Threat Intelligence Analyst in City of London

Why it’s worth it: The ReliaQuest Threat Intelligence team provides timely, comprehensive intelligence that empowers high-fidelity detections, identifies known and emerging threats, and equips our customers with the knowledge to act decisively. Via our industry-leading security operations platform, GreyMatter, we produce operational, strategic, and tactical intelligence that delivers actionable insights into threat actor tactics, techniques, and procedures. Beyond this, we act as a thought leader in cybersecurity by offering original insights that highlight our expertise in detecting, containing, investigating, and responding to adversaries. If you thrive in a high-performance environment, this role will challenge you to push your boundaries, innovate continually, and operate at pace.

The everyday hustle:

• Identify and evaluate trends, dynamics, and developments in the cyber threat landscape by conducting primary-source research and analyzing telemetry.
• Maintain the GreyMatter platform’s threat intelligence library by writing timely, accurate, and relevant customer-facing deliverables covering threat actors, vulnerabilities, campaigns, and malware.
• Supply intelligence to internal teams to enrich our threat detection, containment, investigation, and response capabilities.
• Conduct investigations to support fast-turnaround and long-form customer requests for information, including in incident response scenarios.
• Publish emergency customer advisories to alert on impactful developments requiring immediate action.
• Carry out research and operations on the clear, deep, and dark web, including active threat actor elicitations.
• Propose and author extended original research projects to strengthen ReliaQuest as a trusted voice and leader within the threat intelligence community.
• Act as a trusted technical advisor to customers in ad hoc meetings and regular business reviews, understanding their unique environment and challenges to optimize their cyber resiliency.

Do you have what it takes?

• 3-4 years’ experience of working in cybersecurity and/or cyber threat intelligence
• A relevant bachelor’s degree (e.g., languages, computer science, cybersecurity, international relations, political science), equivalent education, or appropriate professional experience
• Knowledge of cyber adversary tactics, techniques, and procedures (TTPs)
• Proficiency in conducting technical and tactical investigations into atomic IOCs, threat actor methodologies, malware, and vulnerabilities
• Familiarity with the intelligence cycle, structured analytical techniques, and appropriate analytical frameworks (including Cyber Kill Chain, Diamond Model, MITRE ATT&CK)
• Ability to deliver at pace, find solutions, and adapt in a constantly evolving organization
• Strong analytical skills, a demonstrated writing ability, and excellent verbal communication
• Experience working in online intelligence investigations and analysis, including strong OSINT skills

What makes you uncommon?

• Understanding of cybersecurity and IT disciplines including networking, operating systems, authentication protocols, security incident response, and enterprise technical security solutions (SIEM, IDS/IPS, firewall solutions, offensive security tools)
• Professional-level Russian with strong reading and writing skills in the Russian language. Basic knowledge of Linux/Unix operating systems
• Certifications such as Network+, Security+, CySA+
• Experience with scripting or programming, including malware reverse engineering
• Professional-level foreign language skills, preferably Russian, Farsi, or Chinese
• Data or statistical analysis skills
• Familiarity with open, deep, and dark web cybercriminal marketplaces and forums
• Experience of online HUMINT operations and/or social engineering techniques
• Capacity to read security logs and code to understand the content and context