Threat Intelligence Analyst

Description

Threat Intelligence Analyst - initial 3-6 month contract

Portsmouth or London (2 days a week onsite)

£500 - £600 a day (inside IR35)

We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands-on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third-party intelligence provider.

This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight.

Key Responsibilities

Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns

Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks

Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI)

Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams

Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts

Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives

Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value

Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooksRequired Skills & Experience

5+ years' experience in Threat Intelligence, SOC or Incident Response

Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis

Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar

Strong experience with Microsoft security tooling, ideally Sentinel and Defender xjnqpsq

Proficiency in KQL and working knowledge of Python for automation and enrichment

Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.)

Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats

Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teamsDesirable Certifications

GIAC Cyber Threat Intelligence (GCTI)

CREST Threat Intelligence Analyst

GCIH, SC-200, AWS Security SpecialtyWe're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap

Ad ID: 5417665787