Cyber Threat Intelligence Principal Specialist

The Cyber Threat Intelligence Principal Specialist will be responsible for tracking the tactics, techniques and procedures (TTPs) used by threat actors in their malicious campaigns and distribution of malware. The individual will provide intelligence analysisin the form of timely alerts, briefings and analytical assessments. Focusing on threats related to information technology environments, the Principal Specialist will produce actionable intelligence in a clear and concise manner. The individual will reporton top security threats by providing situational awareness, alerts, indicators of compromise, technical information and operational readiness briefings.
The Cyber Threat Intelligence Principal Specialist will contribute to, and work as part of, a multi-disciplined security community with clear vision and direction, as well as top down support across the business. They will help the wider community in fosteringa culture which is both security aware and a great place to come to work.
**The Role**
Provide support to Information Cyber Security from across the business by undertaking activities which include:

- Collect, analyse and interpret qualitative and quantitative, technical and non-technical data in all-source intelligence analysis.
- Conduct security research - identify and navigate relevant online sources, including cyber security websites, forums, social media and traditional sources to support research processes.
- Perform open source intelligence (OSINT) collection and analysis, identifying the most relevant and immediate cyber threats, malicious code, suspicious domains and security vulnerabilities.
- Conduct Threat Intelligence activities, including the use of advanced analytical techniques in supporting incident response at WTW.
- Provide timely, comprehensive and accurate deliverables to key stakeholders in both written and verbal communications.
- Produce assessments on cyber threats, attacks and external incidents of interest to WTW.
- Create written and verbal intelligence products for internal stakeholders to assist in proactively addressing cyber threats and mitigating risk.
- Work with third parties developing shared intelligence including government, law enforcement agencies and peer institutions operating in industry sectors relevant to WTW.
- Ensure timely response to any cyber incident to minimise risk exposure and production down time by collaborating closely with incident response colleagues.
- Add threat intelligence enrichment and support to the investigation of suspected security incidents, including operating with malware and indicators of compromise (IoCs).
- Analyse and correlate incident data to develop a preliminary root cause and corresponding remediation strategy.

**The Requirements**:

- Vast experience in cyber security.
- Must have strong verbal and written communication skills, interpersonal collaborative skills and the ability to communicate security and risk-related concepts to both highly technical and non-technical audiences.
- Experience in developing and maintaining Threat Intelligence, ability to review information to determine its significance, validate its accuracy and assess its reliability.
- Ability to compile data from both open and closed sources, drawing analytical conclusions to shape recommendations for key internal decision-makers.
- Knowledge of Cloud security and incident response activities in a Cloud environment.
- Excellent understanding of Lockheed Martin’s Cyber Kill Chain, the Diamond Model of Intrusion Analysis and the MITRE Att&ck framework. Ability to implement threat modelling in support of Threat Intelligence activities.
- Understanding of assets and data of value to threat actors and how organisations are compromised.
- Experience working in one or more of Threat Intelligence, Cyber Security Operations or Digital Forensics.
- Experienced in analysing malware, hacking tools and threat actor tactics, techniques and procedures (TTPs) to characterise threat actors’ technical methods for accomplishing their goals.
- Experience of tracking threat actors and building up a repository of threat knowledge.
- Knowledge of privilege escalation, persistence and lateral movement techniques deployed by threat actors.
- Experience of working and communicating within a global team environment.

**Equal Opportunity Employer