OpenCTI Deployment
1 day ago
Job description
Need OpenCTI expert who can mentor me through production deploymentAND teach me how to actually use the platform.
Background:
Successfully deployed POC with 6 threat feeds (figured out Docker,
SSL certs, connectors through trial and error). Management approved
production, but I want to do it RIGHT this time.
Production Goal:
Integrate XSIAM (our SIEM) with OpenCTI - sync indicators via TAXII
or playbook method. Add vendor feeds (ZeroFox, Health-ISAC) without
losing attribution.
The Catch:
I deployed POC successfully but honestly don't know how to USE
OpenCTI for actual threat intel work. Need someone who can teach
me threat actor profiling, attribution, investigations - not just
deployment.
What I Need:
- Guide production setup (XSIAM integration is the blocker)
- Teach me OpenCTI operations (how analysts actually use it)
- Patient mentor who explains WHY, not just HOW
- Someone who's used OpenCTI for real threat intel, not just deployed it
Background:
SOC analyst, work with XSIAM daily (alert triage, investigations).
Understand threat intel concepts from investigation side, new to
dedicated TIP platforms. Learn by doing WITH guidance.
Must Have:
- OpenCTI production experience
- SIEM integration knowledge (MISP/OpenCTI/ThreatConnect)
- Docker troubleshooting skills
- Teaching patience
Contract duration of 1 to 3 months. with 30 hours per week.
Mandatory skills:
Firewall, Docker, SOC analyst, OpenCTI, Threat intelligence platform, Cyber Threat Intelligence, Security orchestration, TAXII STIX integration, Palo Alto XSIAM, SIEM integration
Similar jobs
Soc Analyst/Threat Intelligence/OpenCTI/Docker
Only for registered members
We are looking for an experienced OpenCTI expert to guide us through the production implementation and teach us how to use the platform effectively. We have completed a POC with 6 external threat feed connectors but need help with XSIAM integration, setting up vendor threat intel ...
3 weeks ago
This position is open due to an existing vacancy to support our evolving business needs. · Support the development and maintenance of security tools and infrastructure such as Confluence, MISP Threat Intelligence Platform, OpenCTI,and ServiceNow Security Incident Response. · Coll ...
4 days ago
Job summary · As a Cyber Security Platform Engineer, · ResponsibilitiesSupport the development and maintenance of security tools and infrastructure such as Confluence, MISP Threat Intelligence Platform, OpenCTI, and ServiceNow Security Incident Response. · ...
4 days ago
This position is open due to an existing vacancy to support our evolving business needs. · Cyber Security Platform Engineer, · The role is within the Information Security Risk Management (ISRM) Cyber Fusion Engineering team responsible for the support of Thomson Reuters Cyber Def ...
3 days ago
This Cyber Security Platform Engineer position is open to support evolving business needs. · ...
4 days ago
We are seeking a Cyber Security Platform Engineer to support our evolving business needs. · The successful candidate will have the opportunity to learn - and provide skilled technical support - for our current infrastructure security toolset as well as our future security service ...
3 days ago