
ScriptPro logo

Cyber Security Analyst

ScriptPro

Our end-to-end pharmacy solutions power the business of pharmacy.

Full TimeRemoteTeam 501-1,000Since 1994H1B Sponsor

• Manage and track infrastructure, security, and product certification projects, ensuring full lifecycle execution across Risk Management Framework (RMF), Federal Risk and Authorization Management Program (FedRAMP), Payment Card Industry (PCI), Health Information Trust Alliance (HITRUST), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST) frameworks • Develop, maintain, and deliver project documentation for Customer Service, DevOps, Information Assurance, and Executive leadership teams • Prepare and present monthly reports covering system compliance, security KPIs, audit readiness, and project status • Serve as a liaison between internal teams and customers, ensuring clear communication and alignment throughout complex security and compliance initiatives • Coordinate project schedules, facilitate cross-departmental tasks, and ensure all project phases are properly documented and completed • Support security programs aligned to Risk Management Framework (RMF) Step 1-6, Security Technical Implementation Guide (STIG) compliance, Assured Compliance Assessment Solution (ACAS)/Security Content Automation Protocol (SCAP) scanning, and NIST 800-53/171 control implementation • Contribute to FedRAMP Moderate/High authorization packages, System Security Plan (SSP) development, Plan of Action and Milestones (POA&M) management, and continuous monitoring activities • Assist with multi-framework compliance efforts including PCI DSS v4.0, HITRUST CSF, ISO 27001, Open Worldwide Application Security Project (OWASP) Top 10, and International Electrotechnical Commission (IEC) 62443 • Represent Information Assurance in internal and external meetings, proactively resolving conflicts and guiding teams through ambiguity • Perform other duties as assigned

Kansas
Foresite Cybersecurity logo

Security Analyst II

Foresite Cybersecurity

Transform security from a barrier to a Catalyst

Full TimeRemoteTeam 51-200Since 2013H1B No Sponsor

• You will work inside our 24/7 Cyber Fusion Center, handling escalated security alerts, leading complex investigations for our managed customers across Google Security Operations (Chronicle) and our SOAR platform, and serving as a subject matter expert for the broader team. • Act as the primary point of escalation for our Tier 1 Analysts. • Investigate incidents end-to-end: Review complex alert context, gather evidence from Chronicle UDM and supporting tools, reach a final disposition, and either close the ticket with a documented rationale or escalate to Tier 3/Incident Response with a clear handoff. • Optimize investigation playbooks: Follow established playbooks for the detection stack, but actively identify gaps, propose workflow improvements. • Communicate clearly in tickets: Ensure all tickets are understandable by the next analyst, the customer, or an auditor reading it six months from now. • Lead communications through the ticketing system on routine and complex investigations, requests for information, and exclusion/suppression requests.

Kansas

Cyber Security Analyst

Synmatch AI

Hire with confidence. Anywhere. With AI.

Full TimeRemoteTeam 1-10Since 2025H1B No Sponsor

• Security Operations : Support the cybersecurity program, operate security tools, and create, execute, and manage security processes • Monitoring & Detection : Monitor security-related events, detect and respond to alerts and incidents, and analyze logs to identify threats and anomalies • Incident Response : Coordinate cyber incident response, work with external IR partners, conduct investigations, and perform high-level forensic analysis • Vulnerability Management : Manage the full vulnerability management process—assessments, analysis, reporting, prioritization, and coordination of remediation activities • Cloud Security : Ensure security of data and systems on-premises and in the cloud; implement and support cloud-aware security architecture • Exposure Assessment : Assess cybersecurity exposures of IT systems, conduct investigations, and prepare detailed reports • Reporting & KPIs : Assist in developing cyber-related reports and KPIs, collecting and analyzing system-generated data for designated audiences • Security Awareness : Support delivery of awareness programs develop training, build campaigns, report results, and provide recommendations • Policy Development : Support development, documentation, testing, and enforcement of cybersecurity policies, standards, and operations playbooks • Threat Intelligence : Stay current with cybersecurity landscape, analyze industry trends, and identify potential impact to technology systems and operations

Romania