Job Description
Accountabilities
* Build and Operationalize the CTI Function
Design and implement a greenfield CTI capability that supports proactive threat detection, situational awareness, and decision-making across the SOC and wider security organization.
* Threat Intelligence Strategy and Framework
Define the strategic approach to intelligence collection, analysis, dissemination, and feedback loops in alignment with business risks and SOC priorities.
* MSSP Collaboration and Threat Feed Integration
Work closely with the selected MSSP to ensure timely ingestion, correlation, and operationalization of threat intelligence feeds, TTPs, and IOCs into detection and response workflows.
* Define Intelligence Requirements and Outputs
Establish intelligence requirements (PIRs), expected deliverables, and SLAs for threat reporting, threat actor profiling, and campaign tracking across the threat landscape.
* Support SOC and CIRT Operations
Provide contextualized intelligence to support incident triage, investigation, and response — enabling threat hunting, enrichment of alerts, and risk-informed prioritization.
* Stakeholder Communication and Education
Deliver concise, actionable intelligence reporting to technical and non-technical stakeholders, including operating companies, risk teams, and executive leadership.
* External Partnerships and Information Sharing
Build trusted relationships with external threat intel providers, industry ISACs, and government bodies to enrich internal threat insights and stay ahead of emerging threats.
* Future-State Planning and Business Case Development
Define the roadmap for expanding CTI capabilities, including tooling, staffing, and integration needs, and develop a business case to support the formation of a broader internal threat intelligence team.
This role will require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities.
Key Relationships/Interfaces
External:
* Third-party partners and key solution suppliers
Internal:
* Other areas of IAG Cybersecurity, particularly the cyber programme
* Group Security Team(s)
* Senior managers/customers from across the Group and relevant business areas
* Senior managers/customers/colleagues from operating companies
* IAG Tech colleagues
Qualifications
Education:
Bachelor's degree or higher in Computer Science, Information Security, Cybersecurity, Intelligence Studies, or a related field.
Certifications:
* Relevant certifications in cybersecurity and threat intelligence are highly desirable. Examples include:
* Certified Information Systems Security Professional (CISSP)
* Certified Threat Intelligence Analyst (CTIA)
* GIAC Cyber Threat Intelligence (GCTI)
* Certified Cyber Threat Hunting Professional (CCTHP)
* CompTIA Cybersecurity Analyst (CySA+)
* EC-Council Certified Threat Intelligence Analyst (C|TIA)
* Certified Incident Handler (GCIH)
Skills
* Strong understanding of cybersecurity principles, technologies, and attack vectors.
* Familiarity with common threat actor tactics, techniques, and procedures (TTPs).
* Proficiency in analyzing malware, phishing campaigns, and other malicious activities to extract actionable intelligence.
* Knowledge of network security protocols, endpoint security technologies, and security information and event management (SIEM) systems.
* Comprehensive understanding of the cyber threat landscape, particularly as it relates to the aviation sector.
* Demonstrated capability to convert threat knowledge into active threat hunting.
* Skilful in analysing and researching new, emerging, or trending attacks, actors, malware samples, and TTP’s.
* Must have excellent English reading, writing, and speaking skills with the ability to convey security insights: both in crafting and deciphering security metrics, and in presenting them clearly across all hierarchical levels, up to senior leadership.
Experience
* Several years of experience in cybersecurity, with a focus on threat intelligence analysis.
* Experience working in a threat intelligence team or security operations center (SOC) environment.
* Proficiency in collecting, analyzing, and disseminating threat intelligence to identify emerging threats and vulnerabilities.
* Hands-on experience with threat intelligence platforms, open-source intelligence (OSINT) tools, and dark web monitoring.