Blackstone is the world's largest alternative asset manager. Blackstone seeks to deliver compelling returns for institutional and individual investors by strengthening the companies in which the firm invests. Blackstone's over $1.3 trillion in assets under management include global investment strategies focused on real estate, private equity, credit, infrastructure, life sciences, growth equity, secondaries and hedge funds. Further information is available at Follow @blackstone on LinkedIn, X (Twitter), and Instagram.
Business Unit Overview Blackstone Technology & Innovations (BXTI) is the technology team at the core of each of Blackstone's businesses and new growth initiatives. Serving both internal and external clients, we work to build the next generation of systems that manage risk, create efficiency and improve transparency within the firm and across our broad community of investors and portfolio companies.
BXTI is entrepreneurial - our open, iterative design processes and rapid pace of development mean that everyone on the team has the opportunity to make an impact from day one. We are problem solvers who can take projects from idea to implementation. We believe in active mentoring and developing excellence. We collaborate to find the best answers for our customers and for our firm.
Position Overview The Cyber Threat Intelligence (CTI) team within Blackstone Security Operations identifies, tracks, and assesses cyber threats relevant to Blackstone and its portfolio companies. The Associate Threat Intelligence Analyst conducts tactical, operational, and strategic analysis to inform defensive operations, risk decisions, and executive awareness. This is a team at the cutting edge of cyber defense: we are pioneering the use of AI and automation to outpace adversaries, we move quickly from idea to production, and we give analysts real ownership to shape how intelligence is practiced rather than slot into a routine. This is hands-on intelligence and engineering work: monitoring the evolving threat landscape, producing finished intelligence products and reports, extracting and enriching indicators of compromise (IOCs), and helping manage the firm's external attack surface and exposure risk. The analyst leverages AI and automation tooling to collect, enrich, and operationalize intelligence at scale, and develops clear visual products such as diagrams to make threats understandable to both technical and non-technical audiences. The role works closely with detection engineering, incident response, and vulnerability management to turn intelligence into new detections and preventions, helping protect one of the world's leading investment platforms where cybersecurity and global finance meet.
Responsibilities Monitor and analyze cyber threat activity targeting the financial sector, alternative asset management, and adjacent industries using open-source, commercial, and internal sources, correlating across them to identify patterns and provide early warning of emerging campaigns
Produce finished intelligence products and reports including recurring threat reporting, advisories, campaign profiles, actor dossiers, executive briefings, and visual products such as diagrams, tailored to both technical and non-technical audiences
Map adversary behaviors to the MITRE ATT&CK framework and maintain threat actor profiles covering TTPs, intent, and relevance to Blackstone
Extract, validate, enrich, and operationalize indicators of compromise (IOCs) to support detection engineering and incident response workflows
Leverage AI and automation tooling to scale collection, enrichment, and operationalization of intelligence
Partner with Alert, Detection & Response and Incident Response teams to translate intelligence into production detections (Splunk SPL, Sigma, YARA)
Track zero-day and critical vulnerabilities, assess Blackstone's exposure, and translate findings into new detections and preventions in coordination with detection and security engineering
Support threat-informed vulnerability prioritization (CVSS, EPSS, CISA KEV) and coordinate remediation tracking with asset owners
Operate and evolve the firm's external Attack Surface Management (ASM) program, discovering and inventorying internet-facing assets across Blackstone and its portfolio companies, triaging newly discovered exposures and misconfigurations, and coordinating remediation
Support Fusion Center digital-threat monitoring, including brand, executive, and reputational exposure across OSINT, social media, and dark web sources
Contribute to intelligence sharing with trusted industry partners, ISACs (such as FS-ISAC), government partners (such as JCDC), and peer financial institutions
Participate in incident response and the SOC on-call rotation (occasional, roughly every other month) to respond to escalated security incidents
Qualifications 2+ years of experience in cyber threat intelligence, security operations, incident response, or a related cybersecurity discipline
Demonstrated understanding of the cyber threat landscape, including prominent threat actor groups,
campaigns, and TTPs
Working knowledge of intelligence frameworks such as MITRE ATT&CK, the Diamond Model, or the Intelligence Cycle
Experience with threat intelligence platforms (TIPs), SIEM tools (e.g., Splunk), OSINT research methodologies, or attack surface management / vulnerability management tooling
Scripting or programming experience (Python preferred) for automating data collection, enrichment, and analytic workflows
Demonstrated, hands-on experience applying AI tooling (such as LLMs and coding assistants) to real work, and can clearly speak to several projects where you used AI to automate or accelerate a task
Capable of writing clearly and developing visual products (such as diagrams) to communicate complex cyber threats to both technical and non-technical stakeholders, including executive leadership
Strong analytical reasoning, attention to detail, and capable of prioritizing effectively in a fast-paced environment
B.S. in Computer Science, Cybersecurity, Intelligence Studies, International Relations, or a related field
Preferred Qualifications Experience in the financial sector or an organization with a global threat landscape
Hands-on experience with Attack Surface Management platforms (e.g., Mandiant ASM, CrowdStrike Falcon Surface, Microsoft Defender EASM, or similar)
Hands-on experience with specific AI developer tooling, such as LLM assistants and APIs (e.g., ChatGPT/OpenAI, Claude/Anthropic, Gemini), coding assistants (e.g., GitHub Copilot, Cursor), or agentic and automation frameworks
Experience with vulnerability management programs, including prioritization frameworks (CVSS, EPSS, CISA KEV) and remediation tracking
Familiarity with structured analytic techniques and intelligence writing standards
Experience with detection content development (Sigma, YARA, Splunk SPL, or KQL)
Active participation in industry working groups, ISACs, or CTI community forums
Relevant certifications (GIAC GCTI, Security+, CTIA, or similar)
Exposure to cloud environments (AWS, Azure) and an understanding of cloud-specific threat vectors
The duties and responsibilities described here are not exhaustive and additional assignments, duties, or responsibilities may be required of this position. Assignments, duties, and responsibilities may be changed at any time, with or without notice, by Blackstone in its sole discretion.
Expected annual base salary range: $135,000 - $170,000
Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. For roles located outside of the US, please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.
Additional compensation and benefits offered in connection with the role consist of comprehensive health benefits, including but not limited to medical, dental, vision, and FSA benefits; paid time off; life insurance; 401(k) plan; and discretionary bonuses. Certain employees may also be eligible for equity and other incentive compensation at Blackstone's sole discretion.
Blackstone is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity or expression, disability, genetic predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other class or status in accordance with applicable federal, state and local laws. This policy applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, transfer, leave of absence, compensation, and training. All Blackstone employees, including but not limited to recruiting personnel and hiring managers, are required to abide by this policy.
If you need a reasonable accommodation to complete your application, please contact Human Resources at (US), +44 (0)20 7451 4000 (EMEA) or +852 3656 8600 (APAC).
Depending on the position, you may be required to obtain certain securities licenses if you are in a client facing role and/or if you are engaged in the following:
- Attending client meetings where you are discussing Blackstone products and/or and client questions;
- Marketing Blackstone funds to new or existing clients;
- Supervising or training securities licensed employees;
- Structuring or creating Blackstone funds/products; and
- Advising on marketing plans prepared by a sales team or developing and/or contributing information for marketing materials.
Note: The above list is not the exhaustive list of activities requiring securities licenses and there may be roles that require review on a case-by-case basis. Please speak with your Blackstone Recruiting contact with any questions.
To submit your application please complete the form below. Fields marked with a red asterisk * must be completed to be considered for employment (although some can be answered "prefer not to say"). Failure to provide this information may compromise the follow-up of your application. When you have finished click Submit at the bottom of this form.