Threat Intelligence Analyst

Company Overview:

TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the AI-Native MDR landscape.

We’re a fast growing startup backed by industry experts and top tier investors led by Crosspoint Capital Partners and also backed by Shield Capital, DTCP (formerly Deutsche Telekom Capital Partners), Deepwork Capital, and the Florida Opportunity Fund. Seed round led by Andreessen Horowitz (a16z). As an early employee, you’ll play a meaningful role in defining and building our culture. Get in on the ground floor. We’re a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside.

Culture is one of the most important things at TENEX.AI—explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work.

This role is Hybrid in our Overland Park, KS or Sarasota, FL location.

The Opportunity

We are looking for an investigative Threat Intelligence Analyst to join our Cybersecurity team. You will be responsible for identifying, evaluating, and communicating threats to our organization. Your primary mission is to turn the "noise" of the global threat landscape into clear, actionable intelligence that our Security Operations Center (SOC) and leadership can use to protect our customers. You will also be instrumental in the building and development of our threat intelligence program, collaborating with various security functions, and proactively identifying and helping to mitigate risks.

Core Responsibilities

• The Intelligence Cycle: Support all phases of the intelligence lifecycle — planning, collection, analysis, production, and dissemination — under the guidance of senior analysts.

• Adversary Research: Research known threat actors and groups, mapping observed Tactics, Techniques, and Procedures (TTPs) to the MITRE ATT&CK framework to help identify potential gaps in current defenses.

• Threat Landscape Monitoring: Monitor open sources, industry feeds, and relevant forums to contribute to "big picture" reporting on how the threat environment is evolving.

• Tactical Support: Collect and help validate technical Indicators of Compromise (IOCs) from malware reports and OSINT sources to support blocklist hygiene and reduce noise.

• Threat Intelligence Collection: Proactively research and collect threat intelligence from open-source intelligence (OSINT), commercial feeds, and internal security data.

• Reporting: Assist in producing written reports, including Flash Alerts for urgent threats and contributions to monthly blogs or executive summaries.

• Vulnerability Intelligence: Monitor vulnerability disclosures and exploit trends, surfacing relevant findings for review and escalation.

• Cross-Functional Collaboration: Work alongside technical teams (e.g., Incident Response, SOC) and help communicate threat findings to non-technical stakeholders in plain language.

Required Qualifications

• Experience: 2–4 years of experience in cybersecurity, with at least 1–2 years in a threat intelligence, SOC, or closely related role.

• Knowledge: Working familiarity with the Intelligence Cycle and common threat frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain).

• Research Skills: Hands-on experience with OSINT tools and techniques (e.g., Shodan, VirusTotal, WHOIS).

• Communication: Strong writing skills with the ability to summarize threats in a clear, business-relevant way.

• Analytical Mindset: Awareness of structured analytic techniques and a commitment to objective, evidence-based assessments.

Technical Skills & Tools

• TIP: Exposure to or willingness to learn Threat Intelligence Platforms (e.g., ThreatConnect, OpenCTI).

• SIEM: Basic familiarity with SIEM systems and log-based investigation.

• Standard Formats: Awareness of STIX/TAXII protocols for threat intelligence sharing.

• Malware Literacy: Ability to read a sandbox report and extract basic indicators such as C2 infrastructure.

• Scripting: Exposure to Python or similar scripting for basic data tasks is a plus.

The Ideal Candidate

• Holds or is actively pursuing a relevant certification (e.g., CompTIA Security+, BTL1, or working toward GCTI).

• Curious by nature — you don't just flag a malicious IP, you want to understand who is behind it and why.