Senior Cyber Threat Intelligence Analyst

Location: London

Duration: Permanent, full time role

A Security Alliance Senior Cyber Threat Intelligence (CTI) Analyst identifies and collects threat information relevant to our clients, and produces high quality reporting they can rely upon. This will be done mostly through primary research but, most interestingly, by working with our clients and pivoting off their data to then provide wider, contextualised intelligence to the wider community.
The analyst will make use of internal and open source tooling and techniques, in order to collect, analyse, assess, produce, and disseminate informed and accurate reporting, providing actionable insight into the threat landscape.
Identifying new sources and tools is also a key responsibility for the new analyst.
Information will also be fused with other non-cyber information where possible, providing actionable and relevant insight into a given event or incident.
Self-study and extensive outside training in order to increase the Cyber Threat Intelligence Analysts abilities.
Build and maintain relationships with partners and clients to ensure a more complete picture of their thread landscape.
Identification, contextualisation, and analysis of threats, exploits, and vulnerabilities that pose previously unknown risks to our clients and partners.
High quality standardised strategic and technical report writing, using widely used standardised reporting structures.
Training and stakeholder engagement with clients to ensure a seamless cross-organisational team of expertise.
Working under operational time pressure, self-managing tasks, meeting deadlines in support of client requirements.
As a Senior Analyst, you are expected to set an example in both output and work ethic. Your support to the wider team and junior analysts will be critical in the development of the capability.

Candidate Experience

  • An experienced Senior Cyber Threat Intelligence Analyst with at least three years direct, operational experience
  • Direct and detailed understanding and experience with numerous types of information security incidents, attacks, and events.
  • Previous direct use of CTI methodologies such as investigative pivoting models, investigative frameworks, as well as MITRE ATT&CK, and the Extended Cyber Kill Chain.
  • Prior experience of scripted tools, scripting languages, software vulnerabilities and exploits.
  • Ideally have previous experience writing and using scripted tooling in support of intelligence collection.
  • A comprehensive understanding of induced, deduced, abductive reasoning.
  • Familiarity with major cognitive bias types, and the ability to identify those cognitive biases when researching.
  • Previous experience with competing hypothesis theory, and use of different tools to score those hypotheses.
  • A demonstrated ability to analyse, evaluate, and contextualise sets of information, using analytical techniques and common industry tooling.
  • Experience in open source collection, use of online tools, experience querying internal databases of information in support of investigative efforts.
  • Professional experience writing short and long form reporting to a specified, technical writing style.
  • A high level of professionalism, focus, and emotional maturity.
  • Prior employment in a SOC/Operations Centre, or experience with Incident Response, network intrusion, pentesting, malware analysis, or other related Information Security functions would be preferred.

Training and Qualifications

  • Ideally completed the DIAC/DIAM course or other advanced analytical techniques training.
  • Ideally OSIRIS or similar Open Source intelligence or Social Media analysis training.
  • CREST or other Threat Intelligence accreditations (e.g. SANS, GIAC) are also highly desirable.
  • Additional Skills
  • Strong communicator with experience of taking complex technical findings and translating into clear business impact.
  • Previous work on *BEST threat intelligence engagements (e.g. CBEST) or equivalents (e.g. TIBER, iCAST etc.) could be an advantage
  • Foreign language speakers, especially Dutch, Spanish, Portuguese, Russian, Farsi, Dari, Mandarin, Chinese, Japanese.
  • Knowledge of scripting or coding languages such as SQL, Python, Java, C++, or another.
  • Experience with Threat Intelligence Platforms such as MISP or OpenCTI.

If you're interested in joining our team, email your CV and let us know why you think you're a good fit.


Get in touch