Threat Intelligence Specialist

The Threat Intelligence Specialist (TIS) will be required to better understand and assess cyber threats that are likely to impact the organisation.
The TIS will demonstrate an ability to apply technical insights and knowledge of global events and threat actors to produce practical actionable security intelligence.
They will understand strategic risks, identify sources of information, collect, analyse and produce finished Threat Intelligence to inform and minimise the risk of harm.

The Role

1. Collection, analysis, and production of finished Threat Intelligence.
2. Maintain awareness of the global threat landscape to ensure a strong security posture.
3. Use a variety of sources of intelligence to increase knowledge, corroborate and parallel information; and have confidence in your ability to draw conclusions and present actionable intelligence-led recommendations.
4. Responsible for tracking targeted campaigns and threat actors, identifying relevant TTPSs and making recommendations and remediation advice to reduce the risk from such threats.
5. Collaborate to generate and review complex, technical threat data, and enrich it with contextual information that will result in finished intelligence.
6. Develop hypotheses based on threat intelligence to direct joint operations with CTI technical resources to direct threat hunting and vulnerability management activities.
7. Produce Threat Advisories, Intelligence Briefings, Strategic Assessments, and RFI responses as a routine responsibility.
8. Have a continuing focus on internal and external information sharing groups.
9. Continue to develop access to internal data and leverage threat intelligence tooling to maximise intelligence opportunities.
10. Actively promote Cyber Threat Intelligence concept.
11. Ability to lead and conduct investigations and report findings to leadership.

Knowledge Requirements:
Strong knowledge of:
- The MITRE ATT&CK Framework.
- Cyber threats and vulnerabilities.
- Advanced Persistent Threats (APT) and their associated Tactics, Techniques, and Procedures (TTP).
- Incident response and handling methodologies.
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Threat hunting techniques, tools and operational procedures.

Ability to work towards team and individual targets.
Pro-actively identify better ways to deliver improvement and simplify the way in which activities are undertaken.
Use standard best practice to deliver across the group in a consistent, repeatable manner.
Maintain open and constructive working relationships with a high degree of commitment and resilience.
Build new and maintain effective working relationships with internal stakeholders.
Collaboration with subject matter experts to validate technical and operational control requirements.
Proactively shares information with and seeks advice from other team members and the wider group to drive improvements.

Education/Professional Qualification

1. Demonstrable experience in Information and Cyber Security.
2. Extensive and demonstrable experience in collection, analysis, production and dissemination of intelligence.
3. Experience of using Threat Intelligence Platform or relatable technology.
4. Strong technical understanding of networking, internet protocols and information security.
5. Experience of using MITRE ATT&CK Framework, Kill Chain, and Diamond Intrusion model.
6. Advanced knowledge of global threats to international cyber security and conversant in the tactics, techniques and procedures used by cyber adversaries.
7. Experienced in supporting security breaches, security incident management and delivering briefings to senior management.
8. Recognised Threat Intelligence qualification(s) are preferred (CTIA, CySA+, etc).