U.Neat

Cyber Threat Intelligence Consultant Engineer

U.Neat

full-time

Posted on:

Location Type: Hybrid

Location: Lyon • 🇫🇷 France

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

FluxPythonSplunk

About the role

  • The role is part of a continuous improvement dynamic, working closely with the build, SOC and CSIRT teams.
  • Manage CTI run operations: ensure operational monitoring of CTI — stream surveillance, integrations, and data quality.
  • Work closely with the build team on redesigning and automating CTI processes (IOC integration, OpenCTI, Splunk/TheHive interconnections).
  • Process and qualify CTI alerts, verify the relevance of IOCs and their impact on the environment.
  • Contribute to the creation and updating of CTI reports.
  • Collect and analyze information from internal sources (SOC, CSIRT, VOC) and external sources (OSINT, partners, commercial feeds, CERT-FR, ANSSI).
  • Contribute to the qualification and enrichment of IOCs (reliability, context, MITRE ATT&CK mapping).
  • Monitor APT and cybercriminal campaigns affecting critical sectors.
  • Produce tactical and operational CTI reports (IOCs, TTPs, campaigns).
  • Contribute to strategic briefing notes for management.
  • Maintain an actionable, documented and automated CTI pipeline.
  • Distribute IOCs and reports to relevant entities (SOC, CSIRT, CISO, business units).
  • Participate in threat hunting activities in SIEM/EDR environments (primarily Splunk).
  • Correlate IOCs/TTPs with SOC logs and alerts.
  • Propose new detection rules (Yara, Sigma, etc.) in collaboration with detection teams.
  • Provide contextualized intelligence during major incidents.
  • Support the CSIRT’s technical analyses (malicious infrastructures, campaigns, indicators).
  • Contribute to post-incident monitoring and lessons learned.
  • Participate in defining and maintaining the threat repository (actors, TTPs, MITRE ATT&CK, Diamond Model).
  • Document processes, best practices and lessons learned.
  • Be proactive in proposing improvements to CTI tooling (TIP integration, Splunk / TheHive / OpenCTI optimization).

Requirements

  • Proven experience in operational CTI run management (IOCs, alerts, automation, integrations)
  • Knowledge of the OpenCTI ecosystem, Splunk and/or TheHive
  • Scripting/automation skills (Python, APIs) are a plus
  • Strong interpersonal skills and ability to collaborate with build and operational security teams
  • Analytical mindset, rigor and technical curiosity.
Benefits
  • Join a young, growing company specialized in cybersecurity
  • A CSR program and a personalized professional development path
  • Remote work possible

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
operational CTI run managementIOC integrationautomationdata qualityscriptingPythonAPIsdetection rulesYaraSigma
Soft skills
interpersonal skillscollaborationanalytical mindsetrigortechnical curiosity