Cyber Threat Intelligence Consultant

Location: Remote – UK Office in Stratford, London

Salary: £TBC

Duration: Permanent, full time role

A Security Alliance Cyber Threat Intelligence Consultant, as part of the Consultancy team, is responsible for the production of Cyber Threat Intelligence Assessments, Threat Landscape Assessments, and working on bespoke consulting engagements. They will have a strong focus on generating, and contributing to, one-off reports and client presentations.

The Consultant will be responsible for:

  • Supporting and leading Consultancy Cyber Threat Intelligence Engagements across various national and international frameworks (*BEST, TIBER, iCAST, AASE)
  • Setting intelligence collection requirements for supporting analysts
  • High quality standardised strategic and technical report writing, using widely used standardised reporting structures
  • Building and maintaining relationships with partners and clients to ensure a more complete picture of the thread landscape.
  • Working under operational time pressure, self-managing tasks, meeting deadlines in support of client requirements.
  • Liaising with and working with the Security Alliance ThreatMatch platform.

As a Consultant, you are expected to set an example in both output and work ethic. Your support to the wider team will be critical in the development of the capability.

Candidate Experience

  • An experienced Cyber Threat Intelligence Consultant with at least five years direct, operational experience. Work on various national and international frameworks for TI-led testing (*BEST, TIBER, iCAST, AASE) is preferred.
  • Direct and detailed understanding and experience with numerous types of information security incidents, attacks, and events.
  • Previous direct use of CTI methodologies such as investigative pivoting models, investigative frameworks, as well as MITRE ATT&CK, and the Extended Cyber Kill Chain.
  • Familiarity with major cognitive bias types, and the ability to identify those cognitive biases when researching.
  • Previous experience with competing hypothesis theory, and use of different tools to score those hypotheses.
  • A demonstrated ability to analyse, evaluate, and contextualise sets of information, using analytical techniques and common industry tooling.
  • Experience in open source collection, use of online tools, experience querying internal databases of information in support of investigative efforts.
  • Professional experience writing short and long form reporting to a specified, technical writing style.
  • A high level of professionalism, focus, and emotional maturity.
  • Detailed understanding of the Threat Landscape, ideally from a financial services perspective
  • Ideally exposure to and experience with MISP, VT, Maltego, PassiveTotal and DomainTools

Training and Qualifications

  • Ideally completed the DIAC/DIAM/GIAC course or other advanced analytical techniques training.
  • Ideally OSIRIS or similar Open Source intelligence or Social Media analysis training.
  • CREST (CCTIA, CCTIM) or other Threat Intelligence accreditations (e.g. SANS, GIAC) are also highly desirable.

Additional Skills

  • Strong communicator with experience of taking complex technical findings and translating into clear business impact.
  • Strong presentational skills
  • Foreign language speakers, especially Dutch, Spanish, Portuguese, Russian, Farsi, Dari, Mandarin, Chinese, Japanese.
  • Knowledge of scripting or coding languages such as SQL, Python, Java, C++, etc.
  • Experience with Threat Intelligence Platforms such as MISP or OpenCTI.

If you're interested in joining our team, email your CV and let us know why you think you're a good fit.


Get in touch