Blackstone
• $135K — $170K *Qualifications
Responsibilities
Benefits
Position Overview
The Cyber Threat Intelligence (CTI) team within Blackstone Security Operations identifies, tracks, and assesses cyber threats relevant to Blackstone and its portfolio companies. The Associate Threat Intelligence Analyst conducts tactical, operational, and strategic analysis to inform defensive operations, risk decisions, and executive awareness. This is a team at the cutting edge of cyber defense: we are pioneering the use of AI and automation to outpace adversaries, we move quickly from idea to production, and we give analysts real ownership to shape how intelligence is practiced rather than slot into a routine. This is hands-on intelligence and engineering work: monitoring the evolving threat landscape, producing finished intelligence products and reports, extracting and enriching indicators of compromise (IOCs), and helping manage the firm's external attack surface and exposure risk. The analyst leverages AI and automation tooling to collect, enrich, and operationalize intelligence at scale, and develops clear visual products such as diagrams to make threats understandable to both technical and non-technical audiences. The role works closely with detection engineering, incident response, and vulnerability management to turn intelligence into new detections and preventions, helping protect one of the world's leading investment platforms where cybersecurity and global finance meet.
Responsibilities
• Monitor and analyze cyber threat activity targeting the financial sector, alternative asset management, and adjacent industries using open-source, commercial, and internal sources, correlating across them to identify patterns and provide early warning of emerging campaigns
• Produce finished intelligence products and reports including recurring threat reporting, advisories, campaign profiles, actor dossiers, executive briefings, and visual products such as diagrams, tailored to both technical and non-technical audiences
• Map adversary behaviors to the MITRE ATT&CK framework and maintain threat actor profiles covering TTPs, intent, and relevance to Blackstone
• Extract, validate, enrich, and operationalize indicators of compromise (IOCs) to support detection engineering and incident response workflows
• Leverage AI and automation tooling to scale collection, enrichment, and operationalization of intelligence
• Partner with Alert, Detection & Response and Incident Response teams to translate intelligence into production detections (Splunk SPL, Sigma, YARA)
• Track zero-day and critical vulnerabilities, assess Blackstone's exposure, and translate findings into new detections and preventions in coordination with detection and security engineering
• Support threat-informed vulnerability prioritization (CVSS, EPSS, CISA KEV) and coordinate remediation tracking with asset owners
• Operate and evolve the firm's external Attack Surface Management (ASM) program, discovering and inventorying internet-facing assets across Blackstone and its portfolio companies, triaging newly discovered exposures and misconfigurations, and coordinating remediation
• Support Fusion Center digital-threat monitoring, including brand, executive, and reputational exposure across OSINT, social media, and dark web sources
• Contribute to intelligence sharing with trusted industry partners, ISACs (such as FS-ISAC), government partners (such as JCDC), and peer financial institutions
• Participate in incident response and the SOC on-call rotation (occasional, roughly every other month) to respond to escalated security incidents
Qualifications
• 2+ years of experience in cyber threat intelligence, security operations, incident response, or a related cybersecurity discipline
• Demonstrated understanding of the cyber threat landscape, including prominent threat actor groups,
campaigns, and TTPs
• Working knowledge of intelligence frameworks such as MITRE ATT&CK, the Diamond Model, or the Intelligence Cycle
• Experience with threat intelligence platforms (TIPs), SIEM tools (e.g., Splunk), OSINT research methodologies, or attack surface management / vulnerability management tooling
• Scripting or programming experience (Python preferred) for automating data collection, enrichment, and analytic workflows
• Demonstrated, hands-on experience applying AI tooling (such as LLMs and coding assistants) to real work, and can clearly speak to several projects where you used AI to automate or accelerate a task
• Capable of writing clearly and developing visual products (such as diagrams) to communicate complex cyber threats to both technical and non-technical stakeholders, including executive leadership
• Strong analytical reasoning, attention to detail, and capable of prioritizing effectively in a fast-paced environment
• B.S. in Computer Science, Cybersecurity, Intelligence Studies, International Relations, or a related field
Preferred Qualifications
• Experience in the financial sector or an organization with a global threat landscape
• Hands-on experience with Attack Surface Management platforms (e.g., Mandiant ASM, CrowdStrike Falcon Surface, Microsoft Defender EASM, or similar)
• Hands-on experience with specific AI developer tooling, such as LLM assistants and APIs (e.g., ChatGPT/OpenAI, Claude/Anthropic, Gemini), coding assistants (e.g., GitHub Copilot, Cursor), or agentic and automation frameworks
• Experience with vulnerability management programs, including prioritization frameworks (CVSS, EPSS, CISA KEV) and remediation tracking
• Familiarity with structured analytic techniques and intelligence writing standards
• Experience with detection content development (Sigma, YARA, Splunk SPL, or KQL)
• Active participation in industry working groups, ISACs, or CTI community forums
• Relevant certifications (GIAC GCTI, Security+, CTIA, or similar)
• Exposure to cloud environments (AWS, Azure) and an understanding of cloud-specific threat vectors
The duties and responsibilities described here are not exhaustive and additional assignments, duties, or responsibilities may be required of this position. Assignments, duties, and responsibilities may be changed at any time, with or without notice, by Blackstone in its sole discretion.
Expected annual base salary range:
$135,000 - $170,000Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. For roles located outside of the US, please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.
Additional compensation and benefits offered in connection with the roleconsist of comprehensive health benefits, including but not limited to medical, dental, vision, and FSA benefits; paid time off; life insurance; 401(k) plan; and discretionary bonuses. Certain employees may also be eligible for equity and other incentive compensation at Blackstone’s sole discretion.
Similar Jobs

More Jobs at Blackstone
More Information Technology Jobs