Threat Intelligence Taxonomist

Career Guide
A Threat Intelligence Taxonomist designs and maintains the naming and classification system used to organize threat intelligence. This makes threat data easier to search, compare, report, and automate across tools and teams.

Key Responsibilities

  • Define a consistent vocabulary for threats, tactics, techniques, and indicators
  • Create and maintain a threat intelligence taxonomy and data dictionary
  • Set rules for tagging and categorizing intelligence records
  • Map internal labels to common external standards and vendor terms
  • Improve data quality by finding duplicates, inconsistencies, and missing fields
  • Partner with analysts to make sure the taxonomy matches real investigation workflows
  • Work with engineering to implement taxonomy fields in platforms and pipelines
  • Document standards and train users on correct tagging and naming
  • Measure taxonomy adoption and update it based on feedback and new threat trends

Top Skills for Success

Information Architecture
Taxonomy Design
Ontology Design
Data Governance
Data Quality Management
Metadata Standards
Threat Intelligence Fundamentals
Cyber Threat Analysis
Requirements Gathering
Stakeholder Management
Technical Writing
SQL
Python
API Integration
Data Modeling

Career Progression

Can Lead To
Threat Intelligence Program Manager
Threat Intelligence Platform Product Manager
Security Data Architect
Detection Engineering Lead
Security Knowledge Management Lead
Security Operations Manager
Transition Opportunities
Threat Intelligence Analyst
Security Data Analyst
Security Engineer
Detection Engineer
Governance Risk and Compliance Analyst
Security Product Manager

Common Skill Gaps

Often Missing Skills
Taxonomy DesignMetadata StandardsData ModelingSQLAPI IntegrationData GovernanceThreat Intelligence Fundamentals
Development SuggestionsBuild a small taxonomy project using real threat reports, publish a clear data dictionary, and practice mapping terms to external standards. Pair this with hands on work querying and cleaning intelligence data, and create short documentation that explains how analysts should tag and search.

Salary & Demand

Median Salary Range
Entry LevelUSD 90,000 to 120,000
Mid LevelUSD 120,000 to 160,000
Senior LevelUSD 160,000 to 210,000
Growth Trend
Moderate to strong growth as organizations invest in threat intelligence operations and data standardization to improve automation and reporting.

Companies Hiring

Major Employers
MicrosoftGoogleAmazonCrowdStrikePalo Alto NetworksMandiantIBMAccentureDeloitteCisco
Industry Sectors
Cybersecurity vendorsCloud providersFinancial servicesHealthcareTelecommunicationsGovernment contractorsManaged security servicesLarge technology companies

Recommended Next Steps

1
Create a sample threat intelligence taxonomy and a data dictionary with clear field definitions
2
Design tagging rules and examples for common analyst workflows
3
Practice normalizing vendor and internal terms into one consistent vocabulary
4
Build basic SQL queries to audit data quality and find inconsistent tags
5
Write implementation requirements for adding taxonomy fields into a platform
6
Prepare a portfolio document that shows before and after search and reporting improvements
7
Network with threat intelligence and security operations teams to validate real world needs