role extended

Threat Intelligence Analyst

Source-cited RoleMath page about Threat Intelligence Analyst.

Build my personalized career plan

Researched by RoleMath Research. Every figure on this page traces to the official source shown next to it.

What the numbers say about this work

Government occupation data for the role this maps to Information Security Analysts (SOC 15-1212). This is planning context for the occupation, not a salary or a job this role guarantees you.

Median pay (occupation)
$129,180 / yr · $75,090 to $199,850 (10th–90th percentile)
Projected change (2024–34)
+28.5% · ~16k openings/yr
Typical entry education
Bachelor's degree

BLS OEWS — occupation-level, national BLS Employment Projections 2024–34 This role uses a broad O*NET-SOC/BLS occupation mapping. Treat salary, outlook, and task data as occupation-level evidence, not a guarantee for this exact job title.

What it pays by metro

The national median hides a wide geographic spread. Below is the occupation’s median in some of the highest-paying and largest-employment metros, adjusted for local prices — regional price-level context, not take-home pay or a salary this role guarantees you.

MetroNominal medianCost-adjusted
San Jose, CA$176,120$159,496
Raleigh, NC$143,640$146,337
Seattle, WA$161,780$145,573
San Francisco, CA$162,310$140,391
Huntsville, AL$130,330$140,031
Washington, DC$148,950$136,797

See all metros and how this is calculated → Sources: BLS OEWS (May 2025), occupation-level metro median ÷ BEA Regional Price Parities (2024, US=100).

What this work involves

The tasks the U.S. Department of Labor’s O*NET lists most central to this occupation — role-fit evidence to weigh against your background, not a measure of employer demand.

  • Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
  • Monitor current reports of computer viruses to determine when to update virus protection systems.
  • Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
  • Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  • Modify computer security files to incorporate new software, correct errors, or change individual access status.
  • Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.

O*NET — occupation-level

Skills that matter

The skills O*NET rates most important for this occupation. A starting map for what to build — weigh it against the specific job you’re targeting.

  • Reading Comprehension
  • Critical Thinking
  • Active Listening
  • Speaking
  • Writing
  • Monitoring
  • Active Learning
  • Learning Strategies

O*NET — occupation-level

What employers ask for right now

The skills and certifications employers most often name in a sample of 35public job postings for this role. Treat it as a to-learn list — it’s dated hiring language, not a count of open jobs, demand, or salary.

Most-named skills

  • threat intelligence 32
  • Cybersecurity 27
  • malware analysis 15
  • Python 14
  • SIEM 13
  • Machine learning 13
  • Incident response 11
  • Windows 9
  • SQL 8
  • Problem solving 5
  • threat hunting 4
  • macOS 4

Certifications named

  • Security+ 1

Compare what employers ask across roles → Qualitative employer-language sample only; do not use as official demand, market-size, salary, or certification ROI evidence.

Certification decision support

Certifications mapped to Threat Intelligence Analyst

Certifications mapped to this role from cited OEM target-role data and the RoleMath role mapping, ordered by relationship strength and then Difficulty Score. This is planning context — not a guarantee, not an employer requirement, and not a claim that any one certification is best for everyone. Your fit depends on your background; pay/outlook context is occupation-level on the role page.

Start here signalCompTIA Security+45/100 · Moderate

Entry and starting signals

5 mapped

Lower-difficulty credentials that map to this role as starting points or foundation signals.

CredentialDifficultyCostRelationshipWhy it appears here
CompTIA Security+CompTIA · foundation
45/100Moderate$439 examstrong signalSecurity+ is a common baseline for threat intelligence and incident analysis routes.Official source
GIAC Cyber Threat Intelligence (GCTI)GIAC (SANS) · specialist
50/100Moderate$999 examstrong signalGIAC Cyber Threat Intelligence (GCTI) maps to Threat Intelligence Analyst as a strong role signal based on its cited name keyword:security:threat intelligence signal.Official source
55/100ModerateCost not verifiedstrong signalCertified Threat Intelligence Analyst (CTIA) maps to Threat Intelligence Analyst as a strong role signal based on its cited name keyword:security:threat intelligence signal.Official source
OffSec Threat Hunter (OSTH)OffSec · associate
55/100ModerateCost not verifiedstrong signalOffSec Threat Hunter (OSTH) maps to Threat Intelligence Analyst as a strong role signal based on its cited name keyword:security:threat intelligence signal.Official source
20/100Foundational$125 exampre entry foundationCCST Cybersecurity can help validate cyber fundamentals before deeper threat-analysis work.Official source

Advanced or later-step credentials

1 mapped

Credentials that may matter after experience builds; they are not presented as first steps.

CredentialDifficultyCostRelationshipWhy it appears here
CompTIA CySA+CompTIA · intermediate
75/100Hard$439 examstrong signal after foundationCySA+ aligns well with threat intelligence, monitoring, and adversary-analysis work.Official source

Adjacent, not primary

1 mapped

Useful only for a pivot or neighboring track; not primary evidence for this role.

CredentialDifficultyCostRelationshipWhy it appears here
Cisco CCNA CybersecurityCisco · associate
50/100Moderate$300 examadjacent after foundationCisco's cybersecurity associate material supports network and host analysis context for threat intelligence.Official source

Difficulty is the RoleMath Difficulty Score, not a pass rate. Certification mappings are planning context, not employer requirements, job guarantees, salary claims, or ROI claims.

Answer blocks

Common Questions

What certifications do I need to become a Threat Intelligence Analyst?

Certifications commonly mapped to a Threat Intelligence Analyst role, ordered from the lowest-difficulty starting point: CompTIA Security+; GIAC Cyber Threat Intelligence (GCTI); Certified Threat Intelligence Analyst (CTIA); OffSec Threat Hunter (OSTH) — with advanced credentials such as CompTIA CySA+ as later steps.

Entry options, lowest difficulty first: CompTIA Security+ (CompTIA; Difficulty Score 45/100, Moderate; exam ~$439); GIAC Cyber Threat Intelligence (GCTI) (GIAC (SANS); Difficulty Score 50/100, Moderate; exam ~$999); Certified Threat Intelligence Analyst (CTIA) (EC-Council; Difficulty Score 55/100, Moderate; exam fee pending vendor verification); OffSec Threat Hunter (OSTH) (OffSec; Difficulty Score 55/100, Moderate; exam fee pending vendor verification); Cisco Certified Support Technician Cybersecurity (Cisco; Difficulty Score 20/100, Foundational; exam ~$125). Advanced or later-step credentials: CompTIA CySA+ (CompTIA; Difficulty Score 75/100, Hard; exam ~$439).

Citations: Source rows are visible in the page citation ledger; certification source URLs are linked in the decision table.

Use the RoleMath planner to adapt this sequence to your background, budget, and timeline. RoleMath sells nothing.

What is the easiest certification to start a Threat Intelligence Analyst career?

The lowest-difficulty cited certification for starting a Threat Intelligence Analyst path is CompTIA Security+ (RoleMath Difficulty Score 45/100, Moderate, exam ~$439). It is a starting signal, not a guarantee of a role.

Entry options, lowest difficulty first: CompTIA Security+ (CompTIA; Difficulty Score 45/100, Moderate; exam ~$439); GIAC Cyber Threat Intelligence (GCTI) (GIAC (SANS); Difficulty Score 50/100, Moderate; exam ~$999); Certified Threat Intelligence Analyst (CTIA) (EC-Council; Difficulty Score 55/100, Moderate; exam fee pending vendor verification).

Citations: Source rows are visible in the page citation ledger; certification source URLs are linked in the decision table.

Use the RoleMath planner to adapt this sequence to your background, budget, and timeline. RoleMath sells nothing.

How much do Threat Intelligence Analyst certifications cost and how hard are they?

Cited Threat Intelligence Analyst certification exam fees range roughly $125–$999, spanning from Moderate entry options to Hard credentials on the RoleMath Difficulty Score. Pay and outlook are reported at the occupation level on the Threat Intelligence Analyst page, never per certification.

Entry options, lowest difficulty first: CompTIA Security+ (CompTIA; Difficulty Score 45/100, Moderate; exam ~$439); GIAC Cyber Threat Intelligence (GCTI) (GIAC (SANS); Difficulty Score 50/100, Moderate; exam ~$999); Certified Threat Intelligence Analyst (CTIA) (EC-Council; Difficulty Score 55/100, Moderate; exam fee pending vendor verification); OffSec Threat Hunter (OSTH) (OffSec; Difficulty Score 55/100, Moderate; exam fee pending vendor verification).

Citations: Source rows are visible in the page citation ledger; certification source URLs are linked in the decision table.

Use the RoleMath planner to adapt this sequence to your background, budget, and timeline. RoleMath sells nothing.

Threat Intelligence Analyst

Quick Verdict

Threat Intelligence Analyst is a tech-industry role tracked under the BLS occupation Information Security Analysts (SOC 15-1212). The figures below are occupation-level; they cover multiple job titles sharing the same BLS measurement group.

Related Certifications

CredentialRelationshipExamWhy it matters
CompTIA Security+Strong signalSY0-701Security+ is a common baseline for threat intelligence and incident analysis routes.
CompTIA CySA+Strong signal after foundationCS0-003CySA+ aligns well with threat intelligence, monitoring, and adversary-analysis work.
Cisco CCNA CybersecurityAdjacent after foundation200-201Cisco's cybersecurity associate material supports network and host analysis context for threat intelligence.
Cisco Certified Support Technician CybersecurityPre entry foundation100-160CCST Cybersecurity can help validate cyber fundamentals before deeper threat-analysis work.

Sources

  • BLS OEWS (national wage data): https://www.bls.gov/oes/special-requests/oesm25nat.zip
  • BLS Employment Projections (10-year outlook): https://www.bls.gov/emp/ind-occ-matrix/occupation.xlsx
  • O*NET occupational data: https://www.onetcenter.org/database.html

Citation Ledger

IDSupportsEvidenceSource
CIT-01Occupation wage ($129,180)BLS OEWS national, SOC 15-1212BLS OEWS
CIT-02Occupation outlook (28.5%)BLS Employment Projections, SOC 15-1212BLS EP
CIT-03Annual openings (16k)BLS Employment Projections, SOC 15-1212BLS EP
CIT-04Job Zone (4)O*NET, SOC 15-1212O*NET

AI & this career

What we can — and can’t — tell you about AI and this role

Cited context only: an occupation-level outlook, descriptive usage data, an employer-language sample, and attributed research — kept separate. No RoleMath AI score, no automation timeline, no job-loss prediction. How we source this →

Occupation outlook · BLS

Where the occupation is projected to go

BLS projects Information security analysts at 28.5% employment change for 2024-2034, with 16 thousand annual openings. U.S. Bureau of Labor Statistics

A forecast, not a guarantee; occupation-level, not about you - and BLS does not model rapid AI adoption, so this is never an AI prediction.

How AI shows up in the work

Descriptive usage, not demand or loss

For this shared SOC, the May 2026 usage sample reports 23.90% augmentation-labeled and 76.10% automation-labeled Claude conversations. Anthropic Anthropic Economic Index dataset, CC-BY.

Across all occupations the same dataset splits 51.4% augmentation / 48.6% automation (May 2026) — shown so a single role’s number is never read as an outlier.

Descriptive Claude usage data, not employment demand, not job loss, and not a personal forecast; CC-BY attribution required.

Employer language · sample

What a posting sample mentions

a sample of 13 postings (as of 2026-06-11) mentions these AI-related terms RoleMath public ATS employer-language pilot

Employer-language sample only; not official demand, market-size, salary, or certification ROI evidence.

Published research · attributed

What independent research says (not RoleMath’s claim)

  • Eloundou et al. estimate that about 80% of U.S. workers have at least 10% of their work tasks exposed to large language model capabilities (Science 2024). American Association for the Advancement of Science exposure = task overlap, not job loss.
  • Eloundou et al. estimate that about 19% of U.S. workers have at least 50% of their work tasks exposed to large language model capabilities (Science 2024). American Association for the Advancement of Science exposure = task overlap, not job loss.
  • Eloundou et al. explicitly disclaim any forecast of AI adoption or timing, describing their measure as capability overlap with tasks rather than a prediction of job loss (Science 2024). American Association for the Advancement of Science exposure = task overlap, not job loss.
  • OECD reports that high-skill occupations are the most exposed to AI on task-overlap measures (OECD Employment Outlook 2023). Organisation for Economic Co-operation and Development exposure = task overlap, not job loss.
  • OECD reports that, as of 2023, there is little empirical evidence of negative employment effects from AI (OECD Employment Outlook 2023). Organisation for Economic Co-operation and Development exposure = task overlap, not job loss.
  • OECD and the AIOE research find that AI exposure and automation risk often run in opposite directions, with the most-exposed high-skill occupations tending to be the least at risk of automation. Organisation for Economic Co-operation and Development exposure = task overlap, not job loss.
  • Felten, Raj and Seamans construct an occupation-level AI Occupational Exposure index by linking AI capabilities to O*NET occupational abilities (Strategic Management Journal). Strategic Management Journal (Wiley) exposure = task overlap, not job loss.
  • Stanford Digital Economy Lab researchers find a roughly 16% relative decline in employment for workers ages 22-25 in the most AI-exposed occupations, based on high-frequency ADP payroll data (Canaries in the Coal Mine, working paper). Stanford Digital Economy Lab correlational usage data, not proof.
  • The ILO notes that AI-exposure indicators measure potential task overlap and cannot by themselves establish job loss (Workers' exposure to AI). International Labour Organization exposure = task overlap, not job loss.
  • The Anthropic Economic Index reports no measured systematic rise in unemployment attributable to AI in its usage data. Anthropic correlational usage data, not proof.

Tier A research stays attributed and separate from BLS outlook and employer-language samples.

Ready to see how this fits your background?

Get my fit score