Cyber Threat Intelligence Analyst

Cyber Threat Intelligence Analyst
Utilities
Predominantly remote: 1 day per month onsite in Warwick
6 months
Day rate contract

In short: We require a CTI expert to join a strong threat intelligence team for a critical national infrastructure energy client. In this role you will be exposed to OT (Operational Technology) but having experience of this is NOT a prime requisite - more of a nice-to-have. Ultimately, we need a solid Cyber Threat Intelligence SME.

In full:

The role will work directly across all areas of Cyber Defend to produce bespoke and technical intelligence across Tactical, Strategic, and Operational intelligence. This role will work with key stakeholders from around the business in vital operational areas such as critical national infrastructure (CNI) and Operational Technology (OT).

Provides actionable technical intelligence to our detection engineers, threat hunters and security operations to improve security controls based from threat intelligence.

Monitor, research and evaluate cyber threats and trends that may impact business objectives and provide corresponding guidance and recommendations to inform risk assessments and business decisions relating to security posture, operations, investments and partners.

Develop, implement and maintain a framework for monitoring and analysis, centred on clear intelligence requirements and key indicators or warnings. Engage with senior business stakeholders to define and agree intelligence requirements and understanding of assessments and recommendations.

Provide direction and outlook by horizon scanning for future trends and threats in the cyber domain. Simultaneously work closely with Cyber Defend and the SOC to ensure that timely technical intelligence is distributed to allow effective cyber defence mitigations to be implemented in a timely fashion.

Engage with high profile intelligence partners in Gov't and industry to set requirements, ensure collection against intelligence requirements and corroborate assessments. Represent and speak at intelligence sharing and analysis platforms that cut across Gov't and multiple sectors.

Generate confidence in intelligence products by managing disagreement and questions relating to intelligence sources and assessments. Manage conflict and orchestrate consensus in high pressure and politically sensitive environments, which ensuring operational security of assessments and sources at all times.

Key accountabilities:

• Conduct in-depth analysis of cyber threat groups, threat actor tools, motivation and Tactics Techniques and Procedures (TTPs) to allow for reverse engineering of threat tools/exploits for the purpose of configuring and testing scripted countermeasures/controls in the network.
• A strong understanding of threats posed to OT and Industrial Control Systems (ICS) and programmable logic controller (PLC) systems.
• Articulating complex concepts to various stakeholders across the business to include knowledge of TTPs that involve cloud technology.
• Consuming new threat reports, extracting relevant and actionable intelligence including TTPs and behavioural indicators.
• Working closely with our detection engineers and threat hunters to build bespoke detections to detect novel TTPs based on intelligence.
• Develop comprehensive threat intelligence reports detailing your findings, risk assessments, and recommended mitigation strategies.
• Monitor and gather threat intelligence from open sources, dark web forums, industry feeds, and other relevant data sources.
• Attend daily operations calls with the Cyber Defend team (or provide written submissions if unable to attend) to update on latest threat intelligence and updates.
• Maintain and attain technical knowledge and ability to converse with Cyber Defend (SOC and CTI analysts in particular) regarding the nature and capability of cyber threats and how these are modelled in the environment. Must translate technical requirements into intelligence collect and configure available intelligence tools to focus on specific areas of interest.
• Provide guidance and consultancy to the Cyber Defend and Protect team on all matters relating to cyber threats such as how they're identified, tracked, evaluated and countered. Enable the Cyber Defend team to be threat lead in their approach and priorities; and respond swiftly with controls/countermeasures by having timely and accurate understanding of tools and TTPs.
• Collect strategic, operational and tactical cyber intelligence and assess the threat posed by external developments. Produce proactive intelligence reports to aid the Cyber Security response plans on emerging threats.
• Provide understanding and threat assessments ensuring timely intelligence is passed to Cyber Defend covering IT Enterprise, OT and CNI environments so that the SOC are able to protect against emerging and new threats.
• Monitor global and strategic trends in Cyber threat concepts, cyber kill chain, attack methods, threat actors. Ensure that emerging trends are briefed in regular cadence products.
• Contribute to the analysis and delivery of broad thematic issues that inform wider strategy and implementation, and the security risks posed.
• Must have a full understanding of the MITRE attack framework.
• Proven experience operating at a CTI role and a genuine interest in technology and cyber security.
• Must have technical understanding of CTI, including TTPs and MOs employed by threat actors. Must be able to translate this to not only a technical audience in Cyber Defend but also to the wider business that may not have the technical background.

Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.