Cyber Threat Intelligence Analyst

We’re looking for a CTI Analyst to transform threat, technology, and business insights into real-world protection.

What you’ll do

In this role, you’ll collect, validate, and enrich threat intelligence; draft clear, actionable reports; and support detection, prevention, hardening, and incident readiness. You’ll collaborate with senior CTI analysts, SOC/IR, detection engineering, offensive testers, and security architects to operationalise intelligence and ensure that our clients are investing time and energy in mitigations that reduce threats to their business.

Your key responsibilities will include but are not limited to:

Collection and triage

• Maintain asset/client inventories and requirements to ensure CTI activities are aligned with client needs and prioritised business assets.
• Monitor open-source, commercial, and community feeds for relevant threats.
• Validate and enrich IOCs (hashes, IPs, domains, URLs) with context (first-seen, ASN, geo, confidence).
• Document findings and escalate complex samples/problems to senior analysts or engineers.

Reporting and communication

• Draft concise situation updates, reporting, advisories, and client-ready summaries at a tactical, operational, and strategic level.
• Maintain intel repositories: accurate tagging, TLP markings, confidence levels, and deduplication.

Translating priority threats and TTPs into actionable guidance, courses of action, and security outcomes (with other SMEs)

• Recommend MFA rollouts, geo/IP restrictions, and mail filtering adjustments and configuration baselines.
• Flag actively exploited CVEs, track remediation progress, and suggest compensating controls where patching lags.
• Propose threat hunts, initial detection opportunities, and draft low-noise rules.
• Assist red/purple teams with threat briefs, ATT&CK mappings, and test data.

What you’ll bring

We’re looking for someone with 3–5 years of experience in a security role such as Security Operations Center (SOC), Incident Response (IR), or Cyber Threat Intelligence (CTI) analyst.

On top of that, you should also meet (most of) the following criteria:

• Intermediate understanding of the threat landscape and the MITRE ATT&CK framework – and, of course, have the curiosity to deepen this expertise.
• Strong analytical foundation and attention to details throughout the intelligence lifecycle.
• Clear and structured communication skills, with the ability to produce client-ready advisory and suggested courses of action for a varied set of stakeholders.
• Proficiency with SIEM/EDR platforms and basic query languages such as KQL, Sigma, Splunk SPL.
• Familiarity with cloud and on-prem infrastructure technologies and common hardening techniques.

We also welcome skills like basic Python scripting for parsing, enrichment, and automation; experience with malware triage using sandboxes and common tools; and familiarity with – or a genuine willingness to learn – how to write and test effective, low-noise detection rules. If you’re eager to grow in these areas, we’d love to hear from you.

What we offer

The Tech Collective is a fast-growing consulting company powered by Implement Consulting Group. We help organisations unlock the immense potential of data, AI, and analytics, ensuring that they are fit for the digital future.

Through co-creation and passionate advisory, we aim to make our clients’ data easy to handle and provide useful insights.

In our collective, you’ll find people with a combination of nerdiness and infectious energy. We’re passionate about technology, but we also have a sincere interest in people.

We’re conducting interviews on an ongoing basis and will close this opportunity once we find our new colleague, so please apply as soon as possible.

We look forward to hearing from you!