Job Purpose
This role is required to provide dedicated capability to identify, analyze, and contextualize cyber threats across complex IT and OT environments. The role transforms security data and threat patterns into actionable intelligence, enabling the SOC and IT teams to detect, prioritize, and respond to emerging threats more effectively. By working closely with the SOC-MSP, this role strengthens threat awareness, reduces response time, and improves protection of critical operational systems.
Key Accountabilities
- Accountable for collecting, analysing, and validating threat intelligence from internal monitoring systems, SOC-MSP feeds, industry sources, and intelligence-sharing communities relevant to IT and OT environments, while tracking threat actors, analysing malware and exploits, and monitoring vulnerabilities to assess operational risk.
- Identifies emerging threat patterns, tactics, techniques, and procedures (TTPs) by correlating alerts, logs, incidents, and external intelligence across IT and OT systems.
- Produces timely, actionable threat intelligence reports, advisories, and alerts to support SOC operations, IT teams, and operational stakeholders in prioritising and responding to threats.
- Coordinates with the SOC-MSP to validate intelligence, enhance detection use cases, refine SIEM rules, and ensure threat intelligence is operationalised effectively, while producing tactical, operational, and strategic intelligence reports.
- Assesses threat relevance and potential impact by applying contextual knowledge of IT and OT architectures, critical assets, and operational dependencies, working with OT engineers and plant/site teams to translate cyber threats into operational impact, and participating in tabletop exercises and incident simulations.
- Provides intelligence support during security incidents by analysing adversary behaviour, determining scope and intent, and recommending containment and mitigation actions.
- Enables and supports proactive threat hunting activities by developing hypotheses, indicators, and use cases based on current and emerging threat intelligence.
- Communicates threat trends, risks, and intelligence insights to technical teams and management through clear reporting and briefings, while maintaining dashboards, threat profiles, and intelligence repositories.
- Continuously assesses intelligence gaps, improves collection sources, and refines analytical methodologies to enhance the organisation's threat intelligence maturity.
Qualifications, Skills & Knowledge
- Bachelor's Degree in Cybersecurity, Information Technology, or equivalent.
- Certifications such as CompTIA CySA+, CompTIA Security+, CEH, GSEC, or Microsoft/AWS security certifications are preferred, or similar certifications are highly desirable.
- Familiarity with standards and frameworks such as NIST, ISO27001, IEC 62443.
- Minimum 5 years of working experience.
- SIEM (e.g., Microsoft Sentinel, Splunk, QRadar), WAF, endpoint protection, vulnerability scanners (e.g., Nessus, Qualys), DLP, antivirus/malware protection.
