OpenCTI Deployment

Need OpenCTI expert who can mentor me through production deployment

AND teach me how to actually use the platform.

Background:

Successfully deployed POC with 6 threat feeds (figured out Docker,

SSL certs, connectors through trial and error). Management approved

production, but I want to do it RIGHT this time.

Production Goal:

Integrate XSIAM (our SIEM) with OpenCTI - sync indicators via TAXII

or playbook method. Add vendor feeds (ZeroFox, Health-ISAC) without

losing attribution.

The Catch:

I deployed POC successfully but honestly don't know how to USE

OpenCTI for actual threat intel work. Need someone who can teach

me threat actor profiling, attribution, investigations - not just

deployment.

What I Need:

• Guide production setup (XSIAM integration is the blocker)
• Teach me OpenCTI operations (how analysts actually use it)
• Patient mentor who explains WHY, not just HOW
• Someone who's used OpenCTI for real threat intel, not just deployed it

My

Background:

SOC analyst, work with XSIAM daily (alert triage, investigations).

Understand threat intel concepts from investigation side, new to

dedicated TIP platforms. Learn by doing WITH guidance.

Must Have:

• OpenCTI production experience
• SIEM integration knowledge (MISP/OpenCTI/ThreatConnect)
• Docker troubleshooting skills
• Teaching patience

Looking for a mentor, not just a consultant.

Contract duration of 1 to 3 months. with 30 hours per week.

Mandatory skills:

Firewall, Docker, SOC analyst, OpenCTI, Threat intelligence platform, Cyber Threat Intelligence, Security orchestration, TAXII STIX integration, Palo Alto XSIAM, SIEM integration