Technical Cyber Threat Intelligence Analyst (Consultancy)
Reports To: Team Lead (Targeting), Consultancy
UK applicants only, no sponsorships
Summary
The primary role of the Technical Cyber Threat Intelligence(CTI) Analyst is to support the production of accurate, high quality and timely intelligence products. This will include support to management, peers and junior members of staff and clients, both in-house and on client premises. At least 3 years experience gained across all aspects of cyber threat intelligence, predominantly with a technical intelligence collection focus, is required.
Technical CTI Analysts will deliver our technical reconnaissance and reporting services, including supporting intelligence-led penetration testing engagements by producing targeting reports, evaluating supply chain risk through technical assessments, and conducting bespoke investigations for clients.
A Technical CTI Analyst is responsible for the maintenance of relevant collection plans, databases, toolsets and other systems will be required. Analysts are also expected to contribute to additional business-related activities. These activities could include marketing, client engagement, relationship management, business administration and attending industry events.
The Technical CTI Analyst is expected to perform and achieve consistently against defined targets as set by management, primarily measured against quality of analysis, quality of product creation, utilization rates, regulatory and legal compliance and the maintaining of team ethos.
The Technical CTI Analyst will predominately operate from the company’s London office. However, travel to, and working from, client locations may be required.
Qualities and Competencies
As a Technical CTI Analyst at Security Alliance it is vital that you maintain the standards and culture of the company and demonstrate:
- · High standards, integrity and confidentiality
- · Reliability
- · Client centric approach and consultative nature
- · Effective oral and written communications
- · Initiative and tenacity
- · Efficiency and structured approach
- · Deep subject matter knowledge
- · Base understanding of clients’ business, security drivers and relevant regulations
Key Skills
- Previous OSINT research and long-form reporting experience
- Three years’ experience across all aspects of cyber threat intelligence
- Good understanding of the cyber threat landscape, particularly the activity of prominent threat actors and their different motivations and capabilities
- Good understanding of common enterprise IT concepts, networking (DNS, TCP/IP, application layer protocols, PKI), and operating systems
- Capable of carrying out work with minimal supervision, and able to document and deliver technical products that require minimal editing
- Strong analytical skills
- Capable of understanding and complying with all company security policies, as well as legal and ethical constraints around open-source intelligence collection
- Clear and concise communicator
- Capable of building and maintaining strong relationships with key stakeholders
Desirable:
- Experience with pen testing, reconnaissance, or red team engagements
- Experience and/or formal training in intelligence or cyber security
- Understanding of core CTI components including:
- Passive & active technical reconnaissance collection and analysis
- Common cyber threat actors, their respective TTPs, and how activity can be mapped to MITRE ATT&CK
- Indicators of Compromise
- Malware and common threat actor tools
- Common vulnerabilities and configuration issues in externally facing infrastructure
- Experience with tools such as Shodan, Censys, VirusTotal, WHOIS domain and netblock analysis tools
- Experience with Linux distros
- Familiarity with Jira
- Experience with cloud reconnaissance techniques and frameworks
- Familiarity with network security controls
- Python or Bash scripting skills and GitHub repositories
- CREST, GIAC, Offensive Security or equivalent certifications
Roles and Responsibilities:
- Support the creation of Targeting Reports for engagements aligned with industry frameworks such as TIBER, CBEST, CREST STAR, and STAR FS
- Use open-source intelligence (OSINT) techniques and proprietary technical collection tools to gather targetable information, assess company attack surface exposure, and produce bespoke reports for multiple stakeholders
- Analyse technical reconnaissance data to assess threat severity and provide recommendations to remediate findings and reduce risk
- Support the delivery of Supply Chain Threat Assessments and bespoke threat research projects
- Support and mentor junior analysts within the Consulting Targeting team
- Support tool development and/or client engagement
- Contribute to the continual development of our threat intelligence collection methodologies
- Occasional support for the wider Consulting team and ThreatMatch Analyst team to deliver ongoing client requirements
- Support wider technical analysis of highly sophisticated threat actors and their tools
- Maintain understanding of the cyber threat landscape and approaches to open-source intelligence collection
Job type:
Permanent
Working hours:
Full-time
Working days:
Day
Industry sector:
Cyber Threat Intelligence
Job level:
Employee
Application deadline:
28/08/2026
Location:
UK, London
Contacts:
Moya Taylor
Company homepage:
https://www.csis.com/Office address:
SecAlliance Level 7, One Canada Square E14 5AA London