Analyst, Cyber Threat Intelligence in London

S-RM is a global intelligence and cyber security consultancy. Since 2005, we have helped some of the most demanding clients in the world solve some of their toughest information security challenges. We are committed to developing sharp, curious, driven individuals who think critically, solve complex problems, and achieve success. Work is about the lives and careers it helps build. We invest in our people's wellbeing, learning, and ideas every day.

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Incident Response and Managed Services practices are in more demand than ever. We build a team to meet this challenge, quick to respond, innovate, and improve. We empower ideas and offer support across the team with no bureaucracy.

Cyber Threat Intelligence (CTI) is an integral part of our Incident Response (IR) and Managed Services practices. As a CTI analyst you will be a critical part of our wider cyber team's success. You will work across the full intelligence cycle to help our clients respond and recover from security incidents, and stay ahead of evolving threats, including:

• Threat Actor Intelligence: Track developments in the ransomware and cybercrime ecosystem, write and update profiles on key threat actors shared with clients and externally as thought leadership.
• Threat Actor Engagement: Monitor leak sites and negotiation portals across our global IR cases, inform case leads of regular developments, and research attestations on sanctions exposure for threat actors.
• Dark Web Monitoring: Use threat intelligence platforms to conduct targeted research on the dark web, set up and deliver regular monitoring engagements, and assist with renewals.
• Technical IOC Management: Collate technical indicators of compromise from across our global IR team, enrich and classify them, and disseminate to improve operational effectiveness.
• Incident Data Collection and Analysis: Ensure accuracy and consistency of incident data from IR engagements, manage the dataset, and analyze to produce reporting on trends and insights for presentations, events, and training.
• CTI-led Analysis: Conduct in-depth investigations with strong threat intelligence component, and draft client-facing reports.
• Blockchain Analysis: Trace ransom payments to identify sanctions exposure or compliance risks, and draft findings for clients.
• Thought Leadership: Contribute to public write-ups and presentations on new vulnerabilities, trends, and threat actor techniques.
• Domain Expertise Development: Grow cyber expertise and share it with the wider team through internal initiatives and programs.
• Business Development Support: Cultivate and manage close relationships with external partners, share intelligence, and identify business development opportunities.

Other features of the role include a variety of casework, a range of opportunities, and flexible working practices to support high-pressure incident work while maintaining work/life balance.

We are looking for candidates with the following qualifications and experience:

• Excellent written and verbal communication skills to produce clear, concise reports.
• Strong analytical and problem-solving skills, working with incomplete, ambiguous, or conflicting information.
• Understanding of foundational cyber concepts such as common attack vectors, security terminology, and threat actor motivations.
• Understanding of core intelligence concepts, lifecycle, requirements gathering, and tactical/operational/strategic outputs.
• A demonstrated interest in cyber threats, particularly financially motivated activity such as ransomware and extortion.

Preferred skills include an academic or professional background in research-focused disciplines (Political Science, Intelligence Studies, Criminology, Cybersecurity, Computer Science, Data Science), familiarity with cybersecurity fundamentals, threat actor TTPs, IOCs, and frameworks such as MITRE ATT&CK, ability to contextualize findings into business-relevant assessments, and experience with OSINT and/or Threat Intelligence platforms (VirusTotal, Shodan, MISP, Recorded Future).

Personal attributes should include an investigative mindset and enthusiasm for investigations, exceptional attention to detail when examining indicators and adversary behaviours, a collaborative mindset and willingness to work across teams, the ability to thrive under pressure, prioritise multiple tasks, and meet deadlines, and being a self-starter who demonstrates initiative and ownership.

Relevant industry certifications are not required, but certifications such as GCTI, GCFA, SSCP, or Security+ are beneficial.

Benefits include 23 days holiday per year, plus public holidays (+1 day for every year of service up to a maximum of 30 days), hybrid working and flexible working hours, matching pension contribution up to 7% (up to a maximum of 14% combined) and financial education, life insurance 4× annual salary, fertility treatment leave – 5 days per cycle per year, maternity leave – 26 weeks full pay, 13 weeks half pay, paternity leave – 6 weeks full pay, medical insurance (taxable benefit) for you and family, virtual GP for you and your family members that live in the same household, EAP programme for you and immediate family, and free access to the world-famous mindfulness app.

Application process: We want to get to know you and see if we're a good fit. Our process is responsive and respects your time. It includes initial screening of your application by our recruiting team, an interview to assess baseline technical skills, and an interview to discuss your previous experience, broader competencies, and suitability for the role.