Threat Analyst

Requirements

• Strong proficiency with threat intelligence platforms like MISP, ThreatConnect, or Anomali.
• Deep familiarity with MITRE ATT&CK framework, dark web monitoring techniques, and attack simulation techniques.
• Demonstrated skills in cyber threat modeling, malware reverse engineering, and API-triggered automation.
• Certifications Preferred: CREST CPTIA, GCTI, MITRE ATT&CK CTI or related.
• Must meet UK SC Clearance eligibility guidelines.
• Advanced scripting capabilities (Python, PowerShell preferred).
• Bachelor’s Degree in Cybersecurity, International Relations, or Intelligence Studies strongly preferred.
• Direct experience working in government, military, or intelligence organisations advantageous.
• Experience identifying and neutralising Advanced Persistent Threats (APTs) in target environments.

What the job involves

As a Threat Intelligence Analyst at NTT DATA, you’ll utilise your expertise to collect, analyse, and report on cyber threats, enabling our clients to proactively defend against attack campaigns and adversarial actions. You will play a crucial role in interpreting the threat landscape, providing actionable insights, and integrating intelligence into advanced security operations. This role, within our UK Security Practice, provides the opportunity to contribute to high-impact cybersecurity initiatives while working flexibly across a hybrid work model.

Threat Intelligence Analysis and Collection

• Research, track, and analyse Indicators of Compromise (IOCs) and threat actor profiles using sources that include open-source (OSINT), dark web forums, government feeds, and commercial intelligence platforms.
• Conduct detailed analysis of Threat Actor Tactics, Techniques, and Procedures (TTPs) and malware.
• Deliver actionable intelligence insights to enhance detection, prevention, and response embedded within the threat lifecycle.
• Maintain up-to-date geopolitical knowledge influencing the cyber threat landscape.

Threat Assessment and Reporting

• Develop and deliver weekly threat briefs, annual landscape overviews, and ad-hoc risk signals for both technical and non-technical audiences.
• Produce detailed reports based on industry-specific campaigns or identified vulnerability patterns.
• Communicate emerging threats to relevant technical stakeholders, influencing rapid mitigation strategy formulation.

Intelligence Integration and Technology Alignment

• Integrate threat intelligence feeds (TIPs) into platforms like SIEM or SOAR, prioritising automation workflows where required.
• Refine search prevention frameworks using custom threat correlation rules.
• Collaborate directly with SOC teams to enhance real-time detection and response capabilities.

Monitoring Threat Campaigns and Emerging Techniques

• Track and assess malware campaigns, underground forums, and marketplaces to identify emerging attack vectors.
• Analyse threat data to produce predictive insights about probable trends and future adversarial strategies.
• Provide targeted support to incident response teams with contextualised intelligence.

Stakeholder Collaboration and Communication

• Brief clients and internal teams about current threat landscapes and risks relevant to their operations.
• Contribute to cross-functional threat modelling, risk assessment workshops, and proactive planning.
• Represent NTT DATA at external security forums and intelligence-sharing communities.

Success Metrics (6–12 Months)

• Deliver minimum 15 intelligence reports/month, meeting a quality accuracy benchmark above 95%.
• Reduce detection and response times by 25% via improved monitoring techniques.
• Establish three new high-quality threat detection models with technical playbooks per quarter.