Key Responsibilities
- Lead the research, development and implementation of detection rules based on a solid understanding of Cyber adversary TTPs (tactics, techniques and procedures).
- Maintain comprehensive threat actor profiles for priority threat groups.
- Assist with all aspects of threat intelligence management, including setting PIRs (Priority Intelligence Requirements), collection planning and capability development.
- Triage, investigate and remediate threat intelligence-derived security events.
- Mentor and develop cyber threat intelligence analysts.
- Partner with other Security Operations teams and the wider Cyber Security teams to conduct threat intelligence-derived investigations.
- Identify and evaluate new sources of intelligence, and integrate them into monitoring technologies.
- Develop critical intelligence partnerships to develop and curate high-quality threat analysis and indicators.
- Perform cyber threat intelligence activities across the intelligence lifecycle, maintaining a standard of the highest quality and confidentiality across multiple geographies.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
Technical / job functional knowledge
- Significant knowledge and experience of researching and tracking Cyber threat actors, their tools, techniques and procedures and direct experience of emerging threats across the threat landscape.
- Excellent grasp of current geo-political environment and influencing factor on the Cyber threat environment.
- Background in collecting, analysing, and interpreting data from various sources, detailing the results and preparing substantial analysis products.
- Direct experience using open-source intelligence techniques and platforms.
- Hands-on experience with common Threat Intelligence Platforms (TIP) and curation of technical intelligence content.
- Practical experience of malware analysis, digital forensics or threat hunting.
- Demonstrable working knowledge of networks including the TCP/IP stack, typical organisation architectures, and common protocols abused by malware.
- Experience in security event analysis and triage, incident handling and root-cause identification.
EA Licence No: 11C5502
Registration No: R1876903