Minimum qualifications:
* Bachelor's degree or equivalent practical experience.
* 5 years of experience in a cyber security role (e.g., CTI Analyst, Computer Forensics, Incident Response, Security Engineer) within regulated environments.
* Experience integrating CTI with security solutions (e.g., IDS, EDR, SIEM, SOAR) to inform vulnerability management and network defense strategies.
* Experience authoring and tailoring CTI reports (operational, and tactical) for audiences, from technical teams to executive leadership.
* Experience with CTI analysis, including leveraging frameworks (e.g., MITRE ATT&CK) and managing TIPs to drive detection.
* Active UK Security Check (SC) security clearance and eligibility to obtain UK Developed Vetting (DV) security clearance.
Preferred qualifications:
* Master's degree in a related field or advanced certifications.
* Experience in SOC workflow optimisation, detection engineering, or automating intelligence processes to reduce mean-time-to-detect.
* Experience analyzing data from security controls (e.g., firewalls, packet captures, malware triage) and standard network logging formats.
* Experience leading or supporting cyber investigations, bridging the gap between intelligence and remediation.
* Experience of cross-sector information sharing and adherence to strict information managing protocols (e.g., traffic light protocol (TLP).
About the job:
In this role you will support Mandiant's Advanced Intelligence Access (AIA) program. The AIA program enables customers, via an onsite Cyber Analyst, access to the totality of Mandiant's Threat Intelligence, including raw data. You will ensure the delivery of intelligence to each customer's security or operational environments in order to drive decision making and action. You will also acts as a conduit to Mandiant's extensive network of cyber security, threat intelligence, and information operations professionals. You will be delivering key support to a UK government client. You will serve as a cyber threat intelligence (CTI) technical specialist, empowering the customer's mission; primarily through its operations and CTI team. You will be backed by Mandiant's network of UK and global experts, supporting you with training, specialisms, access to industry-leading tooling and proprietary data to fuel the analysis. You will blend this reach with your technical tradecraft to help secure UK Public Sector, and deliver impact for wider HMG audiences. This position requires onsite client-facing work 3-4 days per week at central London customer location to support their CTI requirements and integrate to enable their public-sector focused cyber defence mission.
Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.
Responsibilities:
* Track priority cyber threats, acting as an CTI center of experience, using frameworks like MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT and CK) and Kill Chain. Leverage Mandiant tools and data to answer customer request for information (RFI's).
* Support integration of CTI into customer's mission. Build processes for its application within varied cyber defence technology stacks, including SIEM and Threat Intelligence Platforms (TIP) systems (KQL, SPL, Sigma, Yara etc.).
* Perform tactical, and operational research and analysis of adversarial cyber threats, and author intelligence for HMG audiences.
* Present tactical and intelligence about threat groups, the methodologies and the motivations behind activity and convey the findings to audiences.
* Work with customers to plan their intelligence needs and requirements and prepare and deliver briefings and reports to the customers' executives, security team, and fellow analysts.