Threat Intelligence Manager in Leeds

Purpose: You will lead the development and delivery of threat intelligence capabilities that directly support advanced offensive security services, including Red Team and Adversary Emulation engagements. Your mission is to identify, analyse, and translate real-world threat actor behaviour into actionable intelligence that enables realistic, threat-led security testing and strengthens our clients’ resilience. You will ensure operational excellence and team readiness for all client engagements, working closely with internal teams (Offensive Security, CRS, and Sales) to deliver integrated cybersecurity solutions. This includes defining relevant threat scenarios, identifying priority targets, and mapping adversary Tactics, Techniques, and Procedures (TTPs) to support structured, intelligence-driven engagements.

As a senior cybersecurity specialist, you will combine analytical depth with strategic thinking, ensuring that intelligence outputs are not only accurate but also operationally relevant. You will act as the bridge between intelligence and execution, enabling Red Team activities to reflect real-world threats, supporting new services and delivering meaningful insights into defensive effectiveness.

To succeed in this role:

• You will lead and mentor the Threat Intelligence team, defining priorities, methodologies, and outputs aligned with offensive security and resilience testing objectives.
• You will ensure intelligence outputs are relevant, timely, and aligned with client industries, threat profiles, and regulatory expectations (e.g. financial services, TIBER/CBEST contexts).
• You will build strong collaboration with Red Team operators, enabling the design of realistic attack scenarios based on real-world threat actors and campaigns.
• You will build trust with clients through accurate, insightful, and well-communicated findings.
• You will proactively research emerging threats, vulnerabilities, and exploitation techniques to keep our services relevant and effective.
• You will manage challenges with confidence, prioritising effectively and ensuring alignment across multiple engagements.
• You will provide clear, structured intelligence outputs that can be consumed by both technical teams and senior stakeholders.
• You will embody the team spirit that defines us: everyone has a voice, and everyone can help shape the future of the company.

In this role, you will:

• Lead the collection, analysis, and production of threat intelligence across multiple sources, including OSINT, commercial feeds, and internal research.
• Identify and analyse relevant threat actors, campaigns, and TTPs, with a focus on those targeting client industries (e.g. financial services, government, critical infrastructure).
• Translate threat intelligence into actionable outputs, including threat profiles, adversary emulation scenarios, and attack pathways.
• Map threat actor behaviours to frameworks such as MITRE ATT&CK to support structured Red Team planning and execution.
• Work closely with Red Team operators to define engagement scenarios, objectives, and attack narratives aligned with real-world threats.
• Support the design and delivery of threat-led testing engagements (e.g. CBEST, TIBER), ensuring intelligence inputs meet regulatory expectations.
• Produce high-quality intelligence reports, briefings, and supporting materials for both internal teams and clients.
• Maintain and continuously improve intelligence workflows, tooling, and knowledge bases.
• Collaborate with CRS, Offensive Security, and Sales teams to support integrated service delivery and client engagement.
• Contribute to the development of internal methodologies and frameworks for intelligence-led security testing.

You are expected to bring:

• Proven experience (5+ years) leading and mentoring a Threat Intelligence team or a highly relevant security function (e.g., Adversary Emulation, Incident Response). This must include establishing and managing the complete Threat Intelligence Life Cycle, from defining and executing against Priority Intelligence Requirements (PIRs) to generating finished intelligence products.
• Direct experience supporting threat-led testing frameworks (e.g., CBEST, TIBER) in regulated sectors (finance, government, healthcare).
• Deep technical understanding of adversary Tactics, Techniques, and Procedures (TTPs) across the modern attack lifecycle (initial access, lateral movement, persistence, and exploitation).
• Proven ability to perform deep-dive analysis on complex threats, including malware family tracking and campaign attribution and hands-on experience focusing intelligence gathering and analysis on complex environments such as Kubernetes, Docker, or serverless functions.
• Hands-on experience evaluating, implementing, and managing dedicated Threat Intelligence Platforms (TIPs) and integrating various commercial and open source OSINT, and internal intelligence feeds.
• Expertise in security operations, threat detection methodologies, and managing defensive platforms (SIEM, EDR, SOAR).
• Exposure to or direct experience with reverse engineering malware and defensive tool bypasses to inform intelligence gathering and improve detection methods.
• Advanced understanding of security frameworks (e.g., MITRE ATT&CK).
• Proficiency in at least one scripting (e.g., Python) and one programming language (e.g., C#, Java) for custom tooling, automation, and large-scale data manipulation.
• Exceptional communication and report writing skills, with the proven ability to influence C-level stakeholders and translate technical findings into clear business risk.
• Active interest in the offensive security and/or threat intelligence community.
• Advanced level of English.

Advantageous Competencies:

• Formal validation through relevant industry certifications, specifically CREST CCTIM (CREST Certified Threat Intelligence Manager, SANS GIAC Cyber Threat Intelligence (GCTI)).
• Background in offensive security, penetration testing, or Red Teaming.
• Experience in MSSP and SOC, or incident response.
• Exposure to or practical experience leveraging AI/ML techniques for advanced threat detection, intelligence automation, or understanding adversarial AI use cases (e.g., prompt injection or evasion).

Please note we only accept docs in PDF format.