Cyber Intel Fusion Analyst

Outreach is the first and only AI Sales Execution Platform built for intelligent revenue workflows. Built on the world’s largest foundation of customer interactions and go-to-market team data, Outreach’s leading revenue AI technology helps go-to-market professionals and their companies win by intelligently accelerating decision making and elevating sellers to do their best work. Our powerful platform gives revenue teams the tools they need to design, measure, and improve a revenue strategy for every stage of the customer journey, improving efficiency and effectiveness across the entire revenue cycle. Over 6,000 customers, including Zoom, McKesson, Snowflake, SAP, and Okta use Outreach to power workflows, put customers at the center of their business, improve revenue results, and win in the market.   Outreach is a privately held company based in Seattle, Washington, with offices worldwide. To learn more, please visit www.outreach.io. 
The Role
Bridging Intelligence and ActionThe Cyber Intel Fusion Analyst is a pivotal role within our security program. 
This position serves as a critical bridge, linking strategic threat intelligence with tactical security operations. 
The analyst will be instrumental in evolving our security practices beyond traditional, siloed functions while ensuring that intelligence capabilities are not merely insightful but are directly integrated and operationalized within our security framework. This proactive operationalization of intelligence is key to anticipating emerging threats and developing innovative countermeasures to counter sophisticated cyber threats before they can impact our services or compromise sensitive information. The ability to quickly fuse intelligence into operational defense mechanisms provides a distinct security advantage, crucial for maintaining service reliability and customer trust.

Your Daily Adventures Will Include

• Core Responsibilities: Shaping Our Defenses
• The responsibilities of the Cyber Intel Fusion Analyst are multifaceted, demanding a blend of analytical acumen, technical expertise, and collaborative skill.
• Intelligence Cycle Management & Requirements Definition: The analyst will manage the intelligence analysis cycle as it pertains to team operations. This includes working closely with team operators and other stakeholders to identify and refine intelligence requirements that drive threat emulation assessments and inform defensive strategies. A key function involves identifying intelligence requirements for diverse areas such as security operations, cloud security, enterprise security, and application security, including those related to artificial intelligence. This broad scope necessitates an understanding of the unique intelligence needs of various teams, positioning the analyst as a strategic partner who can tailor and deliver relevant intelligence to enhance the effectiveness of multiple security functions.
• Tactical Intelligence Analysis & Adversary Understanding: A core function is providing tactical cyber intelligence analysis, meticulously identifying specific adversary tactics, techniques, and procedures (TTPs). This analysis will be consistently tied back to established frameworks like the MITRE ATT&CK® Framework, leveraging intelligence provided by relevant organizations. The role involves recognizing and researching attacks and attack patterns based onpublished open-source intelligence (OSINT) and other intelligence sources. The analyst will be adept at handling and organizing disparate data concerning detections, attacks, and attackers to accurately identify adversary groups and their modus operandi, thereby driving assessments pertinent to the company. This process transforms general threat data into a refined understanding of adversaries specifically targeting our environment, such as those focusing on SaaS platforms if applicable.
• Developing Actionable Intelligence & Driving Threat Emulation: The analyst is tasked with developing, producing, and managing Adversary Response Playbooks. These playbooks are crucial for supporting and driving threat emulation assessments, ensuring our defenses are tested against realistic adversary behaviors.1 This involves translating analyzed intelligence on adversary TTPs and campaign indicators into actionable detection strategies, such as developing custom SIEM correlation rules or contributing to Security Orchestration, Automation, and Response (SOAR) playbooks. This operationalization of intelligence is fundamental, turning analytical findings into tangible, proactive defensive measures that strengthen our security posture.
• Collaboration, Liaison & Stakeholder Management: Effective relationship management is paramount. The analyst will manage relationships with organizations, both internal and external, that provide requested intelligence to the team or receive information from it. A significant part of the role includes representing the team in cyber threat intelligence-related meetings and matters, acting as a crucial liaison. This collaboration extends across multiple organizational functions, potentially including cloud engineering teams, DevSecOps personnel, SOC analysts, incident responders, and even executive leadership. By effectively sharing tailored intelligence, the analyst acts as a force multiplier, enhancing the capabilities and preparedness of various teams across the organization.

Our Vision of You

• Core Competencies: Mastery of the Intelligence Cycle: Expertise in managing the intelligence analysis cycle, encompassing planning, collection (including OSINT and multi-source intelligence), processing, in-depth analysis of adversary TTPs, and the production and dissemination of timely, accurate, and actionable intelligence products tailored to diverse internal audiences.
• Strategic Requirements Identification: Proven ability to identify and refine intelligence requirements for a wide array of security functions, includingsecurity operations, cloud security, enterprise security, and application security (potentially including AI), ensuring intelligence efforts align with business and operational needs.
• Tactical Intelligence & TTP Expertise: Strong skills in tactical cyber intelligence analysis, identifying specific adversary TTPs and mapping them to frameworks like MITRE ATT&CK®. This includes researching current attacks, attack patterns, and understanding threats specific to modern environments (e.g., SaaS-specific attack patterns).
• Actionable Output Development: Demonstrable experience in developing, producing, and managing resources like Adversary Response Playbooks to support and drive threat emulation assessments, effectively translating intelligence into practical defensive measures.
• Data Synthesis & Adversary Profiling: Capability in handling and organizing disparate data about detections, attacks, and attackers to properly identify adversary groups and develop comprehensive threat actor profiles, particularly those relevant to the company’s operational landscape.
• Exceptional Collaboration & Liaison Skills: Excellent relationship management abilities with internal and external intelligence providers and consumers, and proven experience acting as an effective liaison and team representative in intelligence matters.
• Education and Experience: A minimum of 5 years of progressive, hands-on experience in the cybersecurity domain, with a demonstrable track record in roles that combine cyber threat intelligence analysis with security operations or incident response functions. Experience in environments with a significant cloud and SaaS focus is highly advantageous. This emphasis on combined experience highlights the need for individuals who have practically applied the "fusion"concept.
• Technical Prowess: The analyst must possess a robust set of technical skills to effectively investigate security incidents, analyze threat data, and implement defensive measures, especially within cloud environments.

Essential technical competencies are outlined below:

• An in-depth understanding of core networking protocols (TCP/IP, UDP,HTTP/S, DNS, SMTP, etc.), network traffic analysis methodologies, and the function of common networking ports and protocols.
• Proficiency with cloud security architectures (IaaS, PaaS, SaaS) and hands-onexperience with security tools native to major cloud platforms (e.g., AWS,Azure, GCP).
• Expertise with Security Information and Event Management (SIEM) platforms for log correlation, advanced analysis, and the development of custom detection rules.
• Hands-on experience with Endpoint Detection and Response (EDR/XDR) solutions for endpoint threat detection, investigation, and response.
• Strong skills in comprehensive log analysis from diverse cloud and on-premises sources, including operating systems (Windows, Linux, macOS), applications, network devices, and cloud service logs (e.g., CloudTrail, Azure Monitor).
• A solid understanding of Windows and Linux operating systems (including distributions such as RHEL, Ubuntu, CentOS) and macOS, encompassing system administration fundamentals, security configurations, logging mechanisms, and common attack vectors.
• Scripting skills for automation of analytical tasks, data manipulation, tool integration, or the development of custom detection scripts using languages such as Python, PowerShell, or Bash.
• Deep understanding and practical application of threat intelligence frameworks such as the MITRE ATT&CK® Framework, the Cyber Kill Chain®, and the Diamond Model of Intrusion Analysis.
• The following outlines core technical competencies and representative toolsets relevant to this role:
• Category Examples/Specific Tools (Tailored for SaaS)
• Cloud Platform Security: AWS (GuardDuty, Security Hub, Macie, Inspector), Azure (Sentinel, Defender for Cloud), GCP (Security Command Center)
• SIEM: Google SecOps, CrowdStrike NG SIEM, Sumologic CloudSiem
• EDR/XDR: CrowdStrike Falcon, JAMF Protect
• Network Analysis: Wireshark, Zeek (formerly Bro), Suricata, Cloud-native traffic mirroring/analysis tools
• Vulnerability Management: CrowdStrike Exposure Management, Wiz, Cloud-native vulnerability scanners
• Scripting Languages: Python, PowerShell, Bash
• Operating Systems: Windows (Client/Server), Linux (various distributions such as RHEL, Ubuntu, CentOS), macOS
• Threat Intelligence Platforms: (TIPs) MISP, ThreatConnect, Anomali ThreatStream,Recorded Future.
• Analytical and Communication Skills: Exceptional analytical and problem-solving skills, with a demonstrated ability to correlate disparate datasets, identify subtle patterns of malicious activity, and make sound, evidence-based judgments, often under pressure.
• Excellent written and verbal communication skills, with the proven ability to articulate complex technical information, security concepts, and intelligence findings clearly and concisely to diverse audiences, including technical peers and management.
Work Requirements:
• This position requires participation in an on-call rotation to provide expert support during critical security incidents. This role does not involve regular shift work.
Bonus Points: Preferred Qualifications
• While not mandatory, the following qualifications will significantly differentiate strong candidates and indicate a deeper specialization.

Advanced industry-recognized cybersecurity certifications. Examples include:

• GIAC Cyber Threat, SANS/GIAC Cyber Threat Intelligence, Intelligence (GCTI), GIAC Certified Intrusion, SANS/GIAC Network Security Monitoring, Analyst (GCIA), Intrusion Detection, GIAC Certified Incident, SANS/GIAC Incident Response, Handler (GCIH), CISSP (ISC)² Broad Cybersecurity, Management & Operations, AWS Certified Security – Amazon Web Services AWS Cloud Security Specialty, Azure Security Engineer, Microsoft Azure Cloud Security, Associate (AZ-500), CompTIA Cybersecurity, CompTIA Cybersecurity Analysis, Analyst (CySA+), Intrusion Detection, Offensive Security Certified, Offensive Security Penetration Testing, Professional (OSCP), (Understanding Attacker Methods)
• Practical experience utilizing Threat Intelligence Platforms (TIPs) such as MISP, ThreatConnect, Anomali ThreatStream, or Recorded Future.
• Experience with Security Orchestration, Automation, and Response (SOAR) platforms and playbook development.
• Knowledge of malware analysis (static and dynamic) and reverse engineering techniques, and familiarity with associated tools.
• Familiarity with DevSecOps principles and experience securing CI/CD pipelines.
• Understanding of compliance frameworks relevant to SaaS environments (e.g.,SOC 2, ISO 27001/27701/42001, GDPR, HIPAA).

Why You’ll Love It Here
● Highly competitive salary● 25 days annual vacation time + sick time and casual leave● Group medical policy coverage available to employees and up to 5 eligible family members● OPD benefit covered up to INR 10,000● Life insurance and personal accident insurance at 3x annual CTC● 26 weeks of maternity leave pay, and 15 days of paternity leave pay● Opportunity to be part of company success via the RSU program● Diversity and inclusion programs that promote employee resource groups like OWN+ (Outreach Women's Network), Adelante (Latinx community), OBX (Outreach Black Connection), Mosaic (AAPI community), Pride (LGBTQIA+), Gender+, Disability Community, and Veterans/Military ● Employee referral bonuses to encourage the addition of great new people to the team● Fun company and team outings because we play just as hard as we work
Our success is reliant on building teams that include people from different backgrounds and experiences who can elevate assumptions and ideas with fresh perspectives. We're dedicated to hiring the whole human, not just a resume. To that end, we look for a diverse pool of applicants-including those from historically marginalized groups. We would like to invite you to apply even if you don't think you meet all of the requirements listed below. We don't want a few lines in a job description to get between us and the opportunity to meet you.