Intelligence Lead Analyst, OSINT Threat Hunting

Citi

Remote

Quick summary

Work type
Remote
Location
Charlotte, NC
Salary
$117,440–$176,160 / yr
Posted
6 days ago

Market check

Salary context

Below market

How this pay compares to similar roles

Similar $166k
This role $147k
$108k most similar roles pay here $208k

This role pays less than 68% of similar roles. Most pay $140,775–$190,900 — the shaded band above. At the midpoint, this role pays about $147k versus about $166k for comparable roles.

Based on 239 similar postings.

Employer

About Citi

Citi is one of the world’s most trusted financial institutions, proudly serving millions of customers across the United States.

Citi currently has 298 open roles on FindRole.

Listed pay typically runs $125,760–$188,640 across 281 roles with salary data.

Most-posted roles

View all roles at Citi

At a glance

TL;DR · Intelligence Lead Analyst, OSINT Threat Hunting

As a senior Intelligence Lead Analyst at Citi's CSIS Advanced Analytics and Cyber OSINT program, you will design and lead the proactive threat hunting capabilities for one of the world’s leading financial institutions. Your daily tasks include transforming open-source information into actionable intelligence to protect Citi’s assets against emerging threats. You will drive hypothesis-driven hunt operations across global enterprise environments, operationalize cyber threat intelligence into detection engineering, and serve as a subject matter expert on adversary tactics. The role requires expertise in the MITRE ATT&CK framework, proficiency with Threat Intelligence Platforms like Recorded Future and Mandiant Advantage, and hands-on experience with scripting languages such as Python and PowerShell for automation and tool development. Additionally, you must have advanced OSINT tradecraft skills and a solid understanding of network forensics and malware analysis to support investigative tasks at scale.

What you'll do

  • Design and lead the maturation of Citi's proactive threat hunting capabilities.
  • Drive hypothesis-driven hunt operations across Citi’s global enterprise environment.
  • Operationalize cyber threat intelligence into detection engineering for future attacks.
  • Serve as a subject matter expert on adversary tactics, techniques, and procedures (TTPs).
  • Analyze regional threat data to correlate with existing intelligence requirements.
  • Present complex intelligence findings to senior leadership for strategic decision-making.

What we're looking for

  • 6-10 years of experience in cyber threat intelligence and OSINT.
  • Deep expertise in the MITRE ATT&CK framework for mapping adversary TTPs.
  • Hands-on experience with Threat Intelligence Platforms like Recorded Future.
  • Proficiency in scripting languages (Python, PowerShell) for automation.
  • Advanced skills in dark web monitoring and social media intelligence analysis.
  • Experience with link analysis platforms such as Palantir or Maltego.
  • Strong communication skills to produce clear intelligence products.

More like this

Similar roles

Principal Applied Threat Intelligence Analyst

Microsoft

Redmond, WA +1 6 days ago $142,800$274,800
MITRE_ATT&CK Python PowerShell C C++ Docker Kubernetes AWS Azure GCP CI/CD Terraform PostgreSQL MongoDB Redis Git Jenkins Prometheus Grafana MSSecurity Diamond_Model Cyber_Kill_Chain

Counterintelligence Analyst Lead

Anduril Industries

Costa Mesa, CA 15 days ago $129,000$171,000
CI/CD Python SQL Kubernetes AWS Grafana Prometheus Terraform Docker PostgreSQL GitLab Jira Confluence M3 MetricFire

Counterintelligence Analyst Lead

Anduril Industries

Washington, District of Columbia 15 days ago $129,000$171,000
CI/CD Python SQL Kubernetes AWS GCP Azure Terraform Docker Prometheus Grafana GitLab Jenkins PostgreSQL MSSQL Linux Windows_Server Nginx Apache_HTTP_Server

Senior Security Analyst, Threat Intelligence

Robinhood

Menlo Park, CA 21 days ago $166,000$195,000
Python SQL OSINT AWS GCP Azure SIEM SOAR OpenCTI DNS Certificate_Transparency_Logs Cloud_Providers Telecom_Platforms Case_Management_Systems CI/CD
Hybrid

Senior Applied Threat Intelligence Analysts

Microsoft

9 days ago $102,100$202,200
Microsoft Sentinel Microsoft Defender XDR MITRE ATT&CK Python PowerShell C# C++ AI tools large language models network protocols reverse-engineering static binary analysis behavioral analysis Cyber Kill Chain Diamond Model

Cyber Threat Intelligence Analyst

Leidos

112 days ago $107,900$195,050
MITRE ATT&CK Threat Intelligence Platform (TIP) Python PowerShell SPL KQL Elastic DSL AWS Azure O365 Cyber Kill Chain Diamond Model of Intrusion Analysis Anomali ThreatConnect MISP
Hybrid