About the role

Location: Remote or Hybrid, London (1 day per week Canary Wharf)

‍Duration: Permanent, full-time role

The SecAlliance Consulting Team is one of the leading Cyber Threat Intelligence consulting teams in the world. We are a Bank of England CBEST provider, Cabinet Office GBEST provider, CREST-accredited provider and have delivered over 50 TIBERs and 200 other scheme-linked (CBEST, GBEST, STAR, STAR-FS, iCAST) or other TLPT derivatives. The team also contributes research for Governments and performs National Threat Assessments. This is a team dedicated to providing high-quality reporting at a high cadence. We are looking for a Cyber Threat Intelligence Consultant (or Senior Consultant) who matches our capability, drive, and commitment to quality.

A SecAlliance CTI Consultant, as part of the Consultancy team, can be responsible for the production of Cyber Threat Intelligence Assessments, Technical and open-source Reconnaissance and Toolset development. They will have a strong focus on generating, and contributing to, one-off reports and client presentations. This role is particularly focused on the technical and open-source reconnaissance of entities to support red teaming, as such, technical understanding of how to simulate threat actor reconnaissance is important. The role will also support the assessments team in generating accurate and detailed threat scenarios that are realistic and credible. Candidates for a Senior CTI Consultant role would be expected to demonstrate a strong level of performance in managing and running engagements, particularly in client communications.

Responsibilities

• Supporting Consultancy Cyber Threat Intelligence Engagements across various national and international frameworks (*BEST, TIBER, iCAST, etc)
• Following intelligence collection requirements and conducting technical and OSINT collection
• High quality standardised strategic and technical report writing, using widely used standardised reporting structures
• Working under operational time pressure, self-managing tasks, meeting deadlines in support of client requirements.
• Liaising with teams supporting the SecAlliance ThreatMatch platform to task them with specific collection efforts or support on bespoke RFIs.

A Senior Consultant would also have responsibilities for

• Leading Consultancy Cyber Threat Intelligence Engagements
• Setting intelligence collection requirements for supporting analysts, as well as performing research.
• Building and maintaining relationships with partners, regulators and clients to ensure a more complete picture of the thread landscape.

As a Senior Consultant, you are expected to set an example in both output and work ethic. Your support to the wider team will be critical in the development of the capability.

Candidate Experience

• An experienced Senior Cyber Threat Intelligence Analyst/Manager/Consultant with at least three/five (Consultant/Senior) years direct, operational experience. Work on various national and international frameworks for TI-led testing (*BEST, TIBER, iCAST etc) is strongly preferred.
• Direct and detailed understanding and experience with numerous types of information security incidents, attacks, and events
• Previous direct use of CTI methodologies such as investigative pivoting models, investigative frameworks, as well as MITRE ATT&CK, and the Extended Cyber Kill Chain. Detailed knowledge of using ATT&CK is required.
• Familiarity with major cognitive bias types, and the ability to identify those cognitive biases during research.
• Previous experience with competing hypothesis theory, and use of different tools to score those hypotheses.
• A demonstrated ability to analyse, evaluate, and contextualise sets of information, using analytical techniques and common industry tooling.
• Experience in open-source collection, use of online tools, experience querying internal databases of information in support of investigative efforts.
• Professional experience writing short- and long-form reporting to a specified, technical writing style.
• Senior: Experience with delivering assessments or other intelligence products to consumers/customers (presentations or Q&A sessions)
• A high level of professionalism, focus, and emotional maturity.
• Detailed understanding of the Threat Landscape, ideally with a financial services specialism
• Experience with MISP, VT, Maltego, PassiveTotal and DomainTools are nice-to-haves
• Knowledge and experience in using and setting up infrastructure to support secure and obfuscated technical reconnaissance
• A strong understanding of legal and ethical requirements in regards to technical reconnaissance and data privacy

Training and Qualifications

• Ideally completed the DIAC/DIAM/GIAC course or other advanced analytical techniques training.
• CREST (CCTIA - Consultant, CCTIM - Senior) or other Threat Intelligence accreditations (e.g. SANS, GIAC) are also highly desirable. Individuals without CREST certifications must show additional knowledge such as legal frameworks, ethical standards, intelligence process management
• CEH, CRT, OSCP or similar penetration testing certifications or training

Additional Skills

• Strong communicator with experience of taking complex technical findings and translating into clear business impact.
• Strong presentational skills
• Knowledge of scripting or coding languages such as SQL, Python, Java, C++, etc.