Senior Threat Intelligence Analyst (f/m/d)

Welcome to ZEISS – a company that combines innovation and responsibility! Our corporate functions are various and make a decisive contribution to the orientation strategic and sustainable success of ZEISS.

Corporate Information Technology (CIT) is the central part of the company's strategy, developing and implementing innovative security solutions to enhance efficiency and competitiveness in the Carl Zeiss Group. By working closely with various business units, CIT ensures that technological advancements and digital transformations are seamlessly integrated into business processes. Your Role In this role, you serve as a senior technical expert within the Cyber Defense Center. You are responsible for identifying, detecting, and assessing global cyber threats, transforming complex data from various sources into actionable insights to proactively strengthen our defense strategies.

Your main responsibilities include: Intelligence Collection & Analysis: Collect, process, and analyze information from various sources, including open-source intelligence (OSINT), dark web forums, and commercial threat intelligence feeds.

TTP & Actor Profiling: Develop and maintain a comprehensive understanding of threat actors, their tactics, techniques, and procedures (TTPs), and their potential impact on the organization.

Advanced Tooling & Automation: Configure and maintain the Threat Intelligence Platform (TIP) and utilize industry-standard tools such as Google Threat Intel (GTI), MISP, and Microsoft Defender Threat Intelligence (Defender TI) to automate and enrich data.

Actionable Reporting: Generate threat intelligence products for diverse audiences, including technical reports and recommendations for defensive measures.

Strategic Collaboration: Collaborate closely with the SOC, CIRT, and other business representatives to identify areas where threat intelligence provides the most benefit.

Risk Assessment: Use structured analytic techniques to identify trends, assess risks, and escalate critical technical findings to the Incident Commander.

Capability Enhancement: Research and assessment new tools, techniques, and data sources to enhance overall threat intelligence capabilities.

Documentation & Governance: Ensure complete and structured documentation of all activities, including the creation of playbooks, policies, and procedures.

Professional Experience: Several years of experience in threat intelligence environments, SOC or DFIR.

Technical Deep-Dive: Strong knowledge of IT infrastructures, networks, operating systems, and cloud environments.

Specific Tool Expertise: Proven hands-on experience with Google Threat Intel, MISP, or Microsoft Defender TI to drive proactive security measures.

Framework Proficiency: Solid understanding of attacker TTPs and the ability to map observed activity to frameworks such as MITRE ATT&CK, NIST, or SANS.

Analytical Mindset: Proven experience in handling complex or high-severity incidents and identifying emerging cyber threats and vulnerabilities.

Communication: Ability to communicate technical findings clearly and concisely to different stakeholder groups and translate threats into organizational requirements.

Resilience: A structured, reliable, and resilient working style, when especially supporting threat mitigation efforts in critical situation.

.