Cybersecurity Threat Intelligence Specialist

Your future role at a glance

Location: Remote

Department: Security

Schedule: Full Time, Day

Salary: $105,830.21 - $147,521.09 per year

#LI-Remote

Life at Ascension: Where purpose meets opportunity

Ascension is a leading nonprofit Catholic health system with a culture and associate experience grounded in service, growth, care and connection. We empower our 97,000+ associates to bring their skills and expertise every day to reimagining healthcare, together. Recognized as one of the Best 150+ Places to Work in Healthcare and a Military-Friendly Gold Employer, you'll find an inclusive and supportive environment where your contributions truly matter.

Benefits that help you thrive

• Comprehensive health coverage: medical, dental, vision, prescription coverage and HSA/FSA options
• Financial security & retirement: employer-matched 403(b), planning and hardship resources, disability and life insurance
• Time to recharge: pro-rated paid time off (PTO) and holidays
• Career growth: Ascension-paid tuition (Vocare), reimbursement, ongoing professional development and online learning
• Emotional well-being: Employee Assistance Program , counseling and peer support, spiritual care and stress management resources
• Family support: parental leave, adoption assistance and family benefits
• Other benefits: optional legal and pet insurance, transportation savings and more

How you'll make an impact in this role

• Adversary Attribution & Mapping: Collect, pivot, and analyze multi-source telemetry-including OSINT, commercial feeds, deep/dark web forums, and internal technical logs-to profile threat actors, track localized and global cyber campaigns, and map adversary TTPs directly to the MITRE ATT&CK framework.
• Detection Engineering & TIP Optimization: Manage, tune, and optimize the Threat Intelligence Platform (TIP) to ingest, score, and deduplicate IOCs, collaborating with SIEM/SOAR and Detection Engineering teams to translate threat trends into actionable YARA, Sigma, and SIEM rules.
• Proactive Hypothesis-Based Hunting: Partner with security teams to design and execute hypothesis-based threat hunting scopes and conduct retroactive hunts across data lakes and internal security platforms utilizing newly identified indicators and zero-day vulnerability intelligence.
• Incident Response Fusion & Advisory: Provide real-time, context-driven intelligence support during active security incidents, delivering critical briefings on attacker infrastructure, capabilities, and intent to the Incident Response (IR), SOC, and DevSecOps teams.
• Strategic & Operational Intelligence Synthesis: Synthesize complex, abstract technical data into high-impact threat assessments, flash reports, and threat actor profiles ("baseball cards"), contextualizing technical risks into actionable operational insights for both technical stakeholders and executive leadership.

What minimum requirements you'll need

Education:

• High School diploma equivalency with 2 years of cumulative experience OR Associate's degree/Bachelor's degree OR 4 years of applicable cumulative job specific experience required.

What additional preferences we're seeking

• Advanced proficiency in developing automation scripts (e.g., Python, PowerShell) to streamline CTI workflows, automated enrichment, data parsing, and tool/API integration.
• Hands-on experience with specialized external threat landscape and enrichment tools (e.g., DomainTools, Intel 471, Maltego, or VirusTotal Enterprise).
• Active advanced security or threat intelligence certifications, such as GIAC Cyber Threat Intelligence (GCTI), Certified Threat Intelligence Analyst (CTIA), or GIAC Certified Forensic Analyst (GCFA).

Equal employment opportunity employer

Ascension provides Equal Employment Opportunities (EEO) to all associates and applicants for employment without regard to race, color, religion, sex/gender, sexual orientation, gender identity or expression, pregnancy, childbirth, and related medical conditions, lactation, breastfeeding, national origin, citizenship, age, disability, genetic information, veteran status, marital status, all as defined by applicable law, and any other legally protected status or characteristic in accordance with applicable federal, state and local laws. For further information, view the EEO Know Your Rights (English) poster or EEO Know Your Rights (Spanish) poster.

Fraud prevention notice

Prospective applicants should be vigilant against fraudulent job offers and interview requests. Scammers may use sophisticated tactics to impersonate Ascension employees. To ensure your safety, please remember: Ascension will never ask for payment or to provide banking or financial information as part of the job application or hiring process. Our legitimate email communications will always come from an @ascension.org email address; do not trust other domains, and an official offer will only be extended to candidates who have completed a job application through our authorized applicant tracking system.

E-Verify statement

Employer participates in the Electronic Employment Verification Program. Please click here for more information.

Responsibilities

• Adversary Attribution & Mapping: Collect, pivot, and analyze multi-source telemetry-including OSINT, commercial feeds, deep/dark web forums, and internal technical logs-to profile threat actors, track localized and global cyber campaigns, and map adversary TTPs directly to the MITRE ATT&CK framework.
• Detection Engineering & TIP Optimization: Manage, tune, and optimize the Threat Intelligence Platform (TIP) to ingest, score, and deduplicate IOCs, collaborating with SIEM/SOAR and Detection Engineering teams to translate threat trends into actionable YARA, Sigma, and SIEM rules.
• Proactive Hypothesis-Based Hunting: Partner with security teams to design and execute hypothesis-based threat hunting scopes and conduct retroactive hunts across data lakes and internal security platforms utilizing newly identified indicators and zero-day vulnerability intelligence.
• Incident Response Fusion & Advisory: Provide real-time, context-driven intelligence support during active security incidents, delivering critical briefings on attacker infrastructure, capabilities, and intent to the Incident Response (IR), SOC, and DevSecOps teams.
• Strategic & Operational Intelligence Synthesis: Synthesize complex, abstract technical data into high-impact threat assessments, flash reports, and threat actor profiles ("baseball cards"), contextualizing technical risks into actionable operational insights for both technical stakeholders and executive leadership.

Qualifications

Education:

• High School diploma equivalency with 2 years of cumulative experience OR Associate's degree/Bachelor's degree OR 4 years of applicable cumulative job specific experience required.