🚨Cyber Security Analysts – Threat Intelligence
📍 UK (Remote, occasional travel. Scotland preferred)
We’re working with a privately backed cyber security product company focused on cyber deception and threat intelligence.
They deploy internet-facing deception infrastructure, observe real attacker behaviour at scale, and turn that activity into detection and intelligence used by organisations globally.
They are hiring two Cyber Security Analysts at different levels. This is not a SOC role. It suits people who enjoy threat hunting, analysis, and building detection capability, rather than responding to alerts.
🔍 What you’ll be doing
* Analyse real-world attack activity captured from deception environments
* Investigate attacker techniques and exploitation patterns
* Map activity to TTPs, CVEs, and CWEs
* Build and refine detections, alerts, and behavioural indicators
* Write scripts to support analysis and automation
* Contribute to a threat intelligence and detection capability used by customers
✅ What they’re looking for
* Experience in threat hunting, threat intelligence, or advanced SOC or detection roles
* Evidence of building or improving detection capability, not just operating alerts
* SIEM experience such as Splunk, Sentinel, Rapid7, or similar
* Scripting or coding experience for analysis or automation, Python ideal
* Strong understanding of attacker behaviour and modern attack techniques
Important: this is not a role focused on consuming threat intel tools or reacting to tickets.
🔧 Tech snapshot
* Scripting: Python preferred, plus Bash or PowerShell
* SIEM exposure: Splunk, Sentinel, Rapid7, or similar
* Cloud: Azure exposure helpful but not required
* Focus on analytics, automation, and detection engineering
📈 Seniority and growth
* Two hires, one more senior and one at a mid-level, roughly 3 to 4 years’ experience
* High ownership and influence from day one
* Share options available
🌍 Location
* Remote within the UK
* Scotland preferred, with regular Edinburgh meetups and occasional Glasgow
* Light travel, roughly once per month
🎯 Why this role?
* No legacy SOC or rigid process to inherit - you help build the capability
* Exposure to real attack data at scale
* High‑trust, low‑bureaucracy technical environment
* Direct impact on both product and customers