Cyber Threat Intelligence Analyst Utilities
Remote working
6 months+
£600 - £650 per day
In short: Cyber Threat Intelligence Analyst required to join a large utilities provider in supporting their small Cyber Threat team with typical activities.
Threat Modelling experience would be very nice-to-have but not essential.
In full:
Job Description
Assisting the Head of Security Defence & Posture in the management of all aspects of threat intelligence, including:
Monitor and process the regular (daily/weekly/monthly/quarterly/yearly) reports produced by the open source and premium intelligence vendors that we have access to
Monitor the Cyber Threat Intelligence (CTI) "news" dashboards and feeds to identify relevant threats and vulnerabilities
Perform threat modelling using threat intelligence and business knowledge to identify the most prominent cyber threats and actors for different areas of the business
Produce ad-hoc, daily, weekly and monthly threat intelligence briefings and reports, both for a technical audience and for senior leadership
Act upon actionable elements from reports:
Extract actionable intelligence related to tactics, techniques and procedures (TTP's), mapping them to the MITRE ATT&CK and share the actionable intelligence with relevant Cyber Security teams.
Ensure indicators of compromise (IOC) are ingested into the platform (mostly automated already)
Notify leadership when new, industry relevant threats appear on our radar
Create and fine tune dark web threat detection rules
Process "potentially compromised credentials" alerts
Process dark web monitoring alerts
Process ransomware alerts
validate with Global Security Operations Centre (GSOC) if a business relationship with the impacted third party company exists and assess potential impact
Raise request for information (RFI's) for high interest topics
Monitor the Threat Intelligence Platform to:
Ensure intelligence is properly ingested and exported to security monitoring and defence tooling
Adjust the delivery parameters to increase the amount of intelligence flowing to security tooling
Evaluate existing and potentially relevant intelligence feeds
Add in and fine tune data sources
Perform threat intelligence analysis and advanced research
Build complete and highly detailed threat actor profiles, emulation plans & collaborate with the Purple Team and Threat Hunting Team
Define new enrichment capabilities and new intel integration opportunities
Maintain and develop documentation
Maintain and update the post incident reports (PIRs) and the threat actor library
Complete ad-hoc and time sensitive threat intelligence report development requests
Develop scripts to parse data from a wide range of sources
Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven’t heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.