Senior Analyst - Tactical Intelligence

Key Responsibilities

• Identify, track, and document threat actors, their TTPs, infrastructure, and indicators of compromise across the full intelligence lifecycle.
• Monitor and analyse Command and Control (C2) infrastructures, malicious domains, and emerging campaigns, providing context-rich assessments that combine technical findings with geopolitical and regional context.
• Map observed threat activity to established frameworks (e.g., MITRE ATT&CK) and produce structured intelligence outputs using formats such as STIX/TAXII.
• Conduct technical analysis of malware samples to support intelligence assessments, including static and dynamic analysis to extract configurations, identify capabilities, and attribute activity to known threat actors.
• Stay current with the evolving threat landscape, proactively identifying emerging threats, novel attack vectors, and shifts in adversary tradecraft.

• Produce high-quality finished intelligence products, including threat actor profiles, campaign analyses, and technical advisories, suitable for both technical and non-technical audiences.
• Document and report on malware behaviour, TTPs, and indicators derived from technical analysis, leveraging internal TIP tooling to generate and disseminate IoCs.
• Contribute to external communications through blog posts, conference presentations, or published research that highlights significant threat intelligence findings.
• Respond to Requests for Information (RFIs) from internal and external stakeholders, delivering timely, actionable intelligence.

• Develop and maintain detection signatures such as YARA rules based on malware analysis and threat research. Identify network and host-based detection opportunities.
• Manage and optimise threat intelligence platforms, sources, and feeds to improve analysis efficiency and intelligence output quality.
• Develop scripts and tooling to support analysis workflows, including automation of intelligence collection, enrichment, or dissemination tasks.
• Evaluate and recommend new tools or platforms to strengthen the team's analytical capabilities.

• Support and mentor other analysts within the GTI team, providing guidance on analytical tradecraft and technical methodology.
• Work closely with DFIR and SOC teams to provide threat context, malware insights, and intelligence support during investigations and incidents.
• Generate detection leads from intelligence and malware analysis, maintaining a structured handoff process.
• Contribute to intelligence-led threat hunting by producing targeted threat assessments and hypotheses for the threat hunting team, and maintaining a feedback loop on findings
• Partner with external partners, information-sharing communities, and industry forums to maintain situational awareness and contribute to collective defence.

Skills, Knowledge & Expertise

• Demonstrated experience in Cyber Threat Intelligence analysis with a strong understanding of the intelligence lifecycle, including experience in threat actor tracking, APT research, and C2 infrastructure analysis.
• Strong understanding of networking protocols (e.g., TCP/IP, DNS) and how adversaries leverage network infrastructure.
• Familiarity with frameworks such as MITRE ATT&CK and structured intelligence formats, including STIX/TAXII.
• Experience supporting or interfacing with DFIR and SOC teams in an operational capacity.
• Understanding of offensive security reconnaissance and attacker methodologies.

• Experience performing triage-level malware analysis, including behavioural analysis, sandbox detonation, and basic static analysis. Exposure to reverse engineering tools is beneficial but not essential.
• Experience developing YARA rules and other detection signatures based on technical analysis.
• Familiarity with programming or scripting languages such as Python for developing analysis tools, automation, and data processing.
• Experience with threat intelligence platforms such as OpenCTI, MISP, or similar.
• Exposure to geopolitical risk analysis and its impact on the cyber threat landscape.
• Track record of published research, blog posts, or conference presentations in the threat intelligence domain.

• Certifications such as SANS FOR578 (Cyber Threat Intelligence), CREST Threat Intelligence Analyst (CRTIA), GREM, or equivalent.

• Focusing on Clients and Customers.  
• Working as One NCC.
• Always Learning.
• Being Inclusive and Respectful. 
• Delivering Brilliantly.  

Job Benefits

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.