About Us

Since 1989, SHI International Corp. has helped organizations change the world through technology. We’ve grown every year since, and today we’re proud to be a $16 billion global provider of IT solutions and services.

 

Over 17,000 organizations worldwide rely on SHI’s concierge approach to help them solve what’s next. But the heartbeat of SHI is our employees – all 7,000 of them. If you join our team, you’ll enjoy:

• Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.

• Continuous professional growth and leadership opportunities.

• Health, wellness, and financial benefits to offer peace of mind to you and your family.

• World-class facilities and the technology you need to thrive – in our offices or yours. 

Job Summary

The Senior CTI Consultant leads cyber threat intelligence delivery by converting intelligence analysis into measurable operational outcomes, including detection opportunities, hunt enablement, and crossfunctional improvement across SOC/DE/IR workflows. This role involves analyzing emerging threats, providing strategic insights, and advising clients on effective cybersecurity measures. The consultant will collaborate with cross-functional teams to enhance threat detection and response capabilities.

Role Description

• Conduct cyber threat intelligence analysis focused on adversary tactics, techniques, and procedures (TTPs) relevant to client environments.

• Lead complex intelligence workstreams by validating high-risk exposures, managing escalations, and ensuring consistent service levels and quality across deliverables.

• Develop and maintain actionable intelligence outputs by reviewing, prioritizing, and operationalizing intelligence briefs, detection opportunities, and vulnerability intelligence that is aligned to client’s risk and organizational goals.

• Translate TTP-driven intelligence into actionable threat hunting and detection engineering outputs, including hunting hypothesis, hunt guidance, and detection recommendations

• Deliver Tier 2/3 reporting such as operational intelligence briefs, detection opportunity reporting, and vulnerability exploitation likelihood outputs aligned to client priorities. Function in threat hunting and detection engineering spaces by translating TTP-driven intelligence into:

  • hunting hypotheses and scoped hunt guidance, and/or

  • detection recommendations (queries/rules), signal/noise expectations, and tuning guidance

• Provide intelligence support during investigations/incidents and help teams connect external signals to internal telemetry and response decisions. Serve as a trusted intelligence consultant to internal and client stakeholders, helping translate threat intelligence into informed security decisions for clients. Assess the effectiveness of intelligence outputs by including feedback from detection, SOC analysts, and incident response teams.

• Mentor junior analysts/consultants, improve internal processes, and help scale standardized playbooks and reporting quality.

• Stay current with industry risks and trends and participate in threat sharing communities. 

Behaviors and Competencies

• Communication: Can effectively communicate complex ideas and information to diverse audiences, facilitate effective communication between others, and mentor others in effective communication.

• Relationship Building: Can take ownership of complex team initiatives, collaborate with diverse groups, and drive results through effective relationship management.

• Self-Motivation: Can take ownership of complex personal or professional initiatives, collaborate with others when necessary, and drive results through self-motivation.

• Negotiation: Can take ownership of complex negotiations, collaborate with others, and drive consensus.

• Impact and Influence: Can rally a team or group towards a common goal, creating a positive and persuasive influence.

• Business Development: Can take ownership of significant business initiatives, collaborate with various stakeholders, and drive business results.

• Emotional Intelligence: Can use emotional information to guide thinking and behavior, manage and/or adjust emotions to adapt to environments or achieve one’s goal(s), and help others do the same.

• Detail-Oriented: Can oversee multiple projects, maintaining a high level of detail orientation, identifying errors or inconsistencies in work, and ensuring accuracy across all tasks.

• Follow-Up: Can take ownership of tasks, collaborate with others in managing follow-ups, and drive results through effective task completion.

• Presenting: Can effectively use visual aids, storytelling, and persuasive techniques to enhance presentations and engage audiences.

• Delegation: Can delegate responsibilities across a team, balancing workload, and ensuring all members understand their roles.

• Analytical Thinking: Can use advanced analytical techniques to solve complex problems, draw insights, and communicate the solutions effectively.

• Critical Thinking: Can integrate and synthesize information from various sources to inform strategic decision-making and problem-solving.

• Technical Troubleshooting: Can take ownership of complex technical problems, collaborate with others to manage solutions, and drive results in problem resolution.

Skill Level Requirements

• Expertise in security‑relevant cyber threat intelligence collection, validation, and analysis, including identification of credential/session exposure, initial access activity, malicious infrastructure, adversary targeting, and exploitation trends — Expert

• Proficiency in applying the cyber threat intelligence lifecycle (requirements definition, collection, processing, analysis, dissemination, and feedback) to deliver validated, actionable intelligence aligned to customer Priority Intelligence Requirements (PIRs) — Expert

• Ability to assess, prioritize, and communicate external threats and exposures using evidence‑based analysis and industry‑accepted mitigation guidance, ensuring intelligence is actionable by SOC, IR, Detection Engineering, and Identity teams — Expert

• Expert ability to translate adversary behavior, TTPs, and campaign activity into operational intelligence outputs, including high‑priority notifications, investigation pivots, detection opportunities, and threat‑informed response guidance — Expert

• Experience supporting threat hunting and detection engineering efforts, including development of behavior‑first hypotheses, detection opportunity recommendations, and signal/noise considerations — Expert

• Advanced analytical skills to examine, normalize, correlate, and model disparate data sets (OSINT, dark‑web sources, telemetry summaries, vulnerability data, and incident context) to draw defensible conclusions and support decision‑making — Expert

• Strong proficiency in producing finished intelligence products (alerts, operational briefs, executive summaries, trend analysis, and campaign narratives) tailored to both technical and non‑technical audiences — Expert

• Ability to manage and execute complex intelligence workstreams to completion, ensuring quality, timeliness, stakeholder alignment, and adherence to defined notification models and service‑level objectives — Expert

• Working knowledge of common security platforms and environments (identity providers, EDR/XDR, SIEM, email security, network controls, vulnerability management) sufficient to contextualize intelligence and recommend appropriate actions — Expert

Other Requirements

• 6+ years experience across CTI and at least one adjacent domain (Security Operations, Incident Response, Detection Engineering, Threat Hunting, Vulnerability Management).

• Experience analyzing adversary behaviors and translating TTP-based intelligence into actionable detection recommendations, hunt guidance, and hunting hypothesis.

• Strong finished intelligence writing and briefing skills, with the ability for both operational and executive stakeholders.

• Demonstrated ability to collaborate cross-functionally and drive actions to closure (not just produce reports). 

• Remote/Hybrid; travel as needed for strategic workshops, onboarding, and executive briefings.  

Preferred Requirements

• Experience designing or operationalizing threat hunting playbooks and/or improving detection coverage based on research and incident learnings.

• Familiarity with automation opportunities in intel/detection workflows.

• Relevant certifications (GIAC, CISSP, etc.) or equivalent demonstrated capability. 

The estimated annual pay range for this position is $120,000 - $160,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.

Equal Employment Opportunity – M/F/Disability/Protected Veteran Status