Analyst, Cyber Threat Intelligence

Analyst, Cyber Threat Intelligence – Cape Town, Western Cape, South Africa

S-RM is a global intelligence and cyber security consultancy. Since ****, we help demanding clients solve tough information security challenges.

We invest in people’s wellbeing, learning, and ideas. We value curiosity, critical thinking, and success. Our Cyber Security division is fastest-growing, with Incident Response and Managed Services in high demand. We empower ideas, encourage collaboration, and build a diverse team of analysts, specialists, developers, investigators, and risk managers.

Cyber Threat Intelligence (CTI) is integral to our Incident Response and Managed Services practices. As a CTI analyst, you will partner across the full intelligence cycle to help clients respond, recover, and stay ahead of evolving threats.

• Track developments in ransomware and cybercrime ecosystems; write and update threat actor profiles shared with clients and published externally.
• Monitor leak sites and negotiation portals; inform case leads of developments; research sanctions exposure for threat actors.
• Conduct dark web research and manage monitoring engagements; assist with renewals.
• Collate technical indicators of compromise (IOCs) from global IR team; enrich, classify, and disseminate across organization.
• Ensure accurate incident data collection; manage dataset; produce trend reports for presentations and training.
• Assist in in-depth investigations with strong threat intelligence component; draft client‑facing reports.
• Trace ransom payments with specialist tools; identify sanctions exposure; draft findings for clients.
• Contribute to public write‑ups and presentations on vulnerabilities, trends, and threat actor techniques.
• Grow and share domain expertise through internal initiatives and programs.
• Support business development by cultivating relationships with external partners; identify opportunities.

• Variety of casework: respond to a wide range of incidents for public and corporate clients.
• Range of opportunities: broaden security awareness into testing and advisory projects while deepening CTI and IR expertise.
• Flexible working practices: high‑pressure incident work balanced with wellbeing support.

• Excellent written and verbal communication skills; clear concise reports.
• Strong analytical and problem‑solving skills; work with incomplete or ambiguous information.
• Understanding of foundational cyber concepts; common attack vectors and threat actor motivations.
• Understanding of core intelligence concepts; lifecycle, requirements gathering, tactical/operational/strategic outputs.
• Demonstrated interest in cyber threats; financially‑motivated activity such as ransomware and extortion.
• Academic or professional background in research‑focused discipline.
• Familiarity with cybersecurity fundamentals; threat actor TTPs, IOCs, frameworks (MITRE ATT&CK).
• Ability to contextualize findings into business‑relevant assessments.
• Experience with OSINT and threat intelligence platforms (Virus Total, Shodan, MISP, Recorded Future).

• Investigative mindset and enthusiasm for investigations.
• Exceptional attention to detail when examining indicators and adversary behaviors.
• Collaborative mindset; willingness to work across teams.
• Ability to thrive under pressure; prioritize multiple tasks; meet short deadlines.
• Self‑starter; initiative; ownership of work; identify opportunities to enhance S‑RM cyber capabilities.

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside of work. Key benefits include:

• Holiday – 23 days per year increasing to 28 days (day for every year you worked at S‑RM, up to 5 days).
• Gap Cover policy – bridge gap between medical bills and medical aid cover.
• Hybrid working and flexible working hours.
• Private pension – up to 7% contribution matched by the company.
• Life Insurance 4 X annual salary.
• Parental Support:
  • Fertility treatment leave – 5 days per cycle of treatment per year.
  • Maternity leave – 26 weeks full pay followed by 13 weeks half pay.
  • Paternity leave – 6 weeks full pay.
• Various Health and Medical Benefits including Discovery Health medical aid for employee, partner, and children; EAP programme; Headspace mindfulness app.

• Initial screening by recruiting team.
• Interview to assess technical skills.
• Interview to discuss experience, broader competencies, and suitability for the role.

Entry level

Full‑time

Other, Information Technology, and Management

Security and Investigations

Referrals increase your chances of interviewing at S‑RM by 2x #J-*****-Ljbffr