Cyber Threat Intelligence Analyst

Location: London or Remote

Duration: Permanent, full time role

A Security Alliance Cyber Threat Intelligence (CTI) Analyst identifies and collects threat information relevant to our clients, and produces high quality reporting they can rely upon.
The analyst will make use of internal tooling and techniques, in order to collect, analyse, assess, produce, and disseminate informed and accurate reporting, providing actionable insight into the threat landscape.
Identifying new sources and tools is a key responsibility for the new analyst.
Information will also be fused with other non-cyber information where possible, providing actionable and relevant insight into a given event or incident.
Self-study and extensive outside training in order to increase the Cyber Threat Intelligence Analysts abilities.
Build and maintain relationships with partners and clients to ensure a more complete picture of their thread landscape.
Identification, contextualisation, and analysis of threats, exploits, and vulnerabilities that pose previously unknown risks to our clients and partners.
High quality standardised strategic and technical report writing, using widely used standardised reporting structures.
Training and stakeholder engagement with clients to ensure a seamless cross-organisational team of expertise.
Working under operational time pressure, self-managing tasks, meeting deadlines in support of client requirements.

Candidate Experience

  • An experienced Cyber Threat Intelligence Analyst with at least two years direct, operational experience would be preferred.
  • Direct and detailed understanding and experience with numerous types of information security incidents, attacks, and events.
  • Previous direct use of CTI methodologies such as investigative pivoting models, investigative frameworks, as well as MITRE ATT&CK, and the Extended Cyber Kill Chain.
  • Prior experience of scripted tools, scripting languages, software vulnerabilities and exploits.
  • Ideally have previous experience writing and using scripted tooling in support of intelligence collection.
  • A comprehensive understanding of induced, deduced, abductive reasoning.
  • Familiarity with major cognitive bias types, and the ability to identify those cognitive biases when researching.
  • Previous experience with competing hypothesis theory, and use of different tools to score those hypotheses.
  • A demonstrated ability to analyse, evaluate, and contextualise sets of information, using analytical techniques and common industry tooling.
  • Experience in open source collection, use of online tools, experience querying internal databases of information in support of investigative efforts.
  • Professional experience writing short and long form reporting to a specified, technical writing style.
  • A high level of professionalism, focus, and emotional maturity.
  • Prior employment in a SOC/Operations Centre, or experience with Incident Response, network intrusion, pentesting, malware analysis, or other related Information Security functions would be preferred.

Training and Qualifications

  • Ideally completed the DIAC/DIAM course or other advanced analytical techniques training.
  • Ideally OSIRIS or similar Open Source intelligence or Social Media analysis training.
  • CREST or other Threat Intelligence accreditations (e.g. SANS, GIAC) are also highly desirable.

Additional Skills

  • Knowledge of other security or intelligence functions besides Cyber Threat Intelligence would be preferred.
  • Previous work on *BEST threat intelligence engagements (e.g. CBEST) or equivalents (e.g. TIBER, iCAST etc.).
  • Foreign language speakers, especially Spanish, Portuguese, Russian, Farsi, Dari, Mandarin, Chinese, Japanese.
  • Knowledge of scripting or coding languages such as SQL, Python, Java, C++, or another.
  • Experience with Threat Intelligence Platforms such as MISP or OpenCTI.

If you're interested in joining our team, email your CV and let us know why you think you're a good fit.


Get in touch