Threat Intelligence Specialist

Time Type: Full time | Worker Type: Employee

Location: London

Employment Type: Permanent (Hybrid)

At QBE, our purpose is enable a more resilient future. We are an international insurer and reinsurer with a local presence in 27 countries.

We’re excited to be hiring a Threat Intelligence Specialist to join our Advanced Threat Services (ATS) Team on a full-time, permanent basis. You’ll be part of a supportive team that thrives on teamwork and innovation, where your expertise will be valued as we work together to tackle the ever‑evolving cyber threat landscape.

We’re looking to welcome our new team member from early January 2026, so if you’re ready to make an impact in the new year, we’d love to hear from you.

Reporting to the Technical Threat Manager, you’ll be responsible for researching, analysing, and reporting on cyber threats targeting QBE’s global operations and technology environment. The role has a strong technical focus, centred on the collection, enrichment, automation, and analysis of adversary tactics, techniques, and procedures (TTPs) across the Unified Kill Chain and MITRE ATT&CK frameworks.

You’ll also support strategic intelligence functions, acting as a backup point of contact when needed to ensure continuity of intelligence delivery across our global CTI capability.

• Conduct advanced technical analysis of cyber threats using proactive and reactive intelligence methods.
• Collect, enrich, and disseminate threat intelligence from internal telemetry, commercial sources, and OSINT.
• Design and maintain automated intelligence workflows and integrations using APIs and scripting.
• Track and analyse adversary infrastructure, malware, and campaigns relevant to QBE’s environment.
• Continuously assess the evolving threat landscape to determine exposure, likelihood, and business impact.
• Produce actionable intelligence outputs including indicator packages, threat actor profiles, and campaign assessments.
• Translate complex technical findings into concise, risk‑based intelligence for decision‑making.
• Collaborate with SOC, Detection Engineering, and Incident Response teams on purple‑team exercises and threat‑hunting.
• Maintain trusted relationships with industry and intelligence communities.
• Provide SME‑level advice and challenge stakeholders using evidence‑based reasoning.
• Support the Strategic CTI Analyst with technical insights and act as backup PoC when needed.
• Drive continuous improvement and automation across the CTI lifecycle.
• Apply creative thinking to troubleshoot and enhance detection and intelligence workflows.
• Demonstrate curiosity and self‑drive in researching emerging techniques and technologies.
• Actively contribute to CTI capability uplift through knowledge sharing and process improvement.
• Use JIRA, Confluence, and other platforms to manage workflows and document intelligence findings.

We’re looking for someone with a strong technical background in threat intelligence, incident response, or threat hunting, ideally within enterprise or global environments. You’ll be confident in analysing complex threats and communicating your findings clearly to both technical and non‑technical audiences.

You’ll ideally bring practical experience with threat intelligence platforms or automation tools, an understanding of cloud security architectures, and exposure to red, blue, or purple‑team exercises. Experience developing intelligence‑led detection content and operational playbooks would be a bonus.

• Advanced understanding of attacker tools, techniques, and procedures.
• Knowledge of security frameworks: OWASP, NIST, MITRE ATT&CK, Unified Kill Chain.
• Proficient in risk analysis and information systems best practices.
• Expertise in intelligence gathering and analysis tools, including OSINT.
• Strong knowledge of malware analysis, IOC identification, and adversary behaviour.
• Experience with API integrations, automation, and scripting.
• Familiarity with enterprise security technologies (EDR, IDS/IPS, firewalls, proxies, packet analysis).
• Experience using JIRA, Confluence, or similar tools.
• Excellent communication and stakeholder management skills.
• Strong analytical mindset and proactive problem‑solving ability.
• Experience working across globally distributed teams and time zones.

Tertiary degree in Cyber Security, Computer Science, or related discipline, or equivalent experience. Preferred certifications include SANS (GCTI, GCIH, GCIA, GPEN, GREM), (ISC)² (CISSP, CCSP), CREST, OSCP, or equivalent.

Work Pattern: This is a global role that may require occasional early‑morning or late‑night meetings to align with international teams.

30 days holiday a year with the option to buy up to 2 additional days.

Flexible working – balancing work and life is important; our flexible working opportunities are open to all, including part‑time, job share and compressed hours.

Pension – you are automatically enrolled into the QBE pension plan, which entitles you to receive employer contributions of 10% of your basic salary.

Private medical insurance – we fund fully comprehensive private medical cover for you and your family.

Family friendly policies – we offer 26 weeks leave at full pay regardless of gender identity, sexual orientation or how you become a parent.

Short‑term remote work abroad – you can request up to 20 days per year to work remotely from certain locations abroad.

Sustainable investing – we believe sustainable integration is important for long‑term financial, environmental, and social outcomes. Our pension strategy supports our net‑zero goal to achieve year‑on‑year reductions in carbon footprint.

Cycle‑to‑Work – benefit from regular exercise whilst making your commute greener and cheaper; accessories up to the value of £5,000.

If you are passionate about contributing to QBE’s vision of enabling a more resilient future, we encourage you to apply. Click the “apply” button to submit your CV and other relevant documents, and a member of our friendly Talent Acquisition team will be in contact to discuss your interest further if you meet the requirements of the role.

To submit your application, click “Apply” and follow the step‑by‑step process.

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.