Threat Intelligence Analyst - initial 3-6 month contract
Portsmouth or London (2 days a week onsite)
£500 - £600 a day (inside IR35)
We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands-on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third-party intelligence provider.
This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight.
Key Responsibilities
Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns
Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks
Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI)
Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams
Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts
Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives
Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value
Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooksRequired Skills & Experience
5+ years' experience in Threat Intelligence, SOC or Incident Response
Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis
Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar
Strong experience with Microsoft security tooling, ideally Sentinel and Defender
Proficiency in KQL and working knowledge of Python for automation and enrichment
Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.)
Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats
Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teamsDesirable Certifications
GIAC Cyber Threat Intelligence (GCTI)
CREST Threat Intelligence Analyst
GCIH, SC-200, AWS Security SpecialtyWe're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap