Threat Intelligence Analyst

About the Role :

As a Cyber Threat Intelligence Specialist at Capgemini, you will transform raw data into actionable insights that inform and strengthen our defenses. You’ll monitor and dissect adversary Tactics, Techniques, and Procedures (TTPs), track threat actor campaigns, and evaluate how geopolitical or industry events may shape cyber risks. Your intelligence deliverables—ranging from tactical alerts to strategic trend analyses—will guide SOC analysts, incident responders, and executive leadership alike.

Responsibilities :

• Intelligence Collection & Analysis
  • Gather and process cyber threat data from internal logs, open‑source feeds, commercial platforms, and partnerships.
  • Use OSINT and threat‑intelligence platforms (e.g. MISP, OpenCTI, DomainTools) to enrich and correlate indicators of compromise.

• TTP Monitoring & Reporting
  • Identify and track evolving TTPs of cyber threat actors, from commodity malware gangs to advanced persistent threats (APTs).
  • Analyze non‑cyber events (political, regulatory, industry) for potential impact on adversary behavior and organizational risk.

• Actionable Intelligence Deliverables
  • Produce and disseminate intelligence products at multiple levels:
    • Tactical: IOCs, YARA rules, rapid alerts for SOC ingestion
    • Operational: Campaign analyses, cluster reports, and threat actor profiles
    • Strategic: Quarterly threat landscape briefs, risk assessments, and executive summaries

• Threat Hunting & Collaboration
  • Design and support hypothesis‑driven threat hunting campaigns, assisting with data gathering and pre‑processing for the hunt team.
  • Liaise with SOC, incident response, and offensive teams to validate intelligence and refine detection logic.

• Continuous Improvement
  • Evaluate and recommend enhancements to our threat‑intelligence tooling, processes, and sharing frameworks.
  • Mentor junior analysts and foster knowledge sharing across the security organization.

Required Skills and Expertise :

• Core Experience
• 3+ years in a threat intelligence, threat hunting, or related cybersecurity role.
• Proficient with threat‑intelligence platforms (OpenCTI, MISP) and OSINT tools (DomainTools, VirusTotal, etc.).
• Solid scripting skills (Python preferred) for data enrichment, indicator processing, and automation.
• Strong analytical mindset with the ability to distill complex technical findings into clear, concise reports.
• Excellent verbal and written communication skills for both technical teams and business stakeholders.

• Technical Expertise
• Deep understanding of threat‑intelligence methodologies and frameworks (e.g., MITRE ATT&CK).
• Familiarity with cloud environments (AWS, Azure, GCP) and how cloud‑native threats differ from on‑premise.
• Experience in threat hunting fundamentals: hypothesis creation, data normalization, and query development.
• Knowledge of legal and ethical considerations in intelligence collection and sharing.
• Fluent in English; based on the working environment, French / Dutch knowledge is a plus.