Senior Cyber Threat Intelligence Analyst

Location: London

Salary: £50-70k + bonus + dedicated Training budget + Pension

Duration: Permanent, full time role

A Security Alliance Senior/Lead Cyber Threat Intelligence (CTI) Analyst identifies and collects threat information and intelligence relevant to our clients, and produces high quality reporting they can rely upon. This will be done mostly through primary research but, most interestingly, by working with our clients and pivoting off their data to then provide wider, contextualised intelligence to the wider community.

This role will encompass working on one of the most interesting and exciting intelligence sharing initiatives in the world and will offer the candidate significant exposure to peers, clients and leading cyber and cyber threat institutions.

The analysts will be responsible for

  • Collecting, analysing, assessing, producing, and disseminating informed and accurate reporting, providing actionable insight into the threat landscape.
  • Information will also be fused with other non-cyber information where possible, providing actionable and relevant insight into a given event or incident.
  • Build and maintain relationships with partners, clients and peer analysts to ensure a more complete picture of the thread landscape.
  • Identification, contextualisation, and analysis of threats, exploits, and vulnerabilities that pose previously unknown risks to our clients and partners.
  • High quality standardised strategic and technical report writing, using widely used standardised reporting structures.
  • Training and stakeholder engagement with clients to ensure a seamless cross-organisational team of expertise.
  • Working under operational time pressure, self-managing tasks, meeting deadlines in support of client requirements.
  • Leading primary research activities into threats and threat actors
  • Liaising with and working with the Security Alliance Threat Intelligence Consultancy

As a Senior or Lead Analyst, you are expected to set an example in both output and work ethic. Your support to the wider team and junior analysts will be critical in the development of the capability.

Candidate Experience

  • An experienced Senior or Lead Cyber Threat Intelligence Analyst with at least five years direct, operational experience
  • Direct and detailed understanding and experience with numerous types of information security incidents, attacks, and events.
  • Previous direct use of CTI methodologies such as investigative pivoting models, investigative frameworks, as well as MITRE ATT&CK, and the Extended Cyber Kill Chain.
  • Ideally have previous experience writing and using scripted tooling in support of intelligence collection.
  • Familiarity with major cognitive bias types, and the ability to identify those cognitive biases when researching.
  • Previous experience with competing hypothesis theory, and use of different tools to score those hypotheses.
  • A demonstrated ability to analyse, evaluate, and contextualise sets of information, using analytical techniques and common industry tooling.
  • Experience in open source collection, use of online tools, experience querying internal databases of information in support of investigative efforts.
  • Professional experience writing short and long form reporting to a specified, technical writing style.
  • A high level of professionalism, focus, and emotional maturity.
  • Prior employment in a SOC/Operations Centre, or experience with Incident Response, network intrusion, pen-testing, malware analysis, or other related Information Security functions would be preferred.
  • Experience Mapping, Tracking and / or threat hunting
  • Detailed understanding of the Threat Landscape, ideally from a financial services perspective
  • Ideally exposure to and experience with MISP, VT, Maltego, PassiveTotal and DomainTools

Training and Qualifications

  • Ideally completed the DIAC/DIAM/GIAC course or other advanced analytical techniques training.
  • Ideally OSIRIS or similar Open Source intelligence or Social Media analysis training.
  • CREST or other Threat Intelligence accreditations (e.g. SANS, GIAC) are also highly desirable.

Additional Skills

  • Strong communicator with experience of taking complex technical findings and translating into clear business impact.
  • Previous work on *BEST threat intelligence engagements (e.g. CBEST) or equivalents (e.g. TIBER, iCAST etc.) could be an advantage
  • Foreign language speakers, especially Dutch, Spanish, Portuguese, Russian, Farsi, Dari, Mandarin, Chinese, Japanese.
  • Knowledge of scripting or coding languages such as SQL, Python, Java, C++, or another.
  • Experience with Threat Intelligence Platforms such as MISP or OpenCTI.

If you're interested in joining our team, email your CV and let us know why you think you're a good fit.


Get in touch