Threat Intelligence Analyst

Threat Intelligence Analyst - initial 3-6 month contract

Portsmouth or London (2 days a week onsite)

£500 - £600 a day (inside IR35)

We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands‑on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third‑party intelligence provider.

This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight.

• Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK‑relevant campaigns
• Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector‑specific threat frameworks
• Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI)
• Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams
• Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts
• Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board‑level risk narratives
• Manage and oversee a third‑party cyber threat intelligence provider, ensuring quality, relevance and value
• Engage with UK threat‑sharing communities and maintain internal threat intelligence documentation and playbooks

• 5+ years' experience in Threat Intelligence, SOC or Incident Response
• Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis
• Hands‑on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar
• Strong experience with Microsoft security tooling, ideally Sentinel and Defender
• Proficiency in KQL and working knowledge of Python for automation and enrichment
• Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.)
• Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats
• Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams

• GIAC Cyber Threat Intelligence (GCTI)
• CREST Threat Intelligence Analyst
• GCIH, SC-200, AWS Security Specialty

We're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap.