Threat Intelligence Analyst

Position description

The Cabinet Office is undergoing a significant Digital Transformation.  Over the next three years we aspire to make UK Government digital services the best in the world, meeting or exceeding the benchmark set globally by the best public or private sector standards. For us to meet this ambition we are aiming to further improve the conditions, processes and expertise we have in place to be set up for success. This means we need to go much further and faster and strengthen the delivery of DDaT in government. Did you know Cabinet Office Digital supports over 15,000 users across 40+ departments including Government Digital Service (GDS), Crown Commercial Services (CCS), Estates and Government Property Agency (GPA)?

The role

We are looking for a threat intelligence analyst who will help us to identify and understand the cyber threats facing the organisation, and will provide decision makers and technical teams with actionable information needed to help them to effectively secure their services. You’ll also work closely alongside the Cyber Security team, to provide insights on the real-world threat and input to threat modelling, security reviews, red teams, alert/vulnerability triage and investigation, and incident response. 

You will

• perform threat identification and collection activities through our CTI platform and open source intelligence gathering
• maintain knowledge and understanding of the cyber threats facing the Cabinet Office and the IT and digital services that it delivers
• coordinate the implementation, and manage the operation of, threat intelligence tools and platforms
• act as SME for threat intelligence through reporting and briefings at strategic, tactical and operational levels, providing actionable and timely insights on relevant cyber threats using robust analytical methodologies
• provide subject matter expertise on actual or anticipated threats to assist stakeholders in their proactive risk management, mitigation and control
• support threat detection and incident response activities with research and analysis
• build relationships and work with stakeholders from within Cyber Security and the wider organisation to define standing intelligence requirements
• build relationships and work with with other government departments and the National Technical Authorities to share intelligence enable the wider organisation to use threat intelligence for informed decision making

Essential Criteria

• in-depth knowledge of the current tactics, techniques and procedures (TTPs) used by threat actors and experience using frameworks such as MITRE ATT&CK
• experience proactively identifying, analysing, managing and resolving threats
• experience reporting to stakeholders using structured analytical methods
• excellent communication and presentation skills, with the ability to explain complex topics simply
• an interest in politics, international relations and/or international security, and an understanding of how trends or changes in this impact an organisation’s threat profile

It’s desirable, but not essential, that you have: 

• experience with Splunk
• experience with cloud environments such as AWS
• experience using a threat intelligence platform
• experience integrating and tuning IoC feeds into SIEM tools

Application instructions

Please be sure to indicate you saw this position on tendersglobal.net